[ { "advisoryKey": "GHSA-77vh-xpmg-72qh", "affectedPackages": [ { "type": "semver", "identifier": "go:github.com/opencontainers/image-spec", "platform": null, "versionRanges": [ { "fixedVersion": "1.0.2", "introducedVersion": null, "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": { "constraintExpression": "< 1.0.2", "exactValue": null, "fixed": "1.0.2", "fixedInclusive": false, "introduced": null, "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "lessThan" }, "vendorExtensions": { "ecosystem": "go", "package": "github.com/opencontainers/image-spec" } }, "provenance": { "source": "ghsa", "kind": "affected-range", "value": "go:github.com/opencontainers/image-spec", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4315301+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": "< 1.0.2", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "lt", "min": null, "minInclusive": null, "max": "1.0.2", "maxInclusive": false, "value": null, "notes": "ghsa:go:github.com/opencontainers/image-spec" } ], "statuses": [ { "provenance": { "source": "ghsa", "kind": "affected-status", "value": "go:github.com/opencontainers/image-spec", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4315301+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "affected" } ], "provenance": [ { "source": "ghsa", "kind": "affected", "value": "go:github.com/opencontainers/image-spec", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4315301+00:00", "fieldMask": [ "affectedpackages[]" ] } ] } ], "aliases": [ "GHSA-77vh-xpmg-72qh" ], "credits": [], "cvssMetrics": [], "exploitKnown": false, "language": "en", "modified": "2023-01-09T05:05:32+00:00", "provenance": [ { "source": "ghsa", "kind": "document", "value": "https://github.com/advisories/GHSA-77vh-xpmg-72qh", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4315294+00:00", "fieldMask": [ "advisory" ] }, { "source": "ghsa", "kind": "mapping", "value": "GHSA-77vh-xpmg-72qh", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4315301+00:00", "fieldMask": [ "advisory" ] } ], "published": "2021-11-18T16:02:41+00:00", "references": [], "severity": "low", "summary": "Clarify `mediaType` handling", "title": "Clarify `mediaType` handling" }, { "advisoryKey": "GHSA-7rjr-3q55-vv33", "affectedPackages": [ { "type": "semver", "identifier": "maven:org.apache.logging.log4j:log4j-core", "platform": null, "versionRanges": [ { "fixedVersion": "2.16.0", "introducedVersion": "2.13.0", "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": { "constraintExpression": ">= 2.13.0, < 2.16.0", "exactValue": null, "fixed": "2.16.0", "fixedInclusive": false, "introduced": "2.13.0", "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "range" }, "vendorExtensions": { "ecosystem": "maven", "package": "org.apache.logging.log4j:log4j-core" } }, "provenance": { "source": "ghsa", "kind": "affected-range", "value": "maven:org.apache.logging.log4j:log4j-core", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": ">= 2.13.0, < 2.16.0", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "range", "min": "2.13.0", "minInclusive": true, "max": "2.16.0", "maxInclusive": false, "value": null, "notes": "ghsa:maven:org.apache.logging.log4j:log4j-core" } ], "statuses": [ { "provenance": { "source": "ghsa", "kind": "affected-status", "value": "maven:org.apache.logging.log4j:log4j-core", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "affected" } ], "provenance": [ { "source": "ghsa", "kind": "affected", "value": "maven:org.apache.logging.log4j:log4j-core", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[]" ] } ] }, { "type": "semver", "identifier": "maven:org.apache.logging.log4j:log4j-core", "platform": null, "versionRanges": [ { "fixedVersion": "2.12.2", "introducedVersion": null, "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": { "constraintExpression": "< 2.12.2", "exactValue": null, "fixed": "2.12.2", "fixedInclusive": false, "introduced": null, "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "lessThan" }, "vendorExtensions": { "ecosystem": "maven", "package": "org.apache.logging.log4j:log4j-core" } }, "provenance": { "source": "ghsa", "kind": "affected-range", "value": "maven:org.apache.logging.log4j:log4j-core", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": "< 