Publish Advisories

GHSA-62ch-j6x7-722j
GHSA-89vf-4333-qx8v
GHSA-j5q5-j9gm-2w5c
GHSA-jh46-85jr-6ph9
GHSA-pgm4-439c-5jp6
GHSA-qcfx-2mfw-w4cg
GHSA-qr6x-wvxr-8hm9
GHSA-rm2q-f7jv-3cfp

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-62ch-j6x7-722j/GHSA-62ch-j6x7-722j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-62ch-j6x7-722j",
-  "modified": "2026-03-23T20:38:16Z",
+  "modified": "2026-03-25T20:46:06Z",
   "published": "2026-03-23T20:38:16Z",
   "aliases": [
     "CVE-2026-32299"
@@ -65,9 +65,21 @@
       "type": "WEB",
       "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-62ch-j6x7-722j"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32299"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/opensource-workshop/connect-cms"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"
     }
   ],
   "database_specific": {
@@ -77,6 +89,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-23T20:38:16Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-23T22:16:27Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-89vf-4333-qx8v/GHSA-89vf-4333-qx8v.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-89vf-4333-qx8v",
-  "modified": "2026-03-23T20:53:28Z",
+  "modified": "2026-03-25T20:47:31Z",
   "published": "2026-03-23T20:53:28Z",
   "aliases": [
     "CVE-2026-33170"
@@ -78,6 +78,10 @@
       "type": "WEB",
       "url": "https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33170"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7"
@@ -114,6 +118,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-23T20:53:28Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-24T00:16:28Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-j5q5-j9gm-2w5c/GHSA-j5q5-j9gm-2w5c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j5q5-j9gm-2w5c",
-  "modified": "2026-03-18T20:20:10Z",
+  "modified": "2026-03-25T20:48:04Z",
   "published": "2026-03-18T20:20:10Z",
   "aliases": [
     "CVE-2026-33211"
@@ -116,6 +116,38 @@
       "type": "WEB",
       "url": "https://github.com/tektoncd/pipeline/security/advisories/GHSA-j5q5-j9gm-2w5c"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33211"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tektoncd/pipeline/commit/10fa538f9a2b6d01c75138f1ed7ba3da0e34687c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tektoncd/pipeline/commit/318006c4e3a5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tektoncd/pipeline/commit/3ca7bc6e6dd1d97f80b84f78370d91edaf023cbd"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tektoncd/pipeline/commit/961388fcf3374bc7656d28ab58ca84987e0a75ae"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tektoncd/pipeline/commit/b1fee65b88aa969069c14c120045e97c37d9ee5e"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tektoncd/pipeline/commit/cdb4e1e97a4f3170f9bc2cbfff83a6c8107bc3db"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/tektoncd/pipeline/commit/ec7755031a183b345cf9e64bea0e0505c1b9cb78"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/tektoncd/pipeline"
@@ -128,6 +160,6 @@
     "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-18T20:20:10Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-24T00:16:29Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-jh46-85jr-6ph9/GHSA-jh46-85jr-6ph9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jh46-85jr-6ph9",
-  "modified": "2026-03-23T20:36:49Z",
+  "modified": "2026-03-25T20:45:55Z",
   "published": "2026-03-23T20:36:49Z",
   "aliases": [
     "CVE-2026-32279"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-jh46-85jr-6ph9"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32279"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/opensource-workshop/connect-cms/commit/4a1a64a8f768a53e06a4239e25782d9e2e88fc63"
@@ -93,6 +97,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-23T20:36:49Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-23T22:16:27Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-pgm4-439c-5jp6/GHSA-pgm4-439c-5jp6.json

@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pgm4-439c-5jp6",
-  "modified": "2026-03-23T20:45:15Z",
+  "modified": "2026-03-25T20:46:51Z",
   "published": "2026-03-23T20:45:15Z",
   "aliases": [
     "CVE-2026-33167"
   ],
   "summary": "Rails has a possible XSS vulnerability in its Action Pack debug exceptions",
   "details": "### Impact\nThe debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled (`config.consider_all_requests_local = true`), which is the default in development.\n\n### Releases\nThe fixed releases are available at the normal locations.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -35,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33167"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0"
@@ -55,6 +64,6 @@
     "severity": "LOW",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-23T20:45:15Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-23T23:17:12Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-qcfx-2mfw-w4cg/GHSA-qcfx-2mfw-w4cg.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qcfx-2mfw-w4cg",
-  "modified": "2026-03-23T20:54:16Z",
+  "modified": "2026-03-25T20:47:53Z",
   "published": "2026-03-23T20:54:16Z",
   "aliases": [
     "CVE-2026-33173"
@@ -78,6 +78,10 @@
       "type": "WEB",
       "url": "https://github.com/rails/rails/security/advisories/GHSA-qcfx-2mfw-w4cg"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33173"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53"
@@ -114,6 +118,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-23T20:54:16Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-24T00:16:28Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-qr6x-wvxr-8hm9/GHSA-qr6x-wvxr-8hm9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qr6x-wvxr-8hm9",
-  "modified": "2026-03-23T20:39:10Z",
+  "modified": "2026-03-25T20:46:16Z",
   "published": "2026-03-23T20:39:10Z",
   "aliases": [
     "CVE-2026-32300"
@@ -65,6 +65,10 @@
       "type": "WEB",
       "url": "https://github.com/opensource-workshop/connect-cms/security/advisories/GHSA-qr6x-wvxr-8hm9"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32300"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/opensource-workshop/connect-cms/commit/7c9951738c62a1d51b91e9956d1eb756c5d52cce"
@@ -76,6 +80,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v1.41.1"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/opensource-workshop/connect-cms/releases/tag/v2.41.1"
     }
   ],
   "database_specific": {
@@ -86,6 +94,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-23T20:39:10Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-23T22:16:27Z"
   }
 }

advisories/github-reviewed/2026/03/GHSA-rm2q-f7jv-3cfp/GHSA-rm2q-f7jv-3cfp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rm2q-f7jv-3cfp",
-  "modified": "2026-03-23T20:43:43Z",
+  "modified": "2026-03-25T20:46:37Z",
   "published": "2026-03-23T20:43:43Z",
   "aliases": [
     "CVE-2026-33046"
@@ -40,6 +40,10 @@
       "type": "WEB",
       "url": "https://github.com/indico/indico/security/advisories/GHSA-rm2q-f7jv-3cfp"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33046"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/indico/indico/commit/0adb70f0ed66e129361d447868f5f3eb90dc5e96"
@@ -73,6 +77,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-03-23T20:43:43Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-03-23T23:17:12Z"
   }
 }