Skip to content

Commit 5a399aa

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-8cw2-hw77-mrmj GHSA-jc9r-qcgw-fxq9 GHSA-pff4-9qxc-79mq
1 parent f2d043b commit 5a399aa

File tree

3 files changed

+164
-0
lines changed

3 files changed

+164
-0
lines changed

advisories/unreviewed/2025/06/GHSA-8cw2-hw77-mrmj/GHSA-8cw2-hw77-mrmj.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-8cw2-hw77-mrmj",
4+
"modified": "2025-06-23T00:30:19Z",
5+
"published": "2025-06-23T00:30:19Z",
6+
"aliases": [
7+
"CVE-2025-6496"
8+
],
9+
"details": "A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6496"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/htacg/tidy-html5/issues/1141"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/user-attachments/files/19652942/tidy-html5_crash.txt"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.313612"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.313612"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.601007"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-404"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-06-23T00:15:23Z"
55+
}
56+
}

advisories/unreviewed/2025/06/GHSA-jc9r-qcgw-fxq9/GHSA-jc9r-qcgw-fxq9.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jc9r-qcgw-fxq9",
4+
"modified": "2025-06-23T00:30:19Z",
5+
"published": "2025-06-23T00:30:19Z",
6+
"aliases": [
7+
"CVE-2025-6494"
8+
],
9+
"details": "A vulnerability was found in sparklemotion nokogiri up to 1.18.7. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6494"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/sparklemotion/nokogiri/issues/3508"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.313611"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.313611"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.601006"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-06-22T23:15:20Z"
55+
}
56+
}

advisories/unreviewed/2025/06/GHSA-pff4-9qxc-79mq/GHSA-pff4-9qxc-79mq.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-pff4-9qxc-79mq",
4+
"modified": "2025-06-23T00:30:19Z",
5+
"published": "2025-06-23T00:30:19Z",
6+
"aliases": [
7+
"CVE-2025-6493"
8+
],
9+
"details": "A vulnerability was found in CodeMirror up to 5.17.0 and classified as problematic. Affected by this issue is some unknown functionality of the file mode/markdown/markdown.js of the component Markdown Mode. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that \"CodeMirror 6 exists, and is [...] much more actively maintained.\"",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6493"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/codemirror/codemirror5/issues/7128"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.313610"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.313610"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.598875"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-400"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2025-06-22T22:15:22Z"
51+
}
52+
}

0 commit comments

Comments
 (0)