Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 7de0e33e825f · 2026-03-25T18:53:55.000Z
GHSA-hqmj-h5c6-369m GHSA-jcc7-9wpm-mj36 GHSA-rvv3-g6hj-g44x
diff --git a/advisories/github-reviewed/2026/03/GHSA-hqmj-h5c6-369m/GHSA-hqmj-h5c6-369m.json b/advisories/github-reviewed/2026/03/GHSA-hqmj-h5c6-369m/GHSA-hqmj-h5c6-369m.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hqmj-h5c6-369m",
-  "modified": "2026-03-19T18:36:38Z",
+  "modified": "2026-03-25T18:51:54Z",
   "published": "2026-03-16T16:23:28Z",
   "aliases": [
     "CVE-2026-28500"
   ],
   "summary": "ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack",
-  "details": "### Summary\n\nA security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts.\n### The Technical Flaw\nThe vulnerability is located in onnx/hub.py. The security gate uses a short-circuit evaluation that prioritizes the \"silent\" preference over the trust requirement:\n```Python\nif not _verify_repo_ref(repo) and not silent:\n    # This block (Warning + User Input) is SKIPPED if silent=True\n    print(\"The model repo... is not trusted\")\n    if input().lower() != \"y\":\n        return None\n```\n**Key Points of Failure**:\nComplete Suppression: If a developer or a third-party library sets silent=True, the application will download and execute models from any attacker-controlled GitHub repository without notifying the user.\n**Integrity Verification Bypass**: The SHA256 integrity check validates the model against a manifest file. Since the attacker controls the repository, they also control the manifest, allowing them to provide a \"valid\" hash for a malicious model.\n### Impact\nThis vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities , an attacker can silently exfiltrate sensitive files ( SSH keys, cloud credentials) from the victim's machine the moment the model is loaded.",
+  "details": "## What's the issue\nPassing `silent=True` to `onnx.hub.load()` kills all trust warnings and user prompts. This means a model can be downloaded from any unverified GitHub repo with zero user awareness.\n \n```python\nif not _verify_repo_ref(repo) and not silent:\n    # completely skipped when silent=True\n    print(\"The model repo... is not trusted\")\n    if input().lower() != \"y\":\n        return None\n```\n \nOn top of that, the SHA256 integrity check is useless here — it validates against a manifest that lives in the same repo the attacker controls, so the hash will always match.\n\n \n## Impact\nAny pipeline using `hub.load()` with `silent=True` and an external repo string is silently loading whatever the repo owner ships. If that model executes arbitrary code on load, the attacker has access to the machine.\n \n## Resolved by removing the feature",
   "severity": [
     {
       "type": "CVSS_V3",
diff --git a/advisories/github-reviewed/2026/03/GHSA-jcc7-9wpm-mj36/GHSA-jcc7-9wpm-mj36.json b/advisories/github-reviewed/2026/03/GHSA-jcc7-9wpm-mj36/GHSA-jcc7-9wpm-mj36.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jcc7-9wpm-mj36",
-  "modified": "2026-03-19T18:28:33Z",
+  "modified": "2026-03-25T18:51:19Z",
   "published": "2026-03-17T15:29:48Z",
   "aliases": [
     "CVE-2026-27977"
   ],
   "summary": "Next.js: null origin can bypass dev HMR websocket CSRF checks",
-  "details": "## Summary\nIn `next dev`, cross-site protection for internal websocket endpoints could treat `Origin: null` as a bypass case even if [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured, allowing privacy-sensitive/opaque contexts (for example sandboxed documents) to connect unexpectedly.\n\n## Impact\nIf a dev server is reachable from attacker-controlled content, an attacker may be able to connect to the HMR websocket channel and interact with dev websocket traffic. This affects development mode only.\nApps without a configured [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) still allow connections from any origin.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins.  \n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- Block websocket upgrades to `/_next/webpack-hmr` when `Origin` is `null` at your proxy.",
+  "details": "## Summary\nIn `next dev`, cross-site protections for internal development endpoints could treat `Origin: null` as a bypass case even when [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) is configured. This could allow privacy-sensitive or opaque browser contexts, such as sandboxed documents, to access privileged internal dev-server functionality unexpectedly.\n\n## Impact\nIf a developer visits attacker-controlled content while running an affected `next dev` server with [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins) configured, attacker-controlled browser code may be able to connect to internal development endpoints and interact with sensitive dev-server functionality that should have remained blocked.\n\nThis issue affects development mode only. It does not affect `next start`, and it does not expose internal debugging functionality to the network by default.\n\n## Patches\nFixed by validating `Origin: null` through the same cross-site origin-allowance checks used for other origins on internal development endpoints.\n\n## Workarounds\nIf upgrade is not immediately possible:\n- Do not expose `next dev` to untrusted networks.\n- If you use [`allowedDevOrigins`](https://nextjs.org/docs/app/api-reference/config/next-config-js/allowedDevOrigins), reject requests and websocket upgrades with `Origin: null` for internal dev endpoints at your proxy.",
   "severity": [
     {
       "type": "CVSS_V4",
diff --git a/advisories/github-reviewed/2026/03/GHSA-rvv3-g6hj-g44x/GHSA-rvv3-g6hj-g44x.json b/advisories/github-reviewed/2026/03/GHSA-rvv3-g6hj-g44x/GHSA-rvv3-g6hj-g44x.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rvv3-g6hj-g44x",
-  "modified": "2026-03-20T21:20:05Z",
+  "modified": "2026-03-25T18:53:07Z",
   "published": "2026-03-13T20:57:07Z",
   "aliases": [
     "CVE-2026-32933"
@@ -71,6 +71,10 @@
       "type": "PACKAGE",
       "url": "https://github.com/LuckyPennySoftware/AutoMapper"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/LuckyPennySoftware/AutoMapper/discussions/4624"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/LuckyPennySoftware/AutoMapper/releases/tag/v15.1.1"
