Publish Advisories

GHSA-3pvj-q7qj-89fg
GHSA-v6c5-9mp4-mwq4
GHSA-32fg-c88m-mcrv
GHSA-98r5-r223-6xwf
GHSA-9g4r-rvq7-7xrq
GHSA-mj9m-c5pr-rxw7

Author: advisory-database[bot]

advisories/unreviewed/2025/07/GHSA-3pvj-q7qj-89fg/GHSA-3pvj-q7qj-89fg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3pvj-q7qj-89fg",
-  "modified": "2026-02-05T21:32:35Z",
+  "modified": "2026-03-05T12:30:30Z",
   "published": "2025-07-07T15:30:39Z",
   "aliases": [
     "CVE-2025-5987"
@@ -21,63 +21,67 @@
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:23483"
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2025:23484"
+      "url": "https://access.redhat.com/security/cve/CVE-2025-5987"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:0427"
+      "url": "https://access.redhat.com/errata/RHSA-2026:3415"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:0428"
+      "url": "https://access.redhat.com/errata/RHSA-2026:1541"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:0430"
+      "url": "https://access.redhat.com/errata/RHSA-2026:1539"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:0431"
+      "url": "https://access.redhat.com/errata/RHSA-2026:0996"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:0702"
+      "url": "https://access.redhat.com/errata/RHSA-2026:0985"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:0980"
     },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0978"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:0980"
+      "url": "https://access.redhat.com/errata/RHSA-2026:0702"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:0985"
+      "url": "https://access.redhat.com/errata/RHSA-2026:0431"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:0996"
+      "url": "https://access.redhat.com/errata/RHSA-2026:0430"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:1539"
+      "url": "https://access.redhat.com/errata/RHSA-2026:0428"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/errata/RHSA-2026:1541"
+      "url": "https://access.redhat.com/errata/RHSA-2026:0427"
     },
     {
       "type": "WEB",
-      "url": "https://access.redhat.com/security/cve/CVE-2025-5987"
+      "url": "https://access.redhat.com/errata/RHSA-2025:23484"
     },
     {
       "type": "WEB",
-      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376219"
+      "url": "https://access.redhat.com/errata/RHSA-2025:23483"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v6c5-9mp4-mwq4",
-  "modified": "2026-02-26T18:31:34Z",
+  "modified": "2026-03-05T12:30:30Z",
   "published": "2025-11-26T15:34:12Z",
   "aliases": [
     "CVE-2025-13601"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-13601"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:3415"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:2974"

advisories/unreviewed/2026/03/GHSA-32fg-c88m-mcrv/GHSA-32fg-c88m-mcrv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-32fg-c88m-mcrv",
-  "modified": "2026-03-05T03:31:26Z",
+  "modified": "2026-03-05T12:30:30Z",
   "published": "2026-03-05T03:31:26Z",
   "aliases": [
     "CVE-2025-40931"
@@ -21,6 +21,10 @@
     {
       "type": "WEB",
       "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/03/05/3"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-98r5-r223-6xwf/GHSA-98r5-r223-6xwf.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-98r5-r223-6xwf",
-  "modified": "2026-03-05T03:31:26Z",
+  "modified": "2026-03-05T12:30:30Z",
   "published": "2026-03-05T03:31:26Z",
   "aliases": [
     "CVE-2024-57854"
@@ -21,6 +21,10 @@
     {
       "type": "WEB",
       "url": "https://patch-diff.githubusercontent.com/raw/dougwilson/perl5-net-nsca-client/pull/2.patch"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/03/05/1"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-9g4r-rvq7-7xrq/GHSA-9g4r-rvq7-7xrq.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9g4r-rvq7-7xrq",
+  "modified": "2026-03-05T12:30:30Z",
+  "published": "2026-03-05T12:30:30Z",
+  "aliases": [
+    "CVE-2026-21628"
+  ],
+  "details": "A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21628"
+    },
+    {
+      "type": "WEB",
+      "url": "https://astroidframe.work"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-434"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T10:15:57Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-mj9m-c5pr-rxw7/GHSA-mj9m-c5pr-rxw7.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-mj9m-c5pr-rxw7",
+  "modified": "2026-03-05T12:30:30Z",
+  "published": "2026-03-05T12:30:30Z",
+  "aliases": [
+    "CVE-2026-3236"
+  ],
+  "details": "In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3236"
+    },
+    {
+      "type": "WEB",
+      "url": "https://advisories.octopus.com/post/2026/sa2026-02"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-05T11:15:54Z"
+  }
+}