Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 60d6f87a2caa · 2026-02-27T21:38:56.000Z
GHSA-9442-gm4v-r222 GHSA-c32p-wcqj-j677 GHSA-fcv2-xgw5-pqxf
diff --git a/advisories/github-reviewed/2024/06/GHSA-9442-gm4v-r222/GHSA-9442-gm4v-r222.json b/advisories/github-reviewed/2024/06/GHSA-9442-gm4v-r222/GHSA-9442-gm4v-r222.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9442-gm4v-r222",
-  "modified": "2025-02-24T15:30:22Z",
+  "modified": "2026-02-27T21:38:27Z",
   "published": "2024-06-20T15:31:19Z",
   "aliases": [
     "CVE-2024-6162"
@@ -122,7 +122,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-400"
+      "CWE-400",
+      "CWE-488"
     ],
     "severity": "HIGH",
     "github_reviewed": true,
diff --git a/advisories/github-reviewed/2026/01/GHSA-c32p-wcqj-j677/GHSA-c32p-wcqj-j677.json b/advisories/github-reviewed/2026/01/GHSA-c32p-wcqj-j677/GHSA-c32p-wcqj-j677.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c32p-wcqj-j677",
-  "modified": "2026-01-23T16:56:23Z",
+  "modified": "2026-02-27T21:37:55Z",
   "published": "2026-01-23T16:56:23Z",
   "aliases": [],
   "summary": "CometBFT has inconsistencies between how commit signatures are verified and how block time is derived",
@@ -78,6 +78,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/cometbft/cometbft/releases/tag/v0.38.21"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2026-4361"
     }
   ],
   "database_specific": {
diff --git a/advisories/github-reviewed/2026/01/GHSA-fcv2-xgw5-pqxf/GHSA-fcv2-xgw5-pqxf.json b/advisories/github-reviewed/2026/01/GHSA-fcv2-xgw5-pqxf/GHSA-fcv2-xgw5-pqxf.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fcv2-xgw5-pqxf",
-  "modified": "2026-01-23T15:49:39Z",
+  "modified": "2026-02-27T21:37:24Z",
   "published": "2026-01-22T20:28:56Z",
   "aliases": [
     "CVE-2026-24137"
@@ -58,6 +58,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/sigstore/sigstore/releases/tag/v1.10.4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2026-4358"
     }
   ],
   "database_specific": {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-c32p-wcqj-j677",`
`4`		`- "modified": "2026-01-23T16:56:23Z",`
	`4`	`+ "modified": "2026-02-27T21:37:55Z",`
`5`	`5`	`"published": "2026-01-23T16:56:23Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "CometBFT has inconsistencies between how commit signatures are verified and how block time is derived",`
`@@ -78,6 +78,10 @@`
`78`	`78`	`{`
`79`	`79`	`"type": "WEB",`
`80`	`80`	`"url": "https://github.com/cometbft/cometbft/releases/tag/v0.38.21"`
	`81`	`+ },`
	`82`	`+ {`
	`83`	`+ "type": "WEB",`
	`84`	`+ "url": "https://pkg.go.dev/vuln/GO-2026-4361"`
`81`	`85`	`}`
`82`	`86`	`],`
`83`	`87`	`"database_specific": {`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-fcv2-xgw5-pqxf",`
`4`		`- "modified": "2026-01-23T15:49:39Z",`
	`4`	`+ "modified": "2026-02-27T21:37:24Z",`
`5`	`5`	`"published": "2026-01-22T20:28:56Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-24137"`
`@@ -58,6 +58,10 @@`
`58`	`58`	`{`
`59`	`59`	`"type": "WEB",`
`60`	`60`	`"url": "https://github.com/sigstore/sigstore/releases/tag/v1.10.4"`
	`61`	`+ },`
	`62`	`+ {`
	`63`	`+ "type": "WEB",`
	`64`	`+ "url": "https://pkg.go.dev/vuln/GO-2026-4358"`
`61`	`65`	`}`
`62`	`66`	`],`
`63`	`67`	`"database_specific": {`