Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 0bcffbcbec86 · 2026-04-19T21:33:06.000Z
GHSA-wp3j-xq48-xpjw GHSA-32vr-5hxf-x93f GHSA-6qrf-r65h-2r77 GHSA-83xx-9f6p-vwfj GHSA-gg7j-w83p-fxr9 GHSA-qg4c-8pj4-qgw2 GHSA-v6c5-9mp4-mwq4 GHSA-2p5v-p767-wqv5 GHSA-frh9-7wfp-w73p GHSA-hrx4-rccm-xj6c GHSA-4rfm-63gf-wxj6 GHSA-fmjq-qmw7-vfrv
diff --git a/advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json b/advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wp3j-xq48-xpjw",
-  "modified": "2026-02-16T15:32:47Z",
+  "modified": "2026-04-19T21:31:28Z",
   "published": "2025-09-04T20:01:54Z",
   "aliases": [
     "CVE-2025-9566"
@@ -82,6 +82,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-9566"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:8211"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:20983"
diff --git a/advisories/unreviewed/2025/06/GHSA-32vr-5hxf-x93f/GHSA-32vr-5hxf-x93f.json b/advisories/unreviewed/2025/06/GHSA-32vr-5hxf-x93f/GHSA-32vr-5hxf-x93f.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-32vr-5hxf-x93f",
-  "modified": "2025-11-29T03:30:15Z",
+  "modified": "2026-04-19T21:31:28Z",
   "published": "2025-06-12T15:31:22Z",
   "aliases": [
     "CVE-2025-6021"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-6021"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7519"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19020"
diff --git a/advisories/unreviewed/2025/06/GHSA-6qrf-r65h-2r77/GHSA-6qrf-r65h-2r77.json b/advisories/unreviewed/2025/06/GHSA-6qrf-r65h-2r77/GHSA-6qrf-r65h-2r77.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6qrf-r65h-2r77",
-  "modified": "2026-03-24T06:31:12Z",
+  "modified": "2026-04-19T21:31:28Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-6170"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7519"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-6170"
diff --git a/advisories/unreviewed/2025/06/GHSA-83xx-9f6p-vwfj/GHSA-83xx-9f6p-vwfj.json b/advisories/unreviewed/2025/06/GHSA-83xx-9f6p-vwfj/GHSA-83xx-9f6p-vwfj.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-83xx-9f6p-vwfj",
-  "modified": "2026-03-20T21:31:28Z",
+  "modified": "2026-04-19T21:31:28Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49796"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-49796"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7519"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0934"
diff --git a/advisories/unreviewed/2025/06/GHSA-gg7j-w83p-fxr9/GHSA-gg7j-w83p-fxr9.json b/advisories/unreviewed/2025/06/GHSA-gg7j-w83p-fxr9/GHSA-gg7j-w83p-fxr9.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gg7j-w83p-fxr9",
-  "modified": "2026-04-14T12:31:28Z",
+  "modified": "2026-04-19T21:31:27Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49795"
@@ -27,6 +27,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:19020"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7519"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-49795"
diff --git a/advisories/unreviewed/2025/06/GHSA-qg4c-8pj4-qgw2/GHSA-qg4c-8pj4-qgw2.json b/advisories/unreviewed/2025/06/GHSA-qg4c-8pj4-qgw2/GHSA-qg4c-8pj4-qgw2.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qg4c-8pj4-qgw2",
-  "modified": "2026-03-20T21:31:28Z",
+  "modified": "2026-04-19T21:31:28Z",
   "published": "2025-06-16T18:32:19Z",
   "aliases": [
     "CVE-2025-49794"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-49794"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7519"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:0934"
diff --git a/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json b/advisories/unreviewed/2025/11/GHSA-v6c5-9mp4-mwq4/GHSA-v6c5-9mp4-mwq4.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v6c5-9mp4-mwq4",
-  "modified": "2026-03-19T06:30:27Z",
+  "modified": "2026-04-19T21:31:28Z",
   "published": "2025-11-26T15:34:12Z",
   "aliases": [
     "CVE-2025-13601"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-13601"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7461"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:4419"
diff --git a/advisories/unreviewed/2025/12/GHSA-2p5v-p767-wqv5/GHSA-2p5v-p767-wqv5.json b/advisories/unreviewed/2025/12/GHSA-2p5v-p767-wqv5/GHSA-2p5v-p767-wqv5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2p5v-p767-wqv5",
-  "modified": "2026-03-19T12:30:31Z",
+  "modified": "2026-04-19T21:31:28Z",
   "published": "2025-12-11T09:31:25Z",
   "aliases": [
     "CVE-2025-14512"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7461"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14512"
diff --git a/advisories/unreviewed/2025/12/GHSA-frh9-7wfp-w73p/GHSA-frh9-7wfp-w73p.json b/advisories/unreviewed/2025/12/GHSA-frh9-7wfp-w73p/GHSA-frh9-7wfp-w73p.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-frh9-7wfp-w73p",
-  "modified": "2026-03-18T18:31:10Z",
+  "modified": "2026-04-19T21:31:28Z",
   "published": "2025-12-10T09:30:25Z",
   "aliases": [
     "CVE-2025-14087"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14087"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7461"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14087"
diff --git a/advisories/unreviewed/2025/12/GHSA-hrx4-rccm-xj6c/GHSA-hrx4-rccm-xj6c.json b/advisories/unreviewed/2025/12/GHSA-hrx4-rccm-xj6c/GHSA-hrx4-rccm-xj6c.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hrx4-rccm-xj6c",
-  "modified": "2026-03-18T18:31:10Z",
+  "modified": "2026-04-19T21:31:28Z",
   "published": "2025-12-05T18:31:11Z",
   "aliases": [
     "CVE-2025-14104"
@@ -55,6 +55,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:4943"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7180"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14104"
diff --git a/advisories/unreviewed/2026/04/GHSA-4rfm-63gf-wxj6/GHSA-4rfm-63gf-wxj6.json b/advisories/unreviewed/2026/04/GHSA-4rfm-63gf-wxj6/GHSA-4rfm-63gf-wxj6.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4rfm-63gf-wxj6",
+  "modified": "2026-04-19T21:31:28Z",
+  "published": "2026-04-19T21:31:28Z",
+  "aliases": [
+    "CVE-2026-6577"
+  ],
+  "details": "A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6577"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-2-Unauthenticated-GPS-Data-Injection.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/790282"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358212"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358212/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-287"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-19T20:16:28Z"
+  }
+}
diff --git a/advisories/unreviewed/2026/04/GHSA-fmjq-qmw7-vfrv/GHSA-fmjq-qmw7-vfrv.json b/advisories/unreviewed/2026/04/GHSA-fmjq-qmw7-vfrv/GHSA-fmjq-qmw7-vfrv.json
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-fmjq-qmw7-vfrv",
+  "modified": "2026-04-19T21:31:28Z",
+  "published": "2026-04-19T21:31:28Z",
+  "aliases": [
+    "CVE-2026-6576"
+  ],
+  "details": "A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6576"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/3em0/cve_repo/blob/main/DjangoBlog/Vuln-1-WeChat-Bot-RCE.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/submit/790281"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358211"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/vuln/358211/cti"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-19T19:16:14Z"
+  }
+}