2.12.2", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "lt", "min": null, "minInclusive": null, "max": "2.12.2", "maxInclusive": false, "value": null, "notes": "ghsa:maven:org.apache.logging.log4j:log4j-core" } ], "statuses": [ { "provenance": { "source": "ghsa", "kind": "affected-status", "value": "maven:org.apache.logging.log4j:log4j-core", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "affected" } ], "provenance": [ { "source": "ghsa", "kind": "affected", "value": "maven:org.apache.logging.log4j:log4j-core", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[]" ] } ] }, { "type": "semver", "identifier": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "platform": null, "versionRanges": [ { "fixedVersion": "1.9.2", "introducedVersion": "1.8.0", "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": { "constraintExpression": ">= 1.8.0, < 1.9.2", "exactValue": null, "fixed": "1.9.2", "fixedInclusive": false, "introduced": "1.8.0", "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "range" }, "vendorExtensions": { "ecosystem": "maven", "package": "org.ops4j.pax.logging:pax-logging-log4j2" } }, "provenance": { "source": "ghsa", "kind": "affected-range", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": ">= 1.8.0, < 1.9.2", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "range", "min": "1.8.0", "minInclusive": true, "max": "1.9.2", "maxInclusive": false, "value": null, "notes": "ghsa:maven:org.ops4j.pax.logging:pax-logging-log4j2" } ], "statuses": [ { "provenance": { "source": "ghsa", "kind": "affected-status", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "affected" } ], "provenance": [ { "source": "ghsa", "kind": "affected", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[]" ] } ] }, { "type": "semver", "identifier": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "platform": null, "versionRanges": [ { "fixedVersion": "1.10.8", "introducedVersion": "1.10.0", "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": { "constraintExpression": ">= 1.10.0, < 1.10.8", "exactValue": null, "fixed": "1.10.8", "fixedInclusive": false, "introduced": "1.10.0", "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "range" }, "vendorExtensions": { "ecosystem": "maven", "package": "org.ops4j.pax.logging:pax-logging-log4j2" } }, "provenance": { "source": "ghsa", "kind": "affected-range", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": ">= 1.10.0, < 1.10.8", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "range", "min": "1.10.0", "minInclusive": true, "max": "1.10.8", "maxInclusive": false, "value": null, "notes": "ghsa:maven:org.ops4j.pax.logging:pax-logging-log4j2" } ], "statuses": [ { "provenance": { "source": "ghsa", "kind": "affected-status", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "affected" } ], "provenance": [ { "source": "ghsa", "kind": "affected", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[]" ] } ] }, { "type": "semver", "identifier": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "platform": null, "versionRanges": [ { "fixedVersion": "1.11.11", "introducedVersion": "1.11.0", "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": { "constraintExpression": ">= 1.11.0, < 1.11.11", "exactValue": null, "fixed": "1.11.11", "fixedInclusive": false, "introduced": "1.11.0", "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "range" }, "vendorExtensions": { "ecosystem": "maven", "package": "org.ops4j.pax.logging:pax-logging-log4j2" } }, "provenance": { "source": "ghsa", "kind": "affected-range", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": ">= 1.11.0, < 1.11.11", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "range", "min": "1.11.0", "minInclusive": true, "max": "1.11.11", "maxInclusive": false, "value": null, "notes": "ghsa:maven:org.ops4j.pax.logging:pax-logging-log4j2" } ], "statuses": [ { "provenance": { "source": "ghsa", "kind": "affected-status", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "affected" } ], "provenance": [ { "source": "ghsa", "kind": "affected", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[]" ] } ] }, { "type": "semver", "identifier": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "platform": null, "versionRanges": [ { "fixedVersion": "2.0.12", "introducedVersion": "2.0.0", "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": { "constraintExpression": ">= 2.0.0, < 2.0.12", "exactValue": null, "fixed": "2.0.12", "fixedInclusive": false, "introduced": "2.0.0", "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "range" }, "vendorExtensions": { "ecosystem": "maven", "package": "org.ops4j.pax.logging:pax-logging-log4j2" } }, "provenance": { "source": "ghsa", "kind": "affected-range", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": ">= 2.0.0, < 2.0.12", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "range", "min": "2.0.0", "minInclusive": true, "max": "2.0.12", "maxInclusive": false, "value": null, "notes": "ghsa:maven:org.ops4j.pax.logging:pax-logging-log4j2" } ], "statuses": [ { "provenance": { "source": "ghsa", "kind": "affected-status", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "affected" } ], "provenance": [ { "source": "ghsa", "kind": "affected", "value": "maven:org.ops4j.pax.logging:pax-logging-log4j2", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "affectedpackages[]" ] } ] } ], "aliases": [ "GHSA-7rjr-3q55-vv33" ], "credits": [ { "displayName": "afdesk", "role": "analyst", "contacts": [ "https://github.com/afdesk" ], "provenance": { "source": "ghsa", "kind": "credit", "value": "afdesk", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "credits[]" ] } }, { "displayName": "mrjonstrong", "role": "analyst", "contacts": [ "https://github.com/mrjonstrong" ], "provenance": { "source": "ghsa", "kind": "credit", "value": "mrjonstrong", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "credits[]" ] } }, { "displayName": "ppkarwasz", "role": "analyst", "contacts": [ "https://github.com/ppkarwasz" ], "provenance": { "source": "ghsa", "kind": "credit", "value": "ppkarwasz", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "credits[]" ] } } ], "cvssMetrics": [], "exploitKnown": false, "language": "en", "modified": "2025-05-09T12:28:41+00:00", "provenance": [ { "source": "ghsa", "kind": "document", "value": "https://github.com/advisories/GHSA-7rjr-3q55-vv33", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318432+00:00", "fieldMask": [ "advisory" ] }, { "source": "ghsa", "kind": "mapping", "value": "GHSA-7rjr-3q55-vv33", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4318439+00:00", "fieldMask": [ "advisory" ] } ], "published": "2021-12-14T18:01:28+00:00", "references": [], "severity": "critical", "summary": "Incomplete fix for Apache Log4j vulnerability", "title": "Incomplete fix for Apache Log4j vulnerability" }, { "advisoryKey": "GHSA-cjjf-27cc-pvmv", "affectedPackages": [ { "type": "semver", "identifier": "pip:pyload-ng", "platform": null, "versionRanges": [ { "fixedVersion": "0.5.0b3.dev91", "introducedVersion": null, "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": { "constraintExpression": "< 0.5.0b3.dev91", "exactValue": null, "fixed": "0.5.0b3.dev91", "fixedInclusive": false, "introduced": null, "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "lessThan" }, "vendorExtensions": { "ecosystem": "pip", "package": "pyload-ng" } }, "provenance": { "source": "ghsa", "kind": "affected-range", "value": "pip:pyload-ng", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4306422+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": "< 0.5.0b3.dev91", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "lt", "min": null, "minInclusive": null, "max": "0.5.0b3.dev91", "maxInclusive": false, "value": null, "notes": "ghsa:pip:pyload-ng" } ], "statuses": [ { "provenance": { "source": "ghsa", "kind": "affected-status", "value": "pip:pyload-ng", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4306422+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "affected" } ], "provenance": [ { "source": "ghsa", "kind": "affected", "value": "pip:pyload-ng", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4306422+00:00", "fieldMask": [ "affectedpackages[]" ] } ] } ], "aliases": [ "GHSA-cjjf-27cc-pvmv" ], "credits": [ { "displayName": "odaysec", "role": "reporter", "contacts": [ "https://github.com/odaysec" ], "provenance": { "source": "ghsa", "kind": "credit", "value": "odaysec", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4306422+00:00", "fieldMask": [ "credits[]" ] } } ], "cvssMetrics": [], "exploitKnown": false, "language": "en", "modified": "2025-10-09T15:19:48+00:00", "provenance": [ { "source": "ghsa", "kind": "document", "value": "https://github.com/advisories/GHSA-cjjf-27cc-pvmv", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.430641+00:00", "fieldMask": [ "advisory" ] }, { "source": "ghsa", "kind": "mapping", "value": "GHSA-cjjf-27cc-pvmv", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.4306422+00:00", "fieldMask": [ "advisory" ] } ], "published": "2025-10-09T15:19:48+00:00", "references": [], "severity": "high", "summary": "pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters", "title": "pyLoad CNL and captcha handlers allow Code Injection via unsanitized parameters" }, { "advisoryKey": "GHSA-wv4w-6qv2-qqfg", "affectedPackages": [ { "type": "semver", "identifier": "pip:social-auth-app-django", "platform": null, "versionRanges": [ { "fixedVersion": "5.6.0", "introducedVersion": null, "lastAffectedVersion": null, "primitives": { "evr": null, "hasVendorExtensions": true, "nevra": null, "semVer": { "constraintExpression": "< 5.6.0", "exactValue": null, "fixed": "5.6.0", "fixedInclusive": false, "introduced": null, "introducedInclusive": true, "lastAffected": null, "lastAffectedInclusive": false, "style": "lessThan" }, "vendorExtensions": { "ecosystem": "pip", "package": "social-auth-app-django" } }, "provenance": { "source": "ghsa", "kind": "affected-range", "value": "pip:social-auth-app-django", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.3823222+00:00", "fieldMask": [ "affectedpackages[].versionranges[]" ] }, "rangeExpression": "< 5.6.0", "rangeKind": "semver" } ], "normalizedVersions": [ { "scheme": "semver", "type": "lt", "min": null, "minInclusive": null, "max": "5.6.0", "maxInclusive": false, "value": null, "notes": "ghsa:pip:social-auth-app-django" } ], "statuses": [ { "provenance": { "source": "ghsa", "kind": "affected-status", "value": "pip:social-auth-app-django", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.3823222+00:00", "fieldMask": [ "affectedpackages[].statuses[]" ] }, "status": "affected" } ], "provenance": [ { "source": "ghsa", "kind": "affected", "value": "pip:social-auth-app-django", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.3823222+00:00", "fieldMask": [ "affectedpackages[]" ] } ] } ], "aliases": [ "GHSA-wv4w-6qv2-qqfg" ], "credits": [ { "displayName": "nijel", "role": "remediation_developer", "contacts": [ "https://github.com/nijel" ], "provenance": { "source": "ghsa", "kind": "credit", "value": "nijel", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.3823222+00:00", "fieldMask": [ "credits[]" ] } }, { "displayName": "mel-mason", "role": "reporter", "contacts": [ "https://github.com/mel-mason" ], "provenance": { "source": "ghsa", "kind": "credit", "value": "mel-mason", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.3823222+00:00", "fieldMask": [ "credits[]" ] } }, { "displayName": "vanya909", "role": "reporter", "contacts": [ "https://github.com/vanya909" ], "provenance": { "source": "ghsa", "kind": "credit", "value": "vanya909", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.3823222+00:00", "fieldMask": [ "credits[]" ] } } ], "cvssMetrics": [], "exploitKnown": false, "language": "en", "modified": "2025-10-09T17:08:06+00:00", "provenance": [ { "source": "ghsa", "kind": "document", "value": "https://github.com/advisories/GHSA-wv4w-6qv2-qqfg", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.3823199+00:00", "fieldMask": [ "advisory" ] }, { "source": "ghsa", "kind": "mapping", "value": "GHSA-wv4w-6qv2-qqfg", "decisionReason": null, "recordedAt": "2025-10-12T19:48:04.3823222+00:00", "fieldMask": [ "advisory" ] } ], "published": "2025-10-09T17:08:05+00:00", "references": [], "severity": "medium", "summary": "Python Social Auth - Django has unsafe account association", "title": "Python Social Auth - Django has unsafe account association" } ]