{ "advisories": [ { "advisoryKey": "CVE-2025-1111", "affectedPackages": [ { "type": "semver", "identifier": "pkg:npm/example@1.0.0", "platform": null, "versionRanges": [ { "fixedVersion": "1.2.0", "introducedVersion": "1.0.0", "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": false, "nevra": null, "semVer": { "constraintExpression": ">=1.0.0,<1.2.0", "exactValue": null, "fixed": "1.2.0", "fixedInclusive": false, "introduced": "1.0.0", "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": true, "style": "range" }, "vendorExtensions": null }, "provenance": { "source": "ghsa", "kind": "map", "value": "range", "decisionReason": null, "recordedAt": "2025-10-19T12:00:00+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": ">=1.0.0,<1.2.0", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "range", "min": "1.0.0", "minInclusive": true, "max": "1.2.0", "maxInclusive": false, "value": null, "notes": null } ], "statuses": [ { "provenance": { "source": "ghsa", "kind": "map", "value": "status", "decisionReason": null, "recordedAt": "2025-10-19T12:00:00+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "fixed" } ], "provenance": [ { "source": "ghsa", "kind": "map", "value": "package", "decisionReason": null, "recordedAt": "2025-10-19T12:00:00+00:00", "fieldMask": [ "affectedpackages[]" ] } ] } ], "aliases": [ "GHSA-xxxx-xxxx-xxxx" ], "canonicalMetricId": "cvss::ghsa::CVE-2025-1111", "credits": [ { "displayName": "Security Researcher", "role": "reporter", "contacts": [ "mailto:researcher@example.com" ], "provenance": { "source": "ghsa", "kind": "map", "value": "credit", "decisionReason": null, "recordedAt": "2025-10-19T12:00:00+00:00", "fieldMask": [ "credits[]" ] } } ], "cvssMetrics": [ { "baseScore": 9.8, "baseSeverity": "critical", "provenance": { "source": "ghsa", "kind": "map", "value": "cvss", "decisionReason": null, "recordedAt": "2025-10-19T12:00:00+00:00", "fieldMask": [ "cvssmetrics[]" ] }, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "cwes": [ { "taxonomy": "cwe", "identifier": "CWE-79", "name": "Cross-site Scripting", "uri": "https://cwe.mitre.org/data/definitions/79.html", "provenance": [ { "source": "ghsa", "kind": "map", "value": "cwe", "decisionReason": null, "recordedAt": "2025-10-19T12:00:00+00:00", "fieldMask": [ "cwes[]" ] } ] } ], "description": "Deterministic test payload distributed via mirror.", "exploitKnown": false, "language": "en", "modified": "2025-10-11T00:00:00+00:00", "provenance": [ { "source": "ghsa", "kind": "map", "value": "advisory", "decisionReason": null, "recordedAt": "2025-10-19T12:00:00+00:00", "fieldMask": [ "advisory" ] } ], "published": "2025-10-10T00:00:00+00:00", "references": [ { "kind": "advisory", "provenance": { "source": "ghsa", "kind": "map", "value": "reference", "decisionReason": null, "recordedAt": "2025-10-19T12:00:00+00:00", "fieldMask": [ "references[]" ] }, "sourceTag": "vendor", "summary": "Vendor bulletin", "url": "https://example.com/advisory" } ], "severity": "high", "summary": "Upstream advisory replicated through StellaOps mirror.", "title": "Sample Mirror Advisory" } ], "advisoryCount": 1, "displayName": "Primary Mirror", "domainId": "primary", "generatedAt": "2025-10-19T12:00:00+00:00", "schemaVersion": 1, "sources": [ { "advisoryCount": 1, "firstRecordedAt": "2025-10-19T12:00:00+00:00", "lastRecordedAt": "2025-10-19T12:00:00+00:00", "source": "ghsa" } ], "targetRepository": "mirror-primary" }