Publish Advisories

GHSA-x3cv-r3g3-fpg9
GHSA-24q9-g4p7-45qp
GHSA-4pc8-6qgf-fgv2
GHSA-5j27-2fpm-q949
GHSA-5p47-92qw-3767
GHSA-6625-m396-m7cp
GHSA-98hc-x583-4p47
GHSA-9q53-p4m8-gm9v
GHSA-f3fr-gvgx-x9gh
GHSA-fv83-x2xw-2j55
GHSA-fwx6-6883-xr45
GHSA-jgq2-vq69-gr6h
GHSA-p7jp-59qp-fjf3
GHSA-pxw3-r2m4-c5m3
GHSA-q6pr-mghj-3fjx
GHSA-qg37-cwrh-945r
GHSA-vh49-38wc-6wqp
GHSA-w67w-38wc-vr97
GHSA-wh3w-c78x-9663

Author: advisory-database[bot]

advisories/github-reviewed/2026/04/GHSA-x3cv-r3g3-fpg9/GHSA-x3cv-r3g3-fpg9.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-x3cv-r3g3-fpg9",
+  "modified": "2026-04-17T21:30:50Z",
+  "published": "2026-04-17T21:30:50Z",
+  "aliases": [
+    "CVE-2026-35402"
+  ],
+  "summary": "Neo4j Labs MCP Servers: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures",
+  "details": "### Summary\nThe `read_only` mode in `mcp-neo4j-cypher` versions prior to 0.6.0 can be bypassed using `CALL` procedures. \n### Details\n\n#### Impact\nThe enforcing of `read_only` mode in vulnerable versions could be bypassed by certain APOC procedures.\n\n#### Patches\nv0.6.0 release hardened the checks around the mode. The only way to guarantee the server actions is to limit the permissions of the db credentials available to the server.\n\n### Notes\nImpacts for server-side request forgery vulnerabilities may depend on both the configuration of the vulnerable system as well as the presence of other systems in the environment that could be accessed as part of exploitation.\n#### Recommended hardening\n\n- Limit the apoc procedures to what's required\n- [Manage data loading privileges](https://neo4j.com/docs/operations-manual/current/authentication-authorization/load-privileges/ )\n- Don't relax the default settings without compensating controls\n    - `apoc.import.file.enabled` is `false` by default\n    - `apoc.import.file.use_neo4j_config` is `true` by default to restrict file imports to the import folder\n\n### Credits\nWe want to publicly recognise the contribution of [Yotam Perkal](https://github.com/yotampe-pluto) from [Pluto Security](https://pluto.security/).",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "mcp-neo4j-cypher"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.6.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/neo4j-contrib/mcp-neo4j/security/advisories/GHSA-x3cv-r3g3-fpg9"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/neo4j-contrib/mcp-neo4j"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/neo4j-contrib/mcp-neo4j/releases/tag/mcp-neo4j-cypher-v0.6.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-284"
+    ],
+    "severity": "LOW",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-04-17T21:30:50Z",
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2026/04/GHSA-24q9-g4p7-45qp/GHSA-24q9-g4p7-45qp.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-24q9-g4p7-45qp",
-  "modified": "2026-04-09T18:31:26Z",
+  "modified": "2026-04-17T21:31:42Z",
   "published": "2026-04-09T18:31:26Z",
   "aliases": [
     "CVE-2025-15480"
   ],
   "details": "In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/04/GHSA-4pc8-6qgf-fgv2/GHSA-4pc8-6qgf-fgv2.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4pc8-6qgf-fgv2",
+  "modified": "2026-04-17T21:31:48Z",
+  "published": "2026-04-17T21:31:48Z",
+  "aliases": [
+    "CVE-2026-40527"
+  ],
+  "details": "radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute when radare2 analyzes the binary with aaa and subsequently runs afsvj, allowing arbitrary shell command execution through the unsanitized parameter interpolation in the pfq command string.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40527"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/radareorg/radare2/pull/25821"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/radareorg/radare2/commit/bc5a89033db3ecb5b1f7bf681fc6ba4dcfc14683"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/radare2-command-injection-via-dwarf-parameter-names"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-78"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T21:16:35Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-5j27-2fpm-q949/GHSA-5j27-2fpm-q949.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5j27-2fpm-q949",
+  "modified": "2026-04-17T21:31:47Z",
+  "published": "2026-04-17T21:31:47Z",
+  "aliases": [
+    "CVE-2026-35682"
+  ],
+  "details": "Anviz CX2 Lite is vulnerable to an authenticated command injection via a \nfilename parameter that enables arbitrary command execution (e.g., \nstarting telnetd), resulting in root‑level access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35682"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.anviz.com/contact-us.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T20:16:35Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-5p47-92qw-3767/GHSA-5p47-92qw-3767.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5p47-92qw-3767",
-  "modified": "2026-04-09T18:31:26Z",
+  "modified": "2026-04-17T21:31:42Z",
   "published": "2026-04-09T18:31:26Z",
   "aliases": [
     "CVE-2025-14551"
   ],
   "details": "In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/04/GHSA-6625-m396-m7cp/GHSA-6625-m396-m7cp.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6625-m396-m7cp",
+  "modified": "2026-04-17T21:31:46Z",
+  "published": "2026-04-17T21:31:46Z",
+  "aliases": [
+    "CVE-2026-32324"
+  ],
+  "details": "Anviz CX7 Firmware is \nvulnerable because the application embeds reusable certificate/key \nmaterial, enabling decryption of MQTT traffic and potential interaction \nwith device messaging channels at scale.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32324"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.anviz.com/contact-us.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-321"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T20:16:33Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-98hc-x583-4p47/GHSA-98hc-x583-4p47.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-98hc-x583-4p47",
+  "modified": "2026-04-17T21:31:47Z",
+  "published": "2026-04-17T21:31:47Z",
+  "aliases": [
+    "CVE-2026-35546"
+  ],
+  "details": "Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted \narchives to be accepted, enabling attackers to plant and execute code \nand obtain a reverse shell.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35546"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.anviz.com/contact-us.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-306"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T20:16:35Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-9q53-p4m8-gm9v/GHSA-9q53-p4m8-gm9v.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9q53-p4m8-gm9v",
+  "modified": "2026-04-17T21:31:47Z",
+  "published": "2026-04-17T21:31:47Z",
+  "aliases": [
+    "CVE-2026-35061"
+  ],
+  "details": "Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be \nretrieved without authentication, revealing sensitive operational \nimagery.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35061"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-106-03.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.anviz.com/contact-us.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-106-03"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-17T20:16:35Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-f3fr-gvgx-x9gh/GHSA-f3fr-gvgx-x9gh.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f3fr-gvgx-x9gh",
-  "modified": "2026-04-13T09:31:33Z",
+  "modified": "2026-04-17T21:31:43Z",
   "published": "2026-04-13T09:31:33Z",
   "aliases": [
     "CVE-2026-34865"
   ],
   "details": "Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/04/GHSA-fv83-x2xw-2j55/GHSA-fv83-x2xw-2j55.json

@@ -37,7 +37,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-295"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,