Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2024/01/GHSA-cx8g-4cf5-cjv3/GHSA-cx8g-4cf5-cjv3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cx8g-4cf5-cjv3",
-  "modified": "2026-03-26T21:31:19Z",
+  "modified": "2026-04-08T15:31:42Z",
   "published": "2024-01-25T21:32:14Z",
   "aliases": [
     "CVE-2023-52356"
@@ -75,6 +75,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2023-52356"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7081"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:5958"

advisories/unreviewed/2024/07/GHSA-6gjw-r684-5cqg/GHSA-6gjw-r684-5cqg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6gjw-r684-5cqg",
-  "modified": "2024-07-04T09:32:49Z",
+  "modified": "2026-04-08T15:31:42Z",
   "published": "2024-07-04T09:32:49Z",
   "aliases": [
     "CVE-2024-1182"
@@ -30,6 +30,10 @@
     {
       "type": "WEB",
       "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
     }
   ],
   "database_specific": {

advisories/unreviewed/2024/07/GHSA-m7g5-qwgm-89mc/GHSA-m7g5-qwgm-89mc.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m7g5-qwgm-89mc",
-  "modified": "2024-07-04T09:32:49Z",
+  "modified": "2026-04-08T15:31:42Z",
   "published": "2024-07-04T09:32:49Z",
   "aliases": [
     "CVE-2024-1574"
@@ -30,6 +30,10 @@
     {
       "type": "WEB",
       "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-004_en.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-004_en.pdf"
     }
   ],
   "database_specific": {

advisories/unreviewed/2024/11/GHSA-4gc8-mmm3-6xff/GHSA-4gc8-mmm3-6xff.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4gc8-mmm3-6xff",
-  "modified": "2024-12-06T06:30:57Z",
+  "modified": "2026-04-08T15:31:42Z",
   "published": "2024-11-29T03:31:04Z",
   "aliases": [
     "CVE-2024-8299"
@@ -30,6 +30,10 @@
     {
       "type": "WEB",
       "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
     }
   ],
   "database_specific": {

advisories/unreviewed/2024/11/GHSA-grq9-8qm8-vhjr/GHSA-grq9-8qm8-vhjr.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-grq9-8qm8-vhjr",
-  "modified": "2024-12-06T06:30:57Z",
+  "modified": "2026-04-08T15:31:42Z",
   "published": "2024-11-29T03:31:04Z",
   "aliases": [
     "CVE-2024-9852"
@@ -30,6 +30,10 @@
     {
       "type": "WEB",
       "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-010_en.pdf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.mitsubishielectric.com/psirt/vulnerability/pdf/2024-010_en.pdf"
     }
   ],
   "database_specific": {

advisories/unreviewed/2026/03/GHSA-h46w-ffvp-4pw5/GHSA-h46w-ffvp-4pw5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h46w-ffvp-4pw5",
-  "modified": "2026-03-17T00:31:34Z",
+  "modified": "2026-04-08T15:31:42Z",
   "published": "2026-03-16T18:32:04Z",
   "aliases": [
     "CVE-2026-4224"
@@ -31,6 +31,14 @@
       "type": "WEB",
       "url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/python/cpython/commit/642865ddf4b232da1f3b1f7abcfa3254c4bfe785"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/python/cpython/commit/af856a7177326ac25d9f66cc6dd28b554d914fee"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3"

advisories/unreviewed/2026/03/GHSA-xrqh-48jh-pjv2/GHSA-xrqh-48jh-pjv2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xrqh-48jh-pjv2",
-  "modified": "2026-04-06T12:32:09Z",
+  "modified": "2026-04-08T15:31:42Z",
   "published": "2026-03-13T21:31:51Z",
   "aliases": [
     "CVE-2026-4111"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:6647"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:7093"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-4111"

advisories/unreviewed/2026/04/GHSA-264c-x5mq-ppr2/GHSA-264c-x5mq-ppr2.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-264c-x5mq-ppr2",
-  "modified": "2026-04-08T09:31:35Z",
+  "modified": "2026-04-08T15:31:43Z",
   "published": "2026-04-08T09:31:35Z",
   "aliases": [
     "CVE-2026-39696"
   ],
   "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elfsight Elfsight WhatsApp Chat CC elfsight-whatsapp-chat allows DOM-Based XSS.This issue affects Elfsight WhatsApp Chat CC: from n/a through <= 1.2.0.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T09:16:42Z"

advisories/unreviewed/2026/04/GHSA-28p4-crp9-2q2x/GHSA-28p4-crp9-2q2x.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-28p4-crp9-2q2x",
+  "modified": "2026-04-08T15:31:44Z",
+  "published": "2026-04-08T15:31:44Z",
+  "aliases": [
+    "CVE-2025-57854"
+  ],
+  "details": "A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57854"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2025-57854"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2391107"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-276"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-08T14:16:26Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-38gq-23v5-5q4r/GHSA-38gq-23v5-5q4r.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-38gq-23v5-5q4r",
-  "modified": "2026-04-08T09:31:36Z",
+  "modified": "2026-04-08T15:31:43Z",
   "published": "2026-04-08T09:31:36Z",
   "aliases": [
     "CVE-2026-39716"
   ],
   "details": "Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flipmart: from n/a through <= 2.8.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -23,7 +28,7 @@
     "cwe_ids": [
       "CWE-862"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T09:16:44Z"