Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit c008f3540e7d · 2026-03-18T16:34:16.000Z
GHSA-2gmv-2r3v-jxj2 GHSA-4fhm-p86v-hwpx GHSA-8x34-9q3v-h7g8 GHSA-v3xv-8vc3-h2m6
diff --git a/advisories/github-reviewed/2026/03/GHSA-2gmv-2r3v-jxj2/GHSA-2gmv-2r3v-jxj2.json b/advisories/github-reviewed/2026/03/GHSA-2gmv-2r3v-jxj2/GHSA-2gmv-2r3v-jxj2.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2gmv-2r3v-jxj2",
+  "modified": "2026-03-18T16:33:46Z",
+  "published": "2026-03-18T16:33:46Z",
+  "aliases": [
+    "CVE-2026-33140"
+  ],
+  "summary": "Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution",
+  "details": "### Summary\nPySpector versions `<= 0.1.6` are affected by a stored Cross-Site Scripting (XSS) vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads (i.e. inside a string passed to `eval()` ), the flagged code snippet is interpolated into the HTML report without sanitization. Opening the generated report in a browser causes the embedded JavaScript to execute in the browser's local file context.\n\n### Impact\nAn attacker can craft a malicious Python file (for example, hosted in a public repository), designed to be scanned by PySpector. When a victim scans this file and opens the resulting HTML report, arbitrary JavaScript executes in their browser. While the `file://` context limits the attacker's ability to exfiltrate cookies or make credentialed requests, the following is still achievable:\n- Arbitrary DOM manipulation\n- Redirects to attacker-controlled pages\n- Theft of locally accessible data via `fetch()` or `XMLHttpRequest` to `file://` paths (browser-dependent)\n\nAny user of PySpector who scans untrusted code and generates HTML reports, is potentially affected.\n\n### PoC\n\nThe following steps reproduce the vulnerability on PySpector `<= 0.1.6`:\n1. Create a malicious Python file containing a JavaScript payload embedded in a string argument to `eval()`, and run PySpector against the file, generating an HTML report:\n<img width=\"871\" height=\"752\" alt=\"image\" src=\"https://github.com/user-attachments/assets/1b0a57f2-3632-4347-a9b7-6a94dc2e82b2\" />\n2. Open the generated HTML report in any browser:\n<img width=\"1920\" height=\"920\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a4075c4a-6153-41b4-ad77-81d009d7a9f8\" />",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "pyspector"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.1.7"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.1.6"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/ParzivalHack/PySpector/security/advisories/GHSA-2gmv-2r3v-jxj2"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/ParzivalHack/PySpector"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T16:33:46Z",
+    "nvd_published_at": null
+  }
+}
diff --git a/advisories/github-reviewed/2026/03/GHSA-4fhm-p86v-hwpx/GHSA-4fhm-p86v-hwpx.json b/advisories/github-reviewed/2026/03/GHSA-4fhm-p86v-hwpx/GHSA-4fhm-p86v-hwpx.json
@@ -1,19 +1,40 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4fhm-p86v-hwpx",
-  "modified": "2026-03-17T15:36:22Z",
+  "modified": "2026-03-18T16:32:54Z",
   "published": "2026-03-17T12:30:20Z",
   "aliases": [
     "CVE-2026-28779"
   ],
+  "summary": "Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications",
   "details": "Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url.\nThis allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full session takeover without attacking Airflow itself.\n\nUsers are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "apache-airflow"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3.0.0"
+            },
+            {
+              "fixed": "3.1.8"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -23,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/apache/airflow/pull/62771"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/apache/airflow"
+    },
     {
       "type": "WEB",
       "url": "https://lists.apache.org/thread/r4n5znb8mcq14wo9v8ndml36nxlksdqb"
@@ -37,8 +62,8 @@
       "CWE-668"
     ],
     "severity": "HIGH",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T16:32:54Z",
     "nvd_published_at": "2026-03-17T11:16:11Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-8x34-9q3v-h7g8/GHSA-8x34-9q3v-h7g8.json b/advisories/github-reviewed/2026/03/GHSA-8x34-9q3v-h7g8/GHSA-8x34-9q3v-h7g8.json
@@ -1,19 +1,40 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8x34-9q3v-h7g8",
-  "modified": "2026-03-17T15:36:23Z",
+  "modified": "2026-03-18T16:33:18Z",
   "published": "2026-03-17T12:30:20Z",
   "aliases": [
