diff --git a/data/osv/GO-2024-3355.json b/data/osv/GO-2024-3355.json new file mode 100644 index 00000000..0349c4a2 --- /dev/null +++ b/data/osv/GO-2024-3355.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-3355", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-54148", + "GHSA-r7j8-5h9c-f6fx" + ], + "summary": "Remote Command Execution in file editing in gogs in gogs.io/gogs", + "details": "Remote Command Execution in file editing in gogs in gogs.io/gogs", + "affected": [ + { + "package": { + "name": "gogs.io/gogs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.13.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fx" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54148" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/commit/c94baec9ca923f38c19f0c7c5af722b9ec04022a" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/issues/7582" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/pull/7857" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-3355", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2024-3356.json b/data/osv/GO-2024-3356.json new file mode 100644 index 00000000..b3f9790e --- /dev/null +++ b/data/osv/GO-2024-3356.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-3356", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-55947", + "GHSA-qf5v-rp47-55gg" + ], + "summary": "Path Traversal in file update API in gogs in gogs.io/gogs", + "details": "Path Traversal in file update API in gogs in gogs.io/gogs", + "affected": [ + { + "package": { + "name": "gogs.io/gogs", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.13.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55gg" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55947" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/commit/9a9388ace25bd646f5098cb9193d983332c34e41" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/issues/7582" + }, + { + "type": "WEB", + "url": "https://github.com/gogs/gogs/pull/7859" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-3356", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2024-3357.json b/data/osv/GO-2024-3357.json new file mode 100644 index 00000000..9c5d1ff0 --- /dev/null +++ b/data/osv/GO-2024-3357.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-3357", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-56362", + "GHSA-xwx7-p63r-2rj8" + ], + "summary": "Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome", + "details": "Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome", + "affected": [ + { + "package": { + "name": "github.com/navidrome/navidrome", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.54.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/navidrome/navidrome/security/advisories/GHSA-xwx7-p63r-2rj8" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56362" + }, + { + "type": "FIX", + "url": "https://github.com/navidrome/navidrome/commit/7f030b0859653593fd2ac0df69f4a313f9caf9ff" + }, + { + "type": "FIX", + "url": "https://github.com/navidrome/navidrome/commit/9cbdb20a318a49daf95888b1fd207d4d729b55f1" + }, + { + "type": "WEB", + "url": "https://github.com/navidrome/navidrome/releases/tag/v0.54.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-3357", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2024-3358.json b/data/osv/GO-2024-3358.json new file mode 100644 index 00000000..a1e4acff --- /dev/null +++ b/data/osv/GO-2024-3358.json @@ -0,0 +1,77 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-3358", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-45387", + "GHSA-vq94-9pfv-ccqr" + ], + "summary": "SQL injection in Apache Traffic Control in github.com/apache/trafficcontrol", + "details": "SQL injection in Apache Traffic Control in github.com/apache/trafficcontrol", + "affected": [ + { + "package": { + "name": "github.com/apache/trafficcontrol", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/apache/trafficcontrol/v8", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "8.0.0" + }, + { + "fixed": "8.0.