github
diff --git a/‎advisories/github-reviewed/2026/03/GHSA-86vc-mg26-fj6x/GHSA-86vc-mg26-fj6x.json‎
Lines changed: 137 additions & 0 deletions b/‎advisories/github-reviewed/2026/03/GHSA-86vc-mg26-fj6x/GHSA-86vc-mg26-fj6x.json‎
Lines changed: 137 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/03/GHSA-86vc-mg26-fj6x/GHSA-86vc-mg26-fj6x.json‎
Lines changed: 0 additions & 36 deletions b/‎advisories/unreviewed/2026/03/GHSA-86vc-mg26-fj6x/GHSA-86vc-mg26-fj6x.json‎
Lines changed: 0 additions & 36 deletions
@@ -0,0 +1,137 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-86vc-mg26-fj6x",
+  "modified": "2026-03-30T22:21:55Z",
+  "published": "2026-03-25T18:31:48Z",
+  "aliases": [
+    "CVE-2026-20719"
+  ],
+  "summary": "Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds ",
+  "details": "Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2.3, 10.11.x <= 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub. Mattermost Advisory ID: MMSA-2026-00595",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/mattermost/mattermost/server/v8"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "11.4.0-rc1"
+            },
+            {
+              "fixed": "11.4.1"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/mattermost/mattermost/server/v8"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "11.3.0-rc1"
+            },
+            {
+              "fixed": "11.3.2"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/mattermost/mattermost/server/v8"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "11.2.0-rc1"
+            },
+            {
+              "fixed": "11.2.4"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/mattermost/mattermost/server/v8"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "8.0.0-20260105080200-d27a2195068d"
+            },
+            {
+              "fixed": "8.0.0-20260217110922-b7d4a1f1f59b"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/mattermost/mattermost/server/v8"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "10.11.0-rc1"
+            },
+            {
+              "fixed": "10.11.2"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20719"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/mattermost/mattermost"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mattermost.com/security-updates"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-754"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-30T22:21:55Z",
+    "nvd_published_at": "2026-03-25T17:16:30Z"
+  }
+}