     "CVE-2026-30911"
   ],
+  "summary": "Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization",
   "details": "Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance.\n\n\nUsers are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "apache-airflow"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "3.0.0"
+            },
+            {
+              "fixed": "3.1.8"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -23,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/apache/airflow/pull/62886"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/apache/airflow"
+    },
     {
       "type": "WEB",
       "url": "https://lists.apache.org/thread/1rs2v7fcko2otl6n9ytthcj87cmsgx51"
@@ -37,8 +62,8 @@
       "CWE-862"
     ],
     "severity": "HIGH",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T16:33:18Z",
     "nvd_published_at": "2026-03-17T11:16:11Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/03/GHSA-v3xv-8vc3-h2m6/GHSA-v3xv-8vc3-h2m6.json b/advisories/github-reviewed/2026/03/GHSA-v3xv-8vc3-h2m6/GHSA-v3xv-8vc3-h2m6.json
@@ -0,0 +1,60 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-v3xv-8vc3-h2m6",
+  "modified": "2026-03-18T16:33:34Z",
+  "published": "2026-03-18T16:33:34Z",
+  "aliases": [
+    "CVE-2026-33139"
+  ],
+  "summary": "PySpector has a Plugin Sandbox Bypass leads to Arbitrary Code Execution",
+  "details": "### Summary\nPySpector versions `<= 0.1.6` are affected by a security validation bypass in the plugin system. The `validate_plugin_code()` function in `plugin_system.py`, performs static AST analysis to block dangerous API calls before a plugin is trusted and executed. However, the `internal resolve_name()` helper only handles `ast.Name` and `ast.Attribute` node types, returning `None` for all others. When a plugin uses indirect function calls via `getattr()` (such as `getattr(os, 'system')`) the outer call's func node is of type `ast.Call`, causing `resolve_name()` to return `None`, and the security check to be silently skipped. The plugin incorrectly passes the trust workflow, and executes arbitrary system commands on the user's machine when loaded.\n\n### Impact\nAn attacker who can deliver a malicious plugin file to a PySpector user and convince them to install it, can achieve arbitrary code execution on the user's local machine. Exploitation requires the victim to explicitly run `pyspector plugin install --trust` on the malicious file (a deliberate multi-step action that meaningfully limits the attack surface compared to passive vulnerabilities). However, the bypass directly undermines the security guarantee that `validate_plugin_code()` is designed to provide. Once the plugin is trusted and executed, the following is achievable:\n- Full read/write access to the local filesystem\n- Exfiltration of sensitive data and environment variables (i.e. API keys, credentials, etc...)\n- Establishment of persistence mechanisms\n- Lateral movement in CI/CD environments where PySpector runs with elevated permissions (pre-commit hooks and scheduled scans)\n\nAny user of PySpector who installs third-party plugins outside the official repository is potentially affected.\n\n### PoC\nThe following steps reproduce the vulnerability on PySpector `<= 0.1.6`:\n1. Create a malicious plugin file that uses getattr-based indirect calls to bypass AST validation, and confirm the validator incorrectly marks it as safe:\n<img width=\"1300\" height=\"675\" alt=\"image\" src=\"https://github.com/user-attachments/assets/4de3a0d1-1c77-4454-ad10-2369d5ca9997\" />\n2.  Run PySpector Plugin Validator module (this confirms the validator incorrectly marks the plugin as safe):\n<img width=\"908\" height=\"239\" alt=\"image\" src=\"https://github.com/user-attachments/assets/3e3b9603-4d95-4a39-be97-4163f6639599\" />\n3. Install and trust the plugin through the normal PySpector workflow:\n\n`pyspector plugin install /tmp/evil_plugin.py --trust`\n4. Execute the plugin, during a scan:\n`pyspector scan /any/target --plugin evil`",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "pyspector"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.1.7"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.1.6"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/ParzivalHack/PySpector/security/advisories/GHSA-v3xv-8vc3-h2m6"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/ParzivalHack/PySpector"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-184"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-18T16:33:34Z",
+    "nvd_published_at": null
+  }
+}
