Advisory Database Sync

Author: advisory-database[bot]

advisories/github-reviewed/2026/02/GHSA-2qxw-7fmx-gqfm/GHSA-2qxw-7fmx-gqfm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2qxw-7fmx-gqfm",
-  "modified": "2026-03-26T21:31:19Z",
+  "modified": "2026-03-27T00:31:20Z",
   "published": "2026-02-02T06:30:53Z",
   "aliases": [
     "CVE-2026-1531"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/theforeman/foreman_kubevirt/commit/6c9973ee59c6fbec65f165eb9ea9dd4ebb6eeef1"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5968"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:5970"

advisories/github-reviewed/2026/02/GHSA-hfcp-477w-3wjw/GHSA-hfcp-477w-3wjw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hfcp-477w-3wjw",
-  "modified": "2026-03-26T21:31:19Z",
+  "modified": "2026-03-27T00:31:20Z",
   "published": "2026-02-27T09:30:29Z",
   "aliases": [
     "CVE-2026-0980"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/logicminds/rubyipmi/commit/252503a7b4dca68388165883b0322024e344a215"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5968"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:5970"

advisories/github-reviewed/2026/03/GHSA-5mg7-485q-xm76/GHSA-5mg7-485q-xm76.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5mg7-485q-xm76",
-  "modified": "2026-03-25T14:25:42Z",
+  "modified": "2026-03-27T00:32:11Z",
   "published": "2026-03-25T14:25:42Z",
   "aliases": [],
   "summary": "Two LiteLLM versions published containing credential harvesting malware",
@@ -33,6 +33,10 @@
       "type": "WEB",
       "url": "https://github.com/BerriAI/litellm/issues/24518"
     },
+    {
+      "type": "WEB",
+      "url": "https://docs.litellm.ai/blog/security-update-march-2026"
+    },
     {
       "type": "WEB",
       "url": "https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack"

advisories/github-reviewed/2026/03/GHSA-fwj4-6wgp-mpxm/GHSA-fwj4-6wgp-mpxm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fwj4-6wgp-mpxm",
-  "modified": "2026-03-18T17:25:29Z",
+  "modified": "2026-03-27T00:31:20Z",
   "published": "2026-03-17T15:36:23Z",
   "aliases": [
     "CVE-2026-4324"
@@ -44,6 +44,14 @@
       "type": "WEB",
       "url": "https://github.com/Katello/katello/commit/a0a793b08d4f0a897ee985d79a687ad043f99e57"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5968"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:5970"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2026-4324"

advisories/unreviewed/2025/10/GHSA-c25q-57mr-rv37/GHSA-c25q-57mr-rv37.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-c25q-57mr-rv37",
-  "modified": "2025-10-15T21:31:40Z",
+  "modified": "2026-03-27T00:31:19Z",
   "published": "2025-10-11T00:30:19Z",
   "aliases": [
     "CVE-2025-9551"
@@ -19,6 +19,14 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9551"
     },
+    {
+      "type": "WEB",
+      "url": "https://d7es.tag1.com/security-advisories/protected-pages-moderately-critical-access-bypass-sa-contrib-2025-101"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.herodevs.com/drupal/release-notes/protected-pages"
+    },
     {
       "type": "WEB",
       "url": "https://www.drupal.org/sa-contrib-2025-101"

advisories/unreviewed/2026/03/GHSA-39fw-r4pr-87rj/GHSA-39fw-r4pr-87rj.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-39fw-r4pr-87rj",
+  "modified": "2026-03-27T00:31:21Z",
+  "published": "2026-03-27T00:31:21Z",
+  "aliases": [
+    "CVE-2026-4903"
+  ],
+  "details": "A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4903"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lavender-bicycle-a5a.notion.site/Tenda_AC5_QuickIndex_PPPOEPassword-32053a41781f808dae98f99c99bcb21c?source=copy_link"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.353654"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.353654"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.777380"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.tenda.com.cn"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T23:16:21Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-42p8-rv8p-8h4j/GHSA-42p8-rv8p-8h4j.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-42p8-rv8p-8h4j",
+  "modified": "2026-03-27T00:31:21Z",
+  "published": "2026-03-27T00:31:21Z",
+  "aliases": [
+    "CVE-2026-3650"
+  ],
+  "details": "A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3650"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-083-01.json"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sourceforge.net/projects/gdcm"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-083-01"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-401"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T22:16:31Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4vj5-vh2w-8g5j/GHSA-4vj5-vh2w-8g5j.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4vj5-vh2w-8g5j",
+  "modified": "2026-03-27T00:31:21Z",
+  "published": "2026-03-27T00:31:21Z",
+  "aliases": [
+    "CVE-2026-34352"
+  ],
+  "details": "In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34352"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393"
+    },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/g/tigervnc-announce/c/anHL9WLshLI"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sourceforge.net/projects/tigervnc/files/stable/1.16.2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.openwall.com/lists/oss-security/2026/03/26/7"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-732"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T23:16:20Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-597g-qjqv-f858/GHSA-597g-qjqv-f858.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-597g-qjqv-f858",
+  "modified": "2026-03-27T00:31:21Z",
+  "published": "2026-03-27T00:31:21Z",
+  "aliases": [
+    "CVE-2026-4900"
+  ],
+  "details": "A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4900"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Online%20Food%20Ordering%20System%20in%20PHP%201.0%20%E2%80%93%20Sensitive%20Information%20Disclosure.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.353642"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.353642"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.776980"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-425"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T22:16:32Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-688g-4qr3-6q47/GHSA-688g-4qr3-6q47.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-688g-4qr3-6q47",
-  "modified": "2026-03-26T21:31:27Z",
+  "modified": "2026-03-27T00:31:20Z",
   "published": "2026-03-26T21:31:27Z",
   "aliases": [
     "CVE-2026-2271"
@@ -26,6 +26,10 @@
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438429"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.gnome.org/GNOME/gimp/-/issues/15732"
     }
   ],
   "database_specific": {