Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit d2990c9f8216 · 2026-04-14T12:33:22.000Z
GHSA-f393-4p85-6h6g GHSA-px5q-x4wp-pg95 GHSA-3fxc-2crv-fg9x GHSA-gg7j-w83p-fxr9 GHSA-2m69-gcr7-jv3q GHSA-f7q5-qg45-7vm8 GHSA-v8v5-8mm8-3j8p GHSA-6726-7rcj-cq84 GHSA-m6g9-g34g-jmjf GHSA-q3xp-m695-72w5 GHSA-wg8q-pmvg-p6gw GHSA-9pr2-m366-8728 GHSA-p2w9-p68c-qpqg GHSA-446f-x529-8hw2 GHSA-56r8-2cmq-4v45 GHSA-9vq7-9h42-j88h GHSA-j648-xxf5-44cv
diff --git a/advisories/unreviewed/2022/05/GHSA-f393-4p85-6h6g/GHSA-f393-4p85-6h6g.json b/advisories/unreviewed/2022/05/GHSA-f393-4p85-6h6g/GHSA-f393-4p85-6h6g.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f393-4p85-6h6g",
-  "modified": "2022-07-13T00:01:51Z",
+  "modified": "2026-04-14T12:31:26Z",
   "published": "2022-05-24T19:01:57Z",
   "aliases": [
     "CVE-2020-26147"
@@ -19,6 +19,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26147"
     },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-019200.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-913875.html"
+    },
     {
       "type": "WEB",
       "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf"
diff --git a/advisories/unreviewed/2022/11/GHSA-px5q-x4wp-pg95/GHSA-px5q-x4wp-pg95.json b/advisories/unreviewed/2022/11/GHSA-px5q-x4wp-pg95/GHSA-px5q-x4wp-pg95.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-px5q-x4wp-pg95",
-  "modified": "2022-12-01T15:30:19Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2022-11-25T15:30:21Z",
   "aliases": [
     "CVE-2022-38767"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38767"
     },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-726834.html"
+    },
     {
       "type": "WEB",
       "url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2022-38767"
diff --git a/advisories/unreviewed/2025/06/GHSA-3fxc-2crv-fg9x/GHSA-3fxc-2crv-fg9x.json b/advisories/unreviewed/2025/06/GHSA-3fxc-2crv-fg9x/GHSA-3fxc-2crv-fg9x.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3fxc-2crv-fg9x",
-  "modified": "2025-06-13T18:30:34Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2025-06-10T18:32:32Z",
   "aliases": [
     "CVE-2025-2884"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/stefanberger/libtpms/commit/04b2d8e9afc0a9b6bffe562a23e58c0de11532d1"
     },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-628843.html"
+    },
     {
       "type": "WEB",
       "url": "https://trustedcomputinggroup.org/about/security"
diff --git a/advisories/unreviewed/2025/06/GHSA-gg7j-w83p-fxr9/GHSA-gg7j-w83p-fxr9.json b/advisories/unreviewed/2025/06/GHSA-gg7j-w83p-fxr9/GHSA-gg7j-w83p-fxr9.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gg7j-w83p-fxr9",
-  "modified": "2025-10-27T18:31:06Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49795"
@@ -34,6 +34,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372379"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/932"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2025/07/GHSA-2m69-gcr7-jv3q/GHSA-2m69-gcr7-jv3q.json b/advisories/unreviewed/2025/07/GHSA-2m69-gcr7-jv3q/GHSA-2m69-gcr7-jv3q.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2m69-gcr7-jv3q",
-  "modified": "2025-11-05T00:31:21Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2025-07-15T15:31:00Z",
   "aliases": [
     "CVE-2025-6965"
@@ -23,6 +23,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
     },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-225816.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
+    },
     {
       "type": "WEB",
       "url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
diff --git a/advisories/unreviewed/2025/07/GHSA-f7q5-qg45-7vm8/GHSA-f7q5-qg45-7vm8.json b/advisories/unreviewed/2025/07/GHSA-f7q5-qg45-7vm8/GHSA-f7q5-qg45-7vm8.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-f7q5-qg45-7vm8",
