github
diff --git a/‎advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2023/03/GHSA-vmmw-985w-hrr3/GHSA-vmmw-985w-hrr3.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2023/03/GHSA-vmmw-985w-hrr3/GHSA-vmmw-985w-hrr3.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/12/GHSA-hrx4-rccm-xj6c/GHSA-hrx4-rccm-xj6c.json‎
Lines changed: 5 additions & 1 deletion b/‎advisories/unreviewed/2025/12/GHSA-hrx4-rccm-xj6c/GHSA-hrx4-rccm-xj6c.json‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2026/02/GHSA-57cc-2pf4-mhmx/GHSA-57cc-2pf4-mhmx.json‎
Lines changed: 36 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-57cc-2pf4-mhmx/GHSA-57cc-2pf4-mhmx.json‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-63ww-623p-2ph4/GHSA-63ww-623p-2ph4.json‎
Lines changed: 36 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-63ww-623p-2ph4/GHSA-63ww-623p-2ph4.json‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-89wr-3g6x-pxxx/GHSA-89wr-3g6x-pxxx.json‎
Lines changed: 52 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-89wr-3g6x-pxxx/GHSA-89wr-3g6x-pxxx.json‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-c6rr-xhrp-94pr/GHSA-c6rr-xhrp-94pr.json‎
Lines changed: 50 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-c6rr-xhrp-94pr/GHSA-c6rr-xhrp-94pr.json‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-c99q-x737-hc5j/GHSA-c99q-x737-hc5j.json‎
Lines changed: 33 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-c99q-x737-hc5j/GHSA-c99q-x737-hc5j.json‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-cgjg-p2m2-qm4p/GHSA-cgjg-p2m2-qm4p.json‎
Lines changed: 36 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-cgjg-p2m2-qm4p/GHSA-cgjg-p2m2-qm4p.json‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2026/02/GHSA-ggg6-jj2q-72rr/GHSA-ggg6-jj2q-72rr.json‎
Lines changed: 52 additions & 0 deletions b/‎advisories/unreviewed/2026/02/GHSA-ggg6-jj2q-72rr/GHSA-ggg6-jj2q-72rr.json‎
Lines changed: 52 additions & 0 deletions
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wp3j-xq48-xpjw",
-  "modified": "2026-02-16T09:30:30Z",
+  "modified": "2026-02-16T15:32:47Z",
   "published": "2025-09-04T20:01:54Z",
   "aliases": [
     "CVE-2025-9566"
@@ -166,6 +166,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHEA-2025:4782"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHBA-2025:16163"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHBA-2025:16158"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vmmw-985w-hrr3",
-  "modified": "2023-03-11T03:30:17Z",
+  "modified": "2026-02-16T15:32:47Z",
   "published": "2023-03-07T00:30:24Z",
   "aliases": [
     "CVE-2023-1211"
@@ -23,6 +23,10 @@
       "type": "WEB",
       "url": "https://github.com/phpipam/phpipam/commit/16e7a94fb69412e569ccf6f2fe0a1f847309c922"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2023-1211.md"
+    },
     {
       "type": "WEB",
       "url": "https://huntr.dev/bounties/ed569124-2aeb-4b0d-a312-435460892afd"
 
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hrx4-rccm-xj6c",
-  "modified": "2026-02-11T15:30:21Z",
+  "modified": "2026-02-16T15:32:47Z",
   "published": "2025-12-05T18:31:11Z",
   "aliases": [
     "CVE-2025-14104"
@@ -39,6 +39,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:2563"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:2737"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14104"
 
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-57cc-2pf4-mhmx",
+  "modified": "2026-02-16T15:32:47Z",
+  "published": "2026-02-16T15:32:47Z",
+  "aliases": [
+    "CVE-2025-14350"
+  ],
+  "details": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to properly validate team membership when processing channel mentions which allows authenticated users to determine the existence of teams and their URL names via posting channel shortlinks and observing the channel_mentions property in the API response. Mattermost Advisory ID: MMSA-2025-00563",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14350"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mattermost.com/security-updates"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T13:15:59Z"
+  }
+}
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-63ww-623p-2ph4",
+  "modified": "2026-02-16T15:32:47Z",
+  "published": "2026-02-16T15:32:47Z",
+  "aliases": [
+    "CVE-2026-1334"
+  ],
+  "details": "An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1334"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-1334"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-125"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T14:16:18Z"
+  }
+}
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-89wr-3g6x-pxxx",
+  "modified": "2026-02-16T15:32:47Z",
+  "published": "2026-02-16T15:32:47Z",
+  "aliases": [
+    "CVE-2026-2556"
+  ],
+  "details": "A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2556"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fx4tqqfvdw4.feishu.cn/docx/Vrs6dRx79ondtCxldz2cvupdnMe"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346164"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346164"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.750708"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-918"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T13:16:00Z"
+  }
+}
@@ -0,0 +1,50 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c6rr-xhrp-94pr",
+  "modified": "2026-02-16T15:32:47Z",
+  "published": "2026-02-16T15:32:47Z",
+  "aliases": [
+    "CVE-2026-2562"
+  ],
+  "details": "A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2562"
+    },
+    {
+      "type": "WEB",
+      "url": "https://my.feishu.cn/wiki/Umb6w4PasizunKkagYschZP1nff"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346169"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346169"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.750986"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T15:18:35Z"
+  }
+}
@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c99q-x737-hc5j",
+  "modified": "2026-02-16T15:32:47Z",
+  "published": "2026-02-16T15:32:47Z",
+  "aliases": [
+    "CVE-2026-2447"
+  ],
+  "details": "Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, and Firefox ESR < 115.32.1.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2447"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014390"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mozilla.org/security/advisories/mfsa2026-10"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T15:18:34Z"
+  }
+}
@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cgjg-p2m2-qm4p",
+  "modified": "2026-02-16T15:32:47Z",
+  "published": "2026-02-16T15:32:47Z",
+  "aliases": [
+    "CVE-2025-14573"
+  ],
+  "details": "Mattermost versions 10.11.x <= 10.11.9 fail to enforce invite permissions when updating team settings, which allows team administrators without proper permissions to bypass restrictions and add users to their team via API requests. Mattermost Advisory ID: MMSA-2025-00561",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14573"
+    },
+    {
+      "type": "WEB",
+      "url": "https://mattermost.com/security-updates"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T13:16:00Z"
+  }
+}
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-ggg6-jj2q-72rr",
+  "modified": "2026-02-16T15:32:47Z",
+  "published": "2026-02-16T15:32:47Z",
+  "aliases": [
+    "CVE-2026-2557"
+  ],
+  "details": "A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2557"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fx4tqqfvdw4.feishu.cn/docx/ZqvtdTniToQMw0xZL94cTpuTnac"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.346165"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.346165"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.750729"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-16T14:16:18Z"
+  }
+}