github
diff --git a/‎advisories/github-reviewed/2025/07/GHSA-hp97-5x6g-q538/GHSA-hp97-5x6g-q538.json
Lines changed: 65 additions & 0 deletions b/‎advisories/github-reviewed/2025/07/GHSA-hp97-5x6g-q538/GHSA-hp97-5x6g-q538.json
Lines changed: 65 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/06/GHSA-6638-j9qv-jr95/GHSA-6638-j9qv-jr95.json
Lines changed: 2 additions & 1 deletion b/‎advisories/unreviewed/2025/06/GHSA-6638-j9qv-jr95/GHSA-6638-j9qv-jr95.json
Lines changed: 2 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/07/GHSA-2hh4-c6pj-8p6j/GHSA-2hh4-c6pj-8p6j.json
Lines changed: 37 additions & 0 deletions b/‎advisories/unreviewed/2025/07/GHSA-2hh4-c6pj-8p6j/GHSA-2hh4-c6pj-8p6j.json
Lines changed: 37 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/07/GHSA-483x-j2mh-6x95/GHSA-483x-j2mh-6x95.json
Lines changed: 2 additions & 1 deletion b/‎advisories/unreviewed/2025/07/GHSA-483x-j2mh-6x95/GHSA-483x-j2mh-6x95.json
Lines changed: 2 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/07/GHSA-4qjg-x4v4-w4j9/GHSA-4qjg-x4v4-w4j9.json
Lines changed: 3 additions & 1 deletion b/‎advisories/unreviewed/2025/07/GHSA-4qjg-x4v4-w4j9/GHSA-4qjg-x4v4-w4j9.json
Lines changed: 3 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/07/GHSA-5f97-9cgp-7wqg/GHSA-5f97-9cgp-7wqg.json
Lines changed: 3 additions & 1 deletion b/‎advisories/unreviewed/2025/07/GHSA-5f97-9cgp-7wqg/GHSA-5f97-9cgp-7wqg.json
Lines changed: 3 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/07/GHSA-7vq6-w2cf-mm9v/GHSA-7vq6-w2cf-mm9v.json
Lines changed: 52 additions & 0 deletions b/‎advisories/unreviewed/2025/07/GHSA-7vq6-w2cf-mm9v/GHSA-7vq6-w2cf-mm9v.json
Lines changed: 52 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/07/GHSA-83j7-mhw9-388w/GHSA-83j7-mhw9-388w.json
Lines changed: 40 additions & 0 deletions b/‎advisories/unreviewed/2025/07/GHSA-83j7-mhw9-388w/GHSA-83j7-mhw9-388w.json
Lines changed: 40 additions & 0 deletions
diff --git a/‎advisories/unreviewed/2025/07/GHSA-86cj-mgp6-w7fc/GHSA-86cj-mgp6-w7fc.json
Lines changed: 2 additions & 1 deletion b/‎advisories/unreviewed/2025/07/GHSA-86cj-mgp6-w7fc/GHSA-86cj-mgp6-w7fc.json
Lines changed: 2 additions & 1 deletion
diff --git a/‎advisories/unreviewed/2025/07/GHSA-8rcq-pppp-w23j/GHSA-8rcq-pppp-w23j.json
Lines changed: 11 additions & 4 deletions b/‎advisories/unreviewed/2025/07/GHSA-8rcq-pppp-w23j/GHSA-8rcq-pppp-w23j.json
Lines changed: 11 additions & 4 deletions
@@ -0,0 +1,65 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hp97-5x6g-q538",
+  "modified": "2025-07-18T15:31:33Z",
+  "published": "2025-07-16T12:30:22Z",
+  "aliases": [
+    "CVE-2024-10031"
+  ],
+  "summary": "Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications",
+  "details": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.glassfish.main.admingui:console-common"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "last_affected": "7.0.25"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10031"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/eclipse-ee4j/glassfish"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/41"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/229"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": true,
+    "github_reviewed_at": "2025-07-18T15:31:22Z",
+    "nvd_published_at": "2025-07-16T11:15:23Z"
+  }
+}
@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-119"
+      "CWE-119",
+      "CWE-120"
     ],
     "severity": "HIGH",
     "github_reviewed": false,
 
@@ -0,0 +1,37 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2hh4-c6pj-8p6j",
+  "modified": "2025-07-18T15:31:57Z",
+  "published": "2025-07-18T15:31:57Z",
+  "aliases": [
+    "CVE-2025-46000"
+  ],
+  "details": "An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46000"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/simogeo/Filemanager/commit/c75b914"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/simogeo/Filemanager"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/zakumini/CVE-List/blob/main/CVE-2025-46000/CVE-2025-46000.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-18T15:15:27Z"
+  }
+}
@@ -46,7 +46,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-77"
+      "CWE-77",
+      "CWE-78"
     ],
     "severity": "HIGH",
     "github_reviewed": false,
 
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-502"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
 
@@ -25,7 +25,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-601"
+    ],
     "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
 
@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7vq6-w2cf-mm9v",
+  "modified": "2025-07-18T15:31:58Z",
+  "published": "2025-07-18T15:31:57Z",
+  "aliases": [
+    "CVE-2025-7788"
+  ],
+  "details": "A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\\main\\java\\com\\xxl\\job\\executor\\service\\jobhandler\\SampleXxlJob.java. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7788"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/xuxueli/xxl-job/issues/3750"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.316849"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.316849"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.615758"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-18T15:15:31Z"
+  }
+}
@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-83j7-mhw9-388w",
+  "modified": "2025-07-18T15:31:57Z",
+  "published": "2025-07-18T15:31:57Z",
+  "aliases": [
+    "CVE-2025-7784"
+  ],
+  "details": "A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7784"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/security/cve/CVE-2025-7784"
+    },
+    {
+      "type": "WEB",
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381861"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-269"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-07-18T14:15:26Z"
+  }
+}
@@ -42,7 +42,8 @@
   ],
   "database_specific": {
     "cwe_ids": [
-      "CWE-77"
+      "CWE-77",
+      "CWE-78"
     ],
     "severity": "MODERATE",
     "github_reviewed": false,
 
@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8rcq-pppp-w23j",
-  "modified": "2025-07-17T21:32:14Z",
+  "modified": "2025-07-18T15:31:55Z",
   "published": "2025-07-17T21:32:14Z",
   "aliases": [
     "CVE-2025-50240"
   ],
   "details": "nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2025-07-17T19:15:25Z"