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-vq94-9pfv-ccqr" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45387" + }, + { + "type": "WEB", + "url": "http://www.openwall.com/lists/oss-security/2024/12/23/3" + }, + { + "type": "WEB", + "url": "https://github.com/apache/trafficcontrol/releases/tag/v8.0.2" + }, + { + "type": "WEB", + "url": "https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-3358", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2024-3359.json b/data/osv/GO-2024-3359.json new file mode 100644 index 00000000..c60647c8 --- /dev/null +++ b/data/osv/GO-2024-3359.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-3359", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-28892", + "GHSA-5qww-56gc-f66c" + ], + "summary": "GoCast OS Command Injection vulnerability in github.com/mayuresh82/gocast", + "details": "GoCast OS Command Injection vulnerability in github.com/mayuresh82/gocast", + "affected": [ + { + "package": { + "name": "github.com/mayuresh82/gocast", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-5qww-56gc-f66c" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28892" + }, + { + "type": "WEB", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1960" + }, + { + "type": "WEB", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1960" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-3359", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2024-3360.json b/data/osv/GO-2024-3360.json new file mode 100644 index 00000000..bd109995 --- /dev/null +++ b/data/osv/GO-2024-3360.json @@ -0,0 +1,57 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-3360", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-25133", + "GHSA-wgqq-9qh8-wvqv" + ], + "summary": "OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation in github.com/openshift/hive", + "details": "OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation in github.com/openshift/hive", + "affected": [ + { + "package": { + "name": "github.com/openshift/hive", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-wgqq-9qh8-wvqv" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25133" + }, + { + "type": "FIX", + "url": "https://github.com/openshift/hive/commit/5ba846620f9dbf49301dabb0d40cc980aabef4e0" + }, + { + "type": "FIX", + "url": "https://github.com/openshift/hive/pull/2306" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260372" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-3360", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2025-3361.json b/data/osv/GO-2025-3361.json new file mode 100644 index 00000000..375a543a --- /dev/null +++ b/data/osv/GO-2025-3361.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2025-3361", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-55196", + "GHSA-rv83-h68q-c4wq" + ], + "summary": "GoPhish sends cleartext passwords in github.com/gophish/gophish", + "details": "GoPhish sends cleartext passwords in github.com/gophish/gophish", + "affected": [ + { + "package": { + "name": "github.com/gophish/gophish", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-rv83-h68q-c4wq" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55196" + }, + { + "type": "WEB", + "url": "https://github.com/hexkaster/SecurityResearch/blob/main/CVE-2024-55196.md" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2025-3361", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2025-3362.json b/data/osv/GO-2025-3362.json new file mode 100644 index 00000000..a0609e15 --- /dev/null +++ b/data/osv/GO-2025-3362.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2025-3362", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2025-21609", + "GHSA-8fx8-pffw-w498" + ], + "summary": "SiYuan has an arbitrary file deletion vulnerability in github.com/siyuan-note/siyuan/kernel", + "details": "SiYuan has an arbitrary file deletion vulnerability in github.com/siyuan-note/siyuan/kernel", + "affected": [ + { + "package": { + "name": "github.com/siyuan-note/siyuan/kernel", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8fx8-pffw-w498" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21609" + }, + { + "type": "WEB", + "url": "https://github.com/siyuan-note/siyuan/commit/d9887aeec1b27073bec66299a9a4181dc42969f3" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2025-3362", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2025-3363.json b/data/osv/GO-2025-3363.json new file mode 100644 index 00000000..e717c363 --- /dev/null +++ b/data/osv/GO-2025-3363.