Publish Advisories

GHSA-q4hc-vp2m-fr47
GHSA-4fhm-p86v-hwpx
GHSA-4m3h-wp5w-5hqh
GHSA-6p72-283f-crv2
GHSA-8x34-9q3v-h7g8
GHSA-c2fm-fx6j-95j7
GHSA-f5f8-5jp8-vj3c
GHSA-h5q3-ggp6-vf4c
GHSA-jx6g-363c-pprr
GHSA-v5mp-vx4p-jwp6
GHSA-x3fv-96qh-67m7
GHSA-xxmc-fm3p-q3x8

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-q4hc-vp2m-fr47/GHSA-q4hc-vp2m-fr47.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q4hc-vp2m-fr47",
-  "modified": "2026-03-17T09:31:28Z",
+  "modified": "2026-03-17T12:30:19Z",
   "published": "2026-02-23T18:32:02Z",
   "aliases": [
     "CVE-2025-14905"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:4661"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:4720"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2025-14905"

advisories/unreviewed/2026/03/GHSA-4fhm-p86v-hwpx/GHSA-4fhm-p86v-hwpx.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4fhm-p86v-hwpx",
+  "modified": "2026-03-17T12:30:20Z",
+  "published": "2026-03-17T12:30:20Z",
+  "aliases": [
+    "CVE-2026-28779"
+  ],
+  "details": "Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url.\nThis allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full session takeover without attacking Airflow itself.\n\nUsers are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28779"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/apache/airflow/pull/62771"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/r4n5znb8mcq14wo9v8ndml36nxlksdqb"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-668"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T11:16:11Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4m3h-wp5w-5hqh/GHSA-4m3h-wp5w-5hqh.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4m3h-wp5w-5hqh",
+  "modified": "2026-03-17T12:30:19Z",
+  "published": "2026-03-17T12:30:19Z",
+  "aliases": [
+    "CVE-2026-26929"
+  ],
+  "details": "Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to \"~\" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to access is returned.\n\n\nUsers are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26929"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/apache/airflow/pull/61675"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/g5o6khx83jwqvdyn0mlyb0krt35cs9ss"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-732"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T11:16:11Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6p72-283f-crv2/GHSA-6p72-283f-crv2.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6p72-283f-crv2",
+  "modified": "2026-03-17T12:30:19Z",
+  "published": "2026-03-17T12:30:19Z",
+  "aliases": [
+    "CVE-2026-3633"
+  ],
+  "details": "A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function, could inject arbitrary headers and additional request data. This vulnerability, known as CRLF (Carriage Return Line Feed) injection, occurs because the method value is not properly escaped during request line construction, potentially leading to HTTP request injection.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3633"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-3633"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445128"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/484"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-93"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T10:16:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-8x34-9q3v-h7g8/GHSA-8x34-9q3v-h7g8.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8x34-9q3v-h7g8",
+  "modified": "2026-03-17T12:30:20Z",
+  "published": "2026-03-17T12:30:20Z",
+  "aliases": [
+    "CVE-2026-30911"
+  ],
+  "details": "Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance.\n\n\nUsers are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30911"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/apache/airflow/pull/62886"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.apache.org/thread/1rs2v7fcko2otl6n9ytthcj87cmsgx51"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-862"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T11:16:11Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-c2fm-fx6j-95j7/GHSA-c2fm-fx6j-95j7.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c2fm-fx6j-95j7",
+  "modified": "2026-03-17T12:30:19Z",
+  "published": "2026-03-17T12:30:19Z",
+  "aliases": [
+    "CVE-2026-23241"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: add missing syscalls to read class\n\nThe \"at\" variant of getxattr() and listxattr() are missing from the\naudit read class. Calling getxattrat() or listxattrat() on a file to\nread its extended attributes will bypass audit rules such as:\n\n-w /tmp/test -p rwa -k test_rwa\n\nThe current patch adds missing syscalls to the audit read class.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23241"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/33cdef7ecf6e5d2cf46a35ec26befce072a1aa07"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/5632d14b2f2a0ade2d0068e12676ebed67e3bb2a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/a2e8c144299c31d3972295ed80d4cb908daf4f6f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ad37505ce869a8100ff23f24eea117de7a7516bf"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ada4bba3afefee1fa68aa6bd1fd597ea4b11a16e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/bcb90a2834c7393c26df9609b889a3097b7700cd"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ed8efd623a5738e03de09dd74b505d0fb77b09f3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f5d27ad99fcaa7d965b344dd0b00d9413585c3cb"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.bencteux.fr/posts/missing_syscalls_audit"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T10:16:00Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-f5f8-5jp8-vj3c/GHSA-f5f8-5jp8-vj3c.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f5f8-5jp8-vj3c",
+  "modified": "2026-03-17T12:30:20Z",
+  "published": "2026-03-17T12:30:20Z",
+  "aliases": [
+    "CVE-2025-31966"
+  ],
+  "details": "HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31966"
+    },
+    {
+      "type": "WEB",
+      "url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0124722"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T12:16:12Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-h5q3-ggp6-vf4c/GHSA-h5q3-ggp6-vf4c.json

@@ -0,0 +1,61 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h5q3-ggp6-vf4c",
+  "modified": "2026-03-17T12:30:19Z",
+  "published": "2026-03-17T12:30:19Z",
+  "aliases": [
+    "CVE-2025-71239"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: add fchmodat2() to change attributes class\n\nfchmodat2(), introduced in version 6.6 is currently not in the change\nattribute class of audit. Calling fchmodat2() to change a file\nattribute in the same fashion than chmod() or fchmodat() will bypass\naudit rules such as:\n\n-w /tmp/test -p rwa -k test_rwa\n\nThe current patch adds fchmodat2() to the change attributes class.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71239"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3e762a03713e8c25ca0108c075d662c897fc0623"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3ee75b13ea5f05ff9adc784b2464825bd70eb119"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4f493a6079b588cf1f04ce5ed6cdad45ab0d53dc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4fed776ca86378da7dd743a7b648e20b025ba8ef"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/57489a89657cc94bf6ad8427d1902daba9156aa1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/91e27bc79c3bca93c06bf5a471d47df9a35b3741"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/c4334c0d0e7d6f02ed93756fd4ba807e3d00c05f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/f714315d7d68898d03093f67285256a8770f903c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.bencteux.fr/posts/missing_syscalls_audit"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T10:15:59Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-jx6g-363c-pprr/GHSA-jx6g-363c-pprr.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-jx6g-363c-pprr",
+  "modified": "2026-03-17T12:30:19Z",
+  "published": "2026-03-17T12:30:19Z",
+  "aliases": [
+    "CVE-2026-3634"
+  ],
+  "details": "A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage Return Line Feed (CRLF) sequence due to improper input sanitization in the `soup_message_headers_set_content_type()` function. This vulnerability allows for the injection of arbitrary header-value pairs, potentially leading to HTTP header injection and response splitting attacks.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3634"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2026-3634"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445129"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/485"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-93"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-17T10:16:00Z"
+  }
+}