Publish Advisories

GHSA-2vwx-gvvp-498r
GHSA-4fj9-wcvv-79cv
GHSA-cpw4-qvjq-84qw
GHSA-3789-628f-hmx4
GHSA-3pqf-cfwc-jjm7
GHSA-ff5r-w44x-rq6x
GHSA-jw22-qx9q-gwxg
GHSA-22v2-wj2v-mmrw
GHSA-4h56-xmq8-7hc9
GHSA-5q4r-452w-ggwq
GHSA-7c8j-xhpq-ww8c
GHSA-9w3f-qqh3-w7fc
GHSA-gmrw-vh4q-4fvv
GHSA-gp3c-fxmq-6r3c
GHSA-h8pc-39xp-g64r
GHSA-mxjf-259r-3r76
GHSA-vfhj-j6fq-rcph
GHSA-x9cj-242h-gr3m
GHSA-xc4h-36v7-xrrw

Author: advisory-database[bot]

advisories/unreviewed/2025/06/GHSA-2vwx-gvvp-498r/GHSA-2vwx-gvvp-498r.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-125"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/06/GHSA-4fj9-wcvv-79cv/GHSA-4fj9-wcvv-79cv.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-787"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/06/GHSA-cpw4-qvjq-84qw/GHSA-cpw4-qvjq-84qw.json

@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-125"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/10/GHSA-3789-628f-hmx4/GHSA-3789-628f-hmx4.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3789-628f-hmx4",
-  "modified": "2025-10-04T18:31:15Z",
+  "modified": "2026-02-11T00:30:13Z",
   "published": "2025-10-04T18:31:15Z",
   "aliases": [
     "CVE-2023-53548"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb\n\nThe syzbot fuzzer identified a problem in the usbnet driver:\n\nusb 1-1: BOGUS urb xfer, pipe 3 != type 1\nWARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nModules linked in:\nCPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023\nWorkqueue: mld mld_ifc_work\nRIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504\nCode: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb <0f> 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7\nRSP: 0018:ffffc9000463f568 EFLAGS: 00010086\nRAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\nRDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001\nRBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003\nR13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500\nFS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0\nCall Trace:\n <TASK>\n usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453\n __netdev_start_xmit include/linux/netdevice.h:4918 [inline]\n netdev_start_xmit include/linux/netdevice.h:4932 [inline]\n xmit_one net/core/dev.c:3578 [inline]\n dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594\n...\n\nThis bug is caused by the fact that usbnet trusts the bulk endpoint\naddresses its probe routine receives in the driver_info structure, and\nit does not check to see that these endpoints actually exist and have\nthe expected type and directions.\n\nThe fix is simply to add such a check.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -49,7 +54,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-04T16:15:50Z"

advisories/unreviewed/2025/10/GHSA-3pqf-cfwc-jjm7/GHSA-3pqf-cfwc-jjm7.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3pqf-cfwc-jjm7",
-  "modified": "2025-10-04T18:31:14Z",
+  "modified": "2026-02-11T00:30:13Z",
   "published": "2025-10-04T18:31:14Z",
   "aliases": [
     "CVE-2023-53547"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix sdma v4 sw fini error\n\nFix sdma v4 sw fini error for sdma 4.2.2 to\nsolve the following general protection fault\n\n[  +0.108196] general protection fault, probably for non-canonical\naddress 0xd5e5a4ae79d24a32: 0000 [#1] PREEMPT SMP PTI\n[  +0.000018] RIP: 0010:free_fw_priv+0xd/0x70\n[  +0.000022] Call Trace:\n[  +0.000012]  <TASK>\n[  +0.000011]  release_firmware+0x55/0x80\n[  +0.000021]  amdgpu_ucode_release+0x11/0x20 [amdgpu]\n[  +0.000415]  amdgpu_sdma_destroy_inst_ctx+0x4f/0x90 [amdgpu]\n[  +0.000360]  sdma_v4_0_sw_fini+0xce/0x110 [amdgpu]",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -29,7 +34,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-04T16:15:49Z"

