Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2021/11/GHSA-69h8-fh92-ch8q/GHSA-69h8-fh92-ch8q.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-69h8-fh92-ch8q",
-  "modified": "2022-10-24T19:00:24Z",
+  "modified": "2026-04-15T21:30:13Z",
   "published": "2021-11-30T00:00:52Z",
   "aliases": [
     "CVE-2019-8921"

advisories/unreviewed/2021/11/GHSA-r763-g6p5-r323/GHSA-r763-g6p5-r323.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-r763-g6p5-r323",
-  "modified": "2022-10-24T19:00:24Z",
+  "modified": "2026-04-15T21:30:13Z",
   "published": "2021-11-30T00:00:51Z",
   "aliases": [
     "CVE-2019-8922"

advisories/unreviewed/2022/05/GHSA-32q7-x7q9-wcf9/GHSA-32q7-x7q9-wcf9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-32q7-x7q9-wcf9",
-  "modified": "2022-05-13T01:48:36Z",
+  "modified": "2026-04-15T21:30:13Z",
   "published": "2022-05-13T01:48:35Z",
   "aliases": [
     "CVE-2018-1000301"

advisories/unreviewed/2022/05/GHSA-pfc3-2w85-9453/GHSA-pfc3-2w85-9453.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pfc3-2w85-9453",
-  "modified": "2022-05-24T16:45:54Z",
+  "modified": "2026-04-15T21:30:13Z",
   "published": "2022-05-24T16:45:54Z",
   "aliases": [
     "CVE-2019-12098"
@@ -31,6 +31,14 @@
       "type": "WEB",
       "url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.6.0"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SLXXIF4LOQEAEDAF4UGP2AO6WDNTDFUB"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIXEDVVMPD6ZAJSMI2EZ7FNEIVNWE5PD"
@@ -65,7 +73,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-295"
+    ],
     "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2025/12/GHSA-vqjp-fh8j-rf3j/GHSA-vqjp-fh8j-rf3j.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vqjp-fh8j-rf3j",
-  "modified": "2025-12-17T18:31:32Z",
+  "modified": "2026-04-15T21:30:13Z",
   "published": "2025-12-05T18:31:12Z",
   "aliases": [
     "CVE-2025-34256"
@@ -35,6 +35,10 @@
       "type": "WEB",
       "url": "https://docs.deviceon.advantech.com/docs/resource"
     },
+    {
+      "type": "WEB",
+      "url": "https://pellera.com/blog/advantech-wise-deviceon-cve-2025-34256-vulnerability"
+    },
     {
       "type": "WEB",
       "url": "https://www.vulncheck.com/advisories/advantech-wise-deviceon-server-hardcoded-jwt-key-authentication-bypass"

advisories/unreviewed/2026/04/GHSA-2rw5-37w7-549x/GHSA-2rw5-37w7-549x.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2rw5-37w7-549x",
+  "modified": "2026-04-15T21:30:19Z",
+  "published": "2026-04-15T21:30:19Z",
+  "aliases": [
+    "CVE-2026-6359"
+  ],
+  "details": "Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6359"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/490251701"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-15T20:16:42Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-2xm3-5jp9-423w/GHSA-2xm3-5jp9-423w.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2xm3-5jp9-423w",
-  "modified": "2026-04-14T03:31:40Z",
+  "modified": "2026-04-15T21:30:16Z",
   "published": "2026-04-14T00:31:12Z",
   "aliases": [
     "CVE-2026-5086"
   ],
   "details": "Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.\n\nFor example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-208"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-13T23:16:27Z"

advisories/unreviewed/2026/04/GHSA-3347-qjpp-457v/GHSA-3347-qjpp-457v.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3347-qjpp-457v",
+  "modified": "2026-04-15T21:30:18Z",
+  "published": "2026-04-15T21:30:18Z",
+  "aliases": [
+    "CVE-2026-6299"
+  ],
+  "details": "Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6299"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/497053588"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-416"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-15T20:16:38Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3m3g-56cx-59q7/GHSA-3m3g-56cx-59q7.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3m3g-56cx-59q7",
+  "modified": "2026-04-15T21:30:19Z",
+  "published": "2026-04-15T21:30:19Z",
+  "aliases": [
+    "CVE-2026-6307"
+  ],
+  "details": "Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6307"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/497404188"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-843"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-15T20:16:39Z"
+  }
+}

advisories/unreviewed/2026/04/GHSA-3p5h-985r-gw4g/GHSA-3p5h-985r-gw4g.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3p5h-985r-gw4g",
+  "modified": "2026-04-15T21:30:18Z",
+  "published": "2026-04-15T21:30:18Z",
+  "aliases": [
+    "CVE-2026-6298"
+  ],
+  "details": "Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6298"
+    },
+    {
+      "type": "WEB",
+      "url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://issues.chromium.org/issues/495700484"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-122"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-04-15T20:16:38Z"
+  }
+}