-  "modified": "2025-12-02T00:31:09Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2025-07-10T09:32:27Z",
   "aliases": [
     "CVE-2025-32989"
@@ -55,6 +55,10 @@
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"
+    },
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2025/07/11/3"
diff --git a/advisories/unreviewed/2025/07/GHSA-v8v5-8mm8-3j8p/GHSA-v8v5-8mm8-3j8p.json b/advisories/unreviewed/2025/07/GHSA-v8v5-8mm8-3j8p/GHSA-v8v5-8mm8-3j8p.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v8v5-8mm8-3j8p",
-  "modified": "2025-12-02T00:31:09Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2025-07-10T12:31:18Z",
   "aliases": [
     "CVE-2025-32990"
@@ -63,6 +63,10 @@
       "type": "WEB",
       "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"
+    },
     {
       "type": "WEB",
       "url": "http://www.openwall.com/lists/oss-security/2025/07/11/3"
diff --git a/advisories/unreviewed/2025/12/GHSA-6726-7rcj-cq84/GHSA-6726-7rcj-cq84.json b/advisories/unreviewed/2025/12/GHSA-6726-7rcj-cq84/GHSA-6726-7rcj-cq84.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6726-7rcj-cq84",
-  "modified": "2025-12-18T15:30:43Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2025-12-18T15:30:43Z",
   "aliases": [
     "CVE-2025-40892"
@@ -23,6 +23,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40892"
     },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html"
+    },
     {
       "type": "WEB",
       "url": "https://security.nozominetworks.com/NN-2025:13-01"
diff --git a/advisories/unreviewed/2025/12/GHSA-m6g9-g34g-jmjf/GHSA-m6g9-g34g-jmjf.json b/advisories/unreviewed/2025/12/GHSA-m6g9-g34g-jmjf/GHSA-m6g9-g34g-jmjf.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m6g9-g34g-jmjf",
-  "modified": "2025-12-18T15:30:43Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2025-12-18T15:30:43Z",
   "aliases": [
     "CVE-2025-40898"
@@ -23,6 +23,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40898"
     },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html"
+    },
     {
       "type": "WEB",
       "url": "https://security.nozominetworks.com/NN-2025:15-01"
diff --git a/advisories/unreviewed/2025/12/GHSA-q3xp-m695-72w5/GHSA-q3xp-m695-72w5.json b/advisories/unreviewed/2025/12/GHSA-q3xp-m695-72w5/GHSA-q3xp-m695-72w5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q3xp-m695-72w5",
-  "modified": "2025-12-18T15:30:43Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2025-12-18T15:30:43Z",
   "aliases": [
     "CVE-2025-40891"
@@ -23,6 +23,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40891"
     },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html"
+    },
     {
       "type": "WEB",
       "url": "https://security.nozominetworks.com/NN-2025:12-01"
diff --git a/advisories/unreviewed/2025/12/GHSA-wg8q-pmvg-p6gw/GHSA-wg8q-pmvg-p6gw.json b/advisories/unreviewed/2025/12/GHSA-wg8q-pmvg-p6gw/GHSA-wg8q-pmvg-p6gw.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wg8q-pmvg-p6gw",
-  "modified": "2025-12-18T15:30:43Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2025-12-18T15:30:43Z",
   "aliases": [
     "CVE-2025-40893"
@@ -23,6 +23,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40893"
     },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html"
+    },
     {
       "type": "WEB",
       "url": "https://security.nozominetworks.com/NN-2025:14-01"
diff --git a/advisories/unreviewed/2026/03/GHSA-9pr2-m366-8728/GHSA-9pr2-m366-8728.json b/advisories/unreviewed/2026/03/GHSA-9pr2-m366-8728/GHSA-9pr2-m366-8728.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9pr2-m366-8728",
-  "modified": "2026-03-31T09:31:42Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2026-03-31T09:31:42Z",
   "aliases": [
