Publish Advisories

GHSA-32x4-hg4x-w43c
GHSA-9wcm-fcg4-668c
GHSA-gxc3-xj8w-g58j
GHSA-hjxq-7w9q-2jw6

Author: advisory-database[bot]

advisories/unreviewed/2026/04/GHSA-32x4-hg4x-w43c/GHSA-32x4-hg4x-w43c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-32x4-hg4x-w43c",
-  "modified": "2026-04-09T00:31:59Z",
+  "modified": "2026-04-11T06:31:13Z",
   "published": "2026-04-09T00:31:59Z",
   "aliases": [
     "CVE-2026-5875"
   ],
   "details": "Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -24,8 +29,10 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
-    "severity": null,
+    "cwe_ids": [
+      "CWE-639"
+    ],
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T22:16:27Z"

advisories/unreviewed/2026/04/GHSA-9wcm-fcg4-668c/GHSA-9wcm-fcg4-668c.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9wcm-fcg4-668c",
-  "modified": "2026-04-09T00:31:59Z",
+  "modified": "2026-04-11T06:31:14Z",
   "published": "2026-04-09T00:31:59Z",
   "aliases": [
     "CVE-2026-5876"
   ],
   "details": "Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-1300"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T22:16:27Z"

advisories/unreviewed/2026/04/GHSA-gxc3-xj8w-g58j/GHSA-gxc3-xj8w-g58j.json

@@ -1,13 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gxc3-xj8w-g58j",
-  "modified": "2026-04-09T00:32:00Z",
+  "modified": "2026-04-11T06:31:13Z",
   "published": "2026-04-09T00:31:59Z",
   "aliases": [
     "CVE-2026-5874"
   ],
   "details": "Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
+    }
+  ],
   "affected": [],
   "references": [
     {
@@ -27,7 +32,7 @@
     "cwe_ids": [
       "CWE-416"
     ],
-    "severity": null,
+    "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-04-08T22:16:27Z"

advisories/unreviewed/2026/04/GHSA-hjxq-7w9q-2jw6/GHSA-hjxq-7w9q-2jw6.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hjxq-7w9q-2jw6",
-  "modified": "2026-04-10T18:31:20Z",
+  "modified": "2026-04-11T06:31:14Z",
   "published": "2026-04-10T18:31:20Z",
   "aliases": [
     "CVE-2026-1502"
@@ -34,6 +34,10 @@
     {
       "type": "WEB",
       "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3"
+    },
+    {
+      "type": "WEB",
+      "url": "http://www.openwall.com/lists/oss-security/2026/04/11/4"
     }
   ],
   "database_specific": {