Publish Advisories

GHSA-73m2-qfq3-56cx
GHSA-rc42-6c7j-7h5r
GHSA-vrmh-7wgx-mjw7
GHSA-52jj-6w68-3m25
GHSA-pw8j-vg82-pm6c
GHSA-7q4p-93g6-4wf9
GHSA-gf8x-6jh7-3mjv
GHSA-q3rr-g46f-jgqr
GHSA-4gpg-x7c9-xm4v
GHSA-8863-jfm6-35xm
GHSA-xfvc-4j77-wjcc

Author: advisory-database[bot]

advisories/github-reviewed/2025/04/GHSA-73m2-qfq3-56cx/GHSA-73m2-qfq3-56cx.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-73m2-qfq3-56cx",
-  "modified": "2025-04-24T16:36:08Z",
+  "modified": "2025-05-17T00:30:25Z",
   "published": "2025-04-24T12:31:28Z",
   "aliases": [
     "CVE-2025-27820"
@@ -59,6 +59,10 @@
     {
       "type": "WEB",
       "url": "https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20250516-0003"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2025/04/GHSA-rc42-6c7j-7h5r/GHSA-rc42-6c7j-7h5r.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rc42-6c7j-7h5r",
-  "modified": "2025-04-28T20:59:16Z",
+  "modified": "2025-05-17T00:30:25Z",
   "published": "2025-04-28T09:31:53Z",
   "aliases": [
     "CVE-2025-22235"
@@ -126,6 +126,10 @@
       "type": "PACKAGE",
       "url": "https://github.com/spring-projects/spring-boot"
     },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20250516-0010"
+    },
     {
       "type": "WEB",
       "url": "https://spring.io/security/cve-2025-22235"

advisories/unreviewed/2024/01/GHSA-vrmh-7wgx-mjw7/GHSA-vrmh-7wgx-mjw7.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vrmh-7wgx-mjw7",
-  "modified": "2024-01-04T15:30:23Z",
+  "modified": "2025-05-17T00:30:25Z",
   "published": "2024-01-04T15:30:23Z",
   "aliases": [
     "CVE-2023-3726"
   ],
-  "details": "OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.\n\n",
+  "details": "OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/unreviewed/2024/08/GHSA-52jj-6w68-3m25/GHSA-52jj-6w68-3m25.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-52jj-6w68-3m25",
-  "modified": "2024-08-27T12:30:44Z",
+  "modified": "2025-05-17T00:30:25Z",
   "published": "2024-08-27T12:30:44Z",
   "aliases": [
     "CVE-2024-8207"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://jira.mongodb.org/browse/SERVER-69507"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20250516-0009"
     }
   ],
   "database_specific": {

advisories/unreviewed/2024/09/GHSA-pw8j-vg82-pm6c/GHSA-pw8j-vg82-pm6c.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pw8j-vg82-pm6c",
-  "modified": "2024-09-10T15:31:04Z",
+  "modified": "2025-05-17T00:30:25Z",
   "published": "2024-09-10T15:31:04Z",
   "aliases": [
     "CVE-2024-8654"
@@ -22,6 +22,10 @@
     {
       "type": "WEB",
       "url": "https://jira.mongodb.org/browse/SERVER-71477"
+    },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20250516-0008"
     }
   ],
   "database_specific": {

advisories/unreviewed/2025/02/GHSA-7q4p-93g6-4wf9/GHSA-7q4p-93g6-4wf9.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7q4p-93g6-4wf9",
-  "modified": "2025-05-13T21:30:29Z",
+  "modified": "2025-05-17T00:30:25Z",
   "published": "2025-02-25T18:31:24Z",
   "aliases": [
     "CVE-2025-26600"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26600"
     },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20250516-0005"
+    },
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345252"

advisories/unreviewed/2025/02/GHSA-gf8x-6jh7-3mjv/GHSA-gf8x-6jh7-3mjv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gf8x-6jh7-3mjv",
-  "modified": "2025-05-13T21:30:30Z",
+  "modified": "2025-05-17T00:30:25Z",
   "published": "2025-02-25T18:31:24Z",
   "aliases": [
     "CVE-2025-26601"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26601"
     },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20250516-0004"
+    },
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345251"

advisories/unreviewed/2025/02/GHSA-q3rr-g46f-jgqr/GHSA-q3rr-g46f-jgqr.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q3rr-g46f-jgqr",
-  "modified": "2025-05-09T03:30:23Z",
+  "modified": "2025-05-17T00:30:25Z",
   "published": "2025-02-19T21:31:38Z",
   "aliases": [
     "CVE-2025-0624"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0624"
     },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20250516-0006"
+    },
     {
       "type": "WEB",
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346112"

advisories/unreviewed/2025/05/GHSA-4gpg-x7c9-xm4v/GHSA-4gpg-x7c9-xm4v.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4gpg-x7c9-xm4v",
+  "modified": "2025-05-17T00:30:25Z",
+  "published": "2025-05-17T00:30:25Z",
+  "aliases": [
+    "CVE-2025-4813"
+  ],
+  "details": "A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4813"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Pjwww13447/pjwww/issues/6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phpgurukul.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.309270"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.309270"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.573888"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-16T22:15:19Z"
+  }
+}

advisories/unreviewed/2025/05/GHSA-8863-jfm6-35xm/GHSA-8863-jfm6-35xm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8863-jfm6-35xm",
-  "modified": "2025-05-05T21:31:30Z",
+  "modified": "2025-05-17T00:30:25Z",
   "published": "2025-05-05T21:31:30Z",
   "aliases": [
     "CVE-2025-1493"
@@ -19,6 +19,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1493"
     },
+    {
+      "type": "WEB",
+      "url": "https://security.netapp.com/advisory/ntap-20250516-0001"
+    },
     {
       "type": "WEB",
       "url": "https://www.ibm.com/support/pages/node/7232518"

advisories/unreviewed/2025/05/GHSA-xfvc-4j77-wjcc/GHSA-xfvc-4j77-wjcc.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-xfvc-4j77-wjcc",
+  "modified": "2025-05-17T00:30:25Z",
+  "published": "2025-05-17T00:30:25Z",
+  "aliases": [
+    "CVE-2025-4812"
+  ],
+  "details": "A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4812"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Pjwww13447/pjwww/issues/5"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phpgurukul.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.309269"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.309269"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.573886"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-16T22:15:19Z"
+  }
+}