advisories/unreviewed/2025/10/GHSA-ff5r-w44x-rq6x/GHSA-ff5r-w44x-rq6x.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-ff5r-w44x-rq6x",
-  "modified": "2025-10-04T18:31:15Z",
+  "modified": "2026-02-11T00:30:14Z",
   "published": "2025-10-04T18:31:14Z",
   "aliases": [
     "CVE-2023-53549"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: Rework long task execution when adding/deleting entries\n\nWhen adding/deleting large number of elements in one step in ipset, it can\ntake a reasonable amount of time and can result in soft lockup errors. The\npatch 5f7b51bf09ba (\"netfilter: ipset: Limit the maximal range of\nconsecutive elements to add/delete\") tried to fix it by limiting the max\nelements to process at all. However it was not enough, it is still possible\nthat we get hung tasks. Lowering the limit is not reasonable, so the\napproach in this patch is as follows: rely on the method used at resizing\nsets and save the state when we reach a smaller internal batch limit,\nunlock/lock and proceed from the saved state. Thus we can avoid long\ncontinuous tasks and at the same time removed the limit to add/delete large\nnumber of elements in one step.\n\nThe nfnl mutex is held during the whole operation which prevents one to\nissue other ipset commands in parallel.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -36,8 +41,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-667"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-04T16:15:50Z"

advisories/unreviewed/2025/10/GHSA-jw22-qx9q-gwxg/GHSA-jw22-qx9q-gwxg.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jw22-qx9q-gwxg",
-  "modified": "2025-10-04T18:31:14Z",
+  "modified": "2026-02-11T00:30:13Z",
   "published": "2025-10-04T18:31:14Z",
   "aliases": [
     "CVE-2023-53545"
   ],
   "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: unmap and remove csa_va properly\n\nRoot PD BO should be reserved before unmap and remove\na bo_va from VM otherwise lockdep will complain.\n\nv2: check fpriv->csa_va is not NULL instead of amdgpu_mcbp (christian)\n\n[14616.936827] WARNING: CPU: 6 PID: 1711 at drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c:1762 amdgpu_vm_bo_del+0x399/0x3f0 [amdgpu]\n[14616.937096] Call Trace:\n[14616.937097]  <TASK>\n[14616.937102]  amdgpu_driver_postclose_kms+0x249/0x2f0 [amdgpu]\n[14616.937187]  drm_file_free+0x1d6/0x300 [drm]\n[14616.937207]  drm_close_helper.isra.0+0x62/0x70 [drm]\n[14616.937220]  drm_release+0x5e/0x100 [drm]\n[14616.937234]  __fput+0x9f/0x280\n[14616.937239]  ____fput+0xe/0x20\n[14616.937241]  task_work_run+0x61/0x90\n[14616.937246]  exit_to_user_mode_prepare+0x215/0x220\n[14616.937251]  syscall_exit_to_user_mode+0x2a/0x60\n[14616.937254]  do_syscall_64+0x48/0x90\n[14616.937257]  entry_SYSCALL_64_after_hwframe+0x63/0xcd",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -25,7 +30,7 @@
   ],
   "database_specific": {
     "cwe_ids": [],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-10-04T16:15:49Z"

advisories/unreviewed/2026/02/GHSA-22v2-wj2v-mmrw/GHSA-22v2-wj2v-mmrw.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-22v2-wj2v-mmrw",
+  "modified": "2026-02-11T00:30:19Z",
+  "published": "2026-02-11T00:30:19Z",
+  "aliases": [
+    "CVE-2026-25870"
+  ],
+  "details": "DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The implementation does not enforce allowlists, block internal or private IP address ranges, or apply request timeouts or response size limits. An attacker can abuse this behavior to induce the server to issue outbound requests to arbitrary hosts, including internal network resources, potentially enabling internal network scanning and denial of service through resource exhaustion.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25870"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/doramart/DoraCMS/issues/268"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.doracms.net"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/doracms-ueditor-remote-image-fetch-ssrf"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-10T23:16:16Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-4h56-xmq8-7hc9/GHSA-4h56-xmq8-7hc9.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4h56-xmq8-7hc9",
-  "modified": "2026-02-08T00:30:58Z",
+  "modified": "2026-02-11T00:30:14Z",
   "published": "2026-02-08T00:30:58Z",
   "aliases": [
     "CVE-2026-25562"
   ],
   "details": "WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing attachment metadata to unauthorized users.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"

advisories/unreviewed/2026/02/GHSA-5q4r-452w-ggwq/GHSA-5q4r-452w-ggwq.json

@@ -1,13 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5q4r-452w-ggwq",
-  "modified": "2026-02-08T00:30:58Z",
+  "modified": "2026-02-11T00:30:14Z",
   "published": "2026-02-08T00:30:58Z",
   "aliases": [
     "CVE-2026-25561"
   ],
   "details": "WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers (such as boardId, cardId, swimlaneId, and listId) are consistent and refer to a coherent card/board relationship, enabling attempts to upload attachments with mismatched object relationships.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"