     "CVE-2026-5201"
@@ -30,6 +30,10 @@
     {
       "type": "WEB",
       "url": "https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/304"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00010.html"
     }
   ],
   "database_specific": {
diff --git a/advisories/unreviewed/2026/03/GHSA-p2w9-p68c-qpqg/GHSA-p2w9-p68c-qpqg.json b/advisories/unreviewed/2026/03/GHSA-p2w9-p68c-qpqg/GHSA-p2w9-p68c-qpqg.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p2w9-p68c-qpqg",
-  "modified": "2026-03-04T15:30:35Z",
+  "modified": "2026-04-14T12:31:28Z",
   "published": "2026-03-04T15:30:35Z",
   "aliases": [
     "CVE-2025-40894"
@@ -23,6 +23,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40894"
     },
+    {
+      "type": "WEB",
+      "url": "https://cert-portal.siemens.com/productcert/html/ssa-827968.html"
+    },
     {
       "type": "WEB",
       "url": "https://security.nozominetworks.com/NN-2025:16-01"
diff --git a/advisories/unreviewed/2026/04/GHSA-446f-x529-8hw2/GHSA-446f-x529-8hw2.json b/advisories/unreviewed/2026/04/GHSA-446f-x529-8hw2/GHSA-446f-x529-8hw2.json
@@ -0,0 +1,31 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-446f-x529-8hw2",
+  "modified": "2026-04-14T12:31:28Z",
+  "published": "2026-04-14T12:31:28Z",
+  "aliases": [
+    "CVE-2026-24069"
+  ],
+  "details": "Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24069"
+    },
+    {
+      "type": "WEB",
+      "url": "https://r.sec-consult.com/kiuwanlock"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-863"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-14T12:16:20Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-56r8-2cmq-4v45/GHSA-56r8-2cmq-4v45.json b/advisories/unreviewed/2026/04/GHSA-56r8-2cmq-4v45/GHSA-56r8-2cmq-4v45.json
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-56r8-2cmq-4v45",
+  "modified": "2026-04-14T12:31:29Z",
+  "published": "2026-04-14T12:31:28Z",
+  "aliases": [
+    "CVE-2026-2449"
+  ],
+  "details": "Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2449"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.upkeeper.se/hc/en-us/articles/26783425404444-CVE-2026-2449-Improper-neutralization-of-argument-delimiters-in-a-command"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-88"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-14T12:16:21Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-9vq7-9h42-j88h/GHSA-9vq7-9h42-j88h.json b/advisories/unreviewed/2026/04/GHSA-9vq7-9h42-j88h/GHSA-9vq7-9h42-j88h.json
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-9vq7-9h42-j88h",
+  "modified": "2026-04-14T12:31:29Z",
+  "published": "2026-04-14T12:31:28Z",
+  "aliases": [
+    "CVE-2025-13822"
+  ],
+  "details": "MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13822"
+    },
+    {
+      "type": "WEB",
+      "url": "https://cert.pl/en/posts/2026/04/CVE-2025-13822"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/samanhappy/mcphub"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-14T11:16:24Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-j648-xxf5-44cv/GHSA-j648-xxf5-44cv.json b/advisories/unreviewed/2026/04/GHSA-j648-xxf5-44cv/GHSA-j648-xxf5-44cv.json

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-gg7j-w83p-fxr9",`
`4`		`- "modified": "2025-10-27T18:31:06Z",`
	`4`	`+ "modified": "2026-04-14T12:31:28Z",`
`5`	`5`	`"published": "2025-06-16T18:32:19Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2025-49795"`
`@@ -34,6 +34,10 @@`
`34`	`34`	`{`
`35`	`35`	`"type": "WEB",`
`36`	`36`	`"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372379"`
	`37`	`+ },`
	`38`	`+ {`
	`39`	`+ "type": "WEB",`
	`40`	`+ "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/932"`
`37`	`41`	`}`
`38`	`42`	`],`
`39`	`43`	`"database_specific": {`