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2025-3363", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-56514", + "GHSA-cwrh-575j-8vr3" + ], + "summary": "Karmada Tar Slips in CRDs archive extraction in github.com/karmada-io/karmada", + "details": "Karmada Tar Slips in CRDs archive extraction in github.com/karmada-io/karmada", + "affected": [ + { + "package": { + "name": "github.com/karmada-io/karmada", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.12.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/karmada-io/karmada/security/advisories/GHSA-cwrh-575j-8vr3" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56514" + }, + { + "type": "FIX", + "url": "https://github.com/karmada-io/karmada/commit/40ec488b18a461ab0f871d2c9ec8665b361f0d50" + }, + { + "type": "FIX", + "url": "https://github.com/karmada-io/karmada/commit/f78e7e2a3d02bed04e9bc7abd3ae7b3ac56862d2" + }, + { + "type": "FIX", + "url": "https://github.com/karmada-io/karmada/pull/5703" + }, + { + "type": "FIX", + "url": "https://github.com/karmada-io/karmada/pull/5713" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2025-3363", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2025-3364.json b/data/osv/GO-2025-3364.json new file mode 100644 index 00000000..2df3ad8b --- /dev/null +++ b/data/osv/GO-2025-3364.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2025-3364", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-56513", + "GHSA-mg7w-c9x2-xh7r" + ], + "summary": "Karmada PULL Mode Cluster Privilege Escalation in github.com/karmada-io/karmada", + "details": "Karmada PULL Mode Cluster Privilege Escalation in github.com/karmada-io/karmada", + "affected": [ + { + "package": { + "name": "github.com/karmada-io/karmada", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.12.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/karmada-io/karmada/security/advisories/GHSA-mg7w-c9x2-xh7r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56513" + }, + { + "type": "FIX", + "url": "https://github.com/karmada-io/karmada/commit/2c82055c4c7f469411b1ba48c4dba4841df04831" + }, + { + "type": "FIX", + "url": "https://github.com/karmada-io/karmada/pull/5793" + }, + { + "type": "WEB", + "url": "https://karmada.io/docs/administrator/security/component-permission" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2025-3364", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2024-3355.yaml b/data/reports/GO-2024-3355.yaml new file mode 100644 index 00000000..490ef5a4 --- /dev/null +++ b/data/reports/GO-2024-3355.yaml @@ -0,0 +1,21 @@ +id: GO-2024-3355 +modules: + - module: gogs.io/gogs + versions: + - fixed: 0.13.1 + vulnerable_at: 0.13.1-rc.1 +summary: Remote Command Execution in file editing in gogs in gogs.io/gogs +cves: + - CVE-2024-54148 +ghsas: + - GHSA-r7j8-5h9c-f6fx +references: + - advisory: https://github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fx + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-54148 + - web: https://github.com/gogs/gogs/commit/c94baec9ca923f38c19f0c7c5af722b9ec04022a + - web: https://github.com/gogs/gogs/issues/7582 + - web: https://github.com/gogs/gogs/pull/7857 +source: + id: GHSA-r7j8-5h9c-f6fx + created: 2025-01-06T15:05:50.06395-10:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2024-3356.yaml b/data/reports/GO-2024-3356.yaml new file mode 100644 index 00000000..101be07e --- /dev/null +++ b/data/reports/GO-2024-3356.yaml @@ -0,0 +1,21 @@ +id: GO-2024-3356 +modules: + - module: gogs.io/gogs + versions: + - fixed: 0.13.1 + vulnerable_at: 0.13.1-rc.1 +summary: Path Traversal in file update API in gogs in gogs.io/gogs +cves: + - CVE-2024-55947 +ghsas: + - GHSA-qf5v-rp47-55gg +references: + - advisory: https://github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55gg + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-55947 + - web: https://github.com/gogs/gogs/commit/9a9388ace25bd646f5098cb9193d983332c34e41 + - web: https://github.com/gogs/gogs/issues/7582 + - web: https://github.com/gogs/gogs/pull/7859 +source: + id: GHSA-qf5v-rp47-55gg + created: 2025-01-06T15:05:43.394749-10:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2024-3357.yaml b/data/reports/GO-2024-3357.yaml new file mode 100644 index 00000000..cea893d5 --- /dev/null +++ b/data/reports/GO-2024-3357.yaml @@ -0,0 +1,21 @@ +id: GO-2024-3357 +modules: + - module: github.com/navidrome/navidrome + versions: + - fixed: 0.54.1 + vulnerable_at: 0.54.0 +summary: Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome +cves: + - CVE-2024-56362 +ghsas: + - GHSA-xwx7-p63r-2rj8 +references: + - advisory: https://github.com/navidrome/navidrome/security/advisories/GHSA-xwx7-p63r-2rj8 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-56362 + - fix: https://github.com/navidrome/navidrome/commit/7f030b0859653593fd2ac0df69f4a313f9caf9ff + - fix: https://github.com/navidrome/navidrome/commit/9cbdb20a318a49daf95888b1fd207d4d729b55f1 + - web: https://github.com/navidrome/navidrome/releases/tag/v0.54.1 +source: + id: GHSA-xwx7-p63r-2rj8 + created: 2025-01-06T15:05:36.653544-10:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2024-3358.yaml b/data/reports/GO-2024-3358.yaml new file mode 100644 index 00000000..13b6c844 --- /dev/null +++ b/data/reports/GO-2024-3358.yaml @@ -0,0 +1,24 @@ +id: GO-2024-3358 +modules: + - module: github.com/apache/trafficcontrol + vulnerable_at: 7.0.1+incompatible + - module: github.com/apache/trafficcontrol/v8 + versions: + - introduced: 8.0.0 + - fixed: 8.0.2 + vulnerable_at: 8.0.2-rc0 +summary: SQL injection in Apache Traffic Control in github.com/apache/trafficcontrol +cves: + - CVE-2024-45387 +ghsas: + - GHSA-vq94-9pfv-ccqr +references: + - advisory: https://github.com/advisories/GHSA-vq94-9pfv-ccqr + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45387 + - web: http://www.openwall.com/lists/oss-security/2024/12/23/3 + - web: https://github.com/apache/trafficcontrol/releases/tag/v8.0.2 + - web: https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr +source: + id: GHSA-vq94-9pfv-ccqr + created: 2025-01-06T15:03:56.443447-10:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2024-3359.yaml b/data/reports/GO-2024-3359.yaml new file mode 100644 index 00000000..3fdf8ce1 --- /dev/null +++ b/data/reports/GO-2024-3359.yaml @@ -0,0 +1,20 @@ +id: GO-2024-3359 +modules: + - module: github.com/mayuresh82/gocast + unsupported_versions: + - last_affected: 1.1.3 + vulnerable_at: 1.1.3 +summary: GoCast OS Command Injection vulnerability in github.com/mayuresh82/gocast +cves: + - CVE-2024-28892 +ghsas: + - GHSA-5qww-56gc-f66c +references: + - advisory: https://github.com/advisories/GHSA-5qww-56gc-f66c + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-28892 + - web: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1960 + - web: https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1960 +source: + id: GHSA-5qww-56gc-f66c + created: 2025-01-06T15:03:49.886308-10:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2024-3360.yaml b/data/reports/GO-2024-3360.yaml new file mode 100644 index 00000000..a575e851 --- /dev/null +++ b/data/reports/GO-2024-3360.yaml @@ -0,0 +1,23 @@ +id: GO-2024-3360 +modules: + - module: github.com/openshift/hive + unsupported_versions: + - last_affected: 1.1.16 + vulnerable_at: 1.1.16 +summary: |- + OpenShift Hive RCE through AWS/Kubernetes client configuration leads to + privilege escalation in github.com/openshift/hive +cves: + - CVE-2024-25133 +ghsas: + - GHSA-wgqq-9qh8-wvqv +references: + - advisory: https://github.com/advisories/GHSA-wgqq-9qh8-wvqv + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-25133 + - fix: https://github.com/openshift/hive/commit/5ba846620f9dbf49301dabb0d40cc980aabef4e0 + - fix: https://github.com/openshift/hive/pull/2306 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=2260372 +source: + id: GHSA-wgqq-9qh8-wvqv + created: 2025-01-06T15:03:40.196135-10:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2025-3361.yaml b/data/reports/GO-2025-3361.yaml new file mode 100644 index 00000000..1b3c6168 --- /dev/null +++ b/data/reports/GO-2025-3361.yaml @@ -0,0 +1,19 @@ +id: GO-2025-3361 +modules: + - module: github.com/gophish/gophish + unsupported_versions: + - last_affected: 0.12.1 + vulnerable_at: 0.12.1 +summary: GoPhish sends cleartext passwords in github.com/gophish/gophish +cves: + - CVE-2024-55196 +ghsas: + - GHSA-rv83-h68q-c4wq +references: + - advisory: https://github.com/advisories/GHSA-rv83-h68q-c4wq + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-55196 + - web: https://github.com/hexkaster/SecurityResearch/blob/main/CVE-2024-55196.md +source: + id: GHSA-rv83-h68q-c4wq + created: 2025-01-06T15:03:35.066536-10:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2025-3362.yaml b/data/reports/GO-2025-3362.yaml new file mode 100644 index 00000000..210c501f --- /dev/null +++ b/data/reports/GO-2025-3362.yaml @@ -0,0 +1,17 @@ +id: GO-2025-3362 +modules: + - module: github.com/siyuan-note/siyuan/kernel + vulnerable_at: 0.0.0-20241231012955-adc819973b71 +summary: SiYuan has an arbitrary file deletion vulnerability in github.com/siyuan-note/siyuan/kernel +cves: + - CVE-2025-21609 +ghsas: + - GHSA-8fx8-pffw-w498 +references: + - advisory: https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8fx8-pffw-w498 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-21609 + - web: https://github.com/siyuan-note/siyuan/commit/d9887aeec1b27073bec66299a9a4181dc42969f3 +source: + id: GHSA-8fx8-pffw-w498 + created: 2025-01-06T15:03:30.037888-10:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2025-3363.yaml b/data/reports/GO-2025-3363.yaml new file mode 100644 index 00000000..481f664b --- /dev/null +++ b/data/reports/GO-2025-3363.yaml @@ -0,0 +1,22 @@ +id: GO-2025-3363 +modules: + - module: github.com/karmada-io/karmada + versions: + - fixed: 1.12.0 + vulnerable_at: 1.12.0-beta.0 +summary: Karmada Tar Slips in CRDs archive extraction in github.com/karmada-io/karmada +cves: + - CVE-2024-56514 +ghsas: + - GHSA-cwrh-575j-8vr3 +references: + - advisory: https://github.com/karmada-io/karmada/security/advisories/GHSA-cwrh-575j-8vr3 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-56514 + - fix: https://github.com/karmada-io/karmada/commit/40ec488b18a461ab0f871d2c9ec8665b361f0d50 + - fix: https://github.com/karmada-io/karmada/commit/f78e7e2a3d02bed04e9bc7abd3ae7b3ac56862d2 + - fix: https://github.com/karmada-io/karmada/pull/5703 + - fix: https://github.com/karmada-io/karmada/pull/5713 +source: + id: GHSA-cwrh-575j-8vr3 + created: 2025-01-06T15:03:22.12922-10:00 +review_status: UNREVIEWED diff --git a/data/reports/GO-2025-3364.yaml b/data/reports/GO-2025-3364.yaml new file mode 100644 index 00000000..af44b4d4 --- /dev/null +++ b/data/reports/GO-2025-3364.yaml @@ -0,0 +1,21 @@ +id: GO-2025-3364 +modules: + - module: github.com/karmada-io/karmada + versions: + - fixed: 1.12.0 + vulnerable_at: 1.12.0-beta.0 +summary: Karmada PULL Mode Cluster Privilege Escalation in github.com/karmada-io/karmada +cves: + - CVE-2024-56513 +ghsas: + - GHSA-mg7w-c9x2-xh7r +references: + - advisory: https://github.com/karmada-io/karmada/security/advisories/GHSA-mg7w-c9x2-xh7r + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-56513 + - fix: https://github.com/karmada-io/karmada/commit/2c82055c4c7f469411b1ba48c4dba4841df04831 + - fix: https://github.com/karmada-io/karmada/pull/5793 + - web: https://karmada.io/docs/administrator/security/component-permission +source: + id: GHSA-mg7w-c9x2-xh7r + created: 2025-01-06T15:03:13.982436-10:00 +review_status: UNREVIEWED