Skip to content

File tree

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-22m6-jvxh-3cc5",
4+
"modified": "2026-06-06T18:30:22Z",
5+
"published": "2026-06-06T18:30:22Z",
6+
"aliases": [
7+
"CVE-2026-11436"
8+
],
9+
"details": "A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirect_url results in cross site scripting. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11436"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://gist.github.com/TrebledJ/8af312cf797391ef7b50b94bb244333a"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-11436"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/822710"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/369016"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/369016/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-79"
50+
],
51+
"severity": "LOW",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-06-06T16:16:55Z"
55+
}
56+
}
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2g53-8j24-x4mg",
4+
"modified": "2026-06-06T18:30:22Z",
5+
"published": "2026-06-06T18:30:22Z",
6+
"aliases": [
7+
"CVE-2026-11440"
8+
],
9+
"details": "A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack remotely. Upgrading to version 15.0.6 is able to mitigate this issue. Upgrading the affected component is advised.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11440"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/theonedev/onedev/releases/tag/v15.0.6"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-11440"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/822956"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/369020"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/369020/cti"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.cnblogs.com/aibot/p/19994142"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-266"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-06-06T18:16:53Z"
59+
}
60+
}

advisories/unreviewed/2026/06/GHSA-2q4w-xq2r-5pg7/GHSA-2q4w-xq2r-5pg7.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-2q4w-xq2r-5pg7",
4-
"modified": "2026-06-05T00:31:43Z",
4+
"modified": "2026-06-06T18:30:21Z",
55
"published": "2026-06-05T00:31:43Z",
66
"aliases": [
77
"CVE-2026-11004"
88
],
99
"details": "Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -27,7 +32,7 @@
2732
"cwe_ids": [
2833
"CWE-125"
2934
],
30-
"severity": null,
35+
"severity": "MODERATE",
3136
"github_reviewed": false,
3237
"github_reviewed_at": null,
3338
"nvd_published_at": "2026-06-04T23:17:04Z"

advisories/unreviewed/2026/06/GHSA-3gm2-xqpg-6jw8/GHSA-3gm2-xqpg-6jw8.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3gm2-xqpg-6jw8",
4-
"modified": "2026-06-05T00:31:43Z",
4+
"modified": "2026-06-06T18:30:22Z",
55
"published": "2026-06-05T00:31:43Z",
66
"aliases": [
77
"CVE-2026-11012"
88
],
99
"details": "Use after free in Serial in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -27,7 +32,7 @@
2732
"cwe_ids": [
2833
"CWE-416"
2934
],
30-
"severity": null,
35+
"severity": "HIGH",
3136
"github_reviewed": false,
3237
"github_reviewed_at": null,
3338
"nvd_published_at": "2026-06-04T23:17:05Z"

advisories/unreviewed/2026/06/GHSA-4399-c2v8-9jhj/GHSA-4399-c2v8-9jhj.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,8 @@
3030
],
3131
"database_specific": {
3232
"cwe_ids": [
33-
"CWE-290"
33+
"CWE-290",
34+
"CWE-451"
3435
],
3536
"severity": "MODERATE",
3637
"github_reviewed": false,
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6g49-gvr8-2cj2",
4+
"modified": "2026-06-06T18:30:22Z",
5+
"published": "2026-06-06T18:30:22Z",
6+
"aliases": [
7+
"CVE-2026-11437"
8+
],
9+
"details": "A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11437"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://vuldb.com/cve/CVE-2026-11437"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/submit/822726"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/vuln/369017"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/369017/cti"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.notion.so/Server-Side-Request-Forgery-SSRF-in-go-fastdfs-web-Installation-Endpoint-35aea92a3c41806485ffeeac7e18126a"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-918"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-06-06T17:16:41Z"
55+
}
56+
}

advisories/unreviewed/2026/06/GHSA-c8ph-8mmv-92v8/GHSA-c8ph-8mmv-92v8.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-c8ph-8mmv-92v8",
4-
"modified": "2026-06-05T00:31:43Z",
4+
"modified": "2026-06-06T18:30:22Z",
55
"published": "2026-06-05T00:31:43Z",
66
"aliases": [
77
"CVE-2026-11010"
88
],
99
"details": "Use after free in WebShare in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -27,7 +32,7 @@
2732
"cwe_ids": [
2833
"CWE-416"
2934
],
30-
"severity": null,
35+
"severity": "HIGH",
3136
"github_reviewed": false,
3237
"github_reviewed_at": null,
3338
"nvd_published_at": "2026-06-04T23:17:04Z"

advisories/unreviewed/2026/06/GHSA-h2r6-4fc2-h3jv/GHSA-h2r6-4fc2-h3jv.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-h2r6-4fc2-h3jv",
4-
"modified": "2026-06-05T00:31:43Z",
4+
"modified": "2026-06-06T18:30:21Z",
55
"published": "2026-06-05T00:31:43Z",
66
"aliases": [
77
"CVE-2026-11009"
88
],
99
"details": "Use after free in USB in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -27,7 +32,7 @@
2732
"cwe_ids": [
2833
"CWE-416"
2934
],
30-
"severity": null,
35+
"severity": "CRITICAL",
3136
"github_reviewed": false,
3237
"github_reviewed_at": null,
3338
"nvd_published_at": "2026-06-04T23:17:04Z"

advisories/unreviewed/2026/06/GHSA-pfjw-jj6c-rrv7/GHSA-pfjw-jj6c-rrv7.json

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-pfjw-jj6c-rrv7",
4-
"modified": "2026-06-05T00:31:43Z",
4+
"modified": "2026-06-06T18:30:21Z",
55
"published": "2026-06-05T00:31:42Z",
66
"aliases": [
77
"CVE-2026-11006"
88
],
99
"details": "Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -27,7 +32,7 @@
2732
"cwe_ids": [
2833
"CWE-125"
2934
],
30-
"severity": null,
35+
"severity": "MODERATE",
3136
"github_reviewed": false,
3237
"github_reviewed_at": null,
3338
"nvd_published_at": "2026-06-04T23:17:04Z"
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-q98j-2qw6-gh6w",
4+
"modified": "2026-06-06T18:30:22Z",
5+
"published": "2026-06-06T18:30:22Z",
6+
"aliases": [
7+
"CVE-2026-11439"
8+
],
9+
"details": "A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of the argument project.parentId results in improper authorization. The attack may be performed from remote. Upgrading to version 15.0.6 can resolve this issue. It is recommended to upgrade the affected component.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11439"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/theonedev/onedev/releases/tag/v15.0.6"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/cve/CVE-2026-11439"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/822955"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/369019"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/369019/cti"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://www.cnblogs.com/aibot/p/19994142"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-266"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2026-06-06T18:16:53Z"
59+
}
60+
}

0 commit comments

Comments
 (0)