Reclaiming PR after account suspension — restoring authorship and continuing GHSA work

advisories/github-reviewed/2017/10/GHSA-x6fg-f45m-jf5q/GHSA-x6fg-f45m-jf5q.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x6fg-f45m-jf5q",
-  "modified": "2021-09-21T22:15:35Z",
+  "modified": "2026-03-03T20:03:27Z",
   "published": "2017-10-24T18:33:36Z",
   "aliases": [
     "CVE-2015-8855"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.0.4"
             },
             {
               "fixed": "4.3.2"
@@ -40,10 +40,26 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8855"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/github/advisory-database/pull/7102"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/npm/node-semver/commit/5c4c9f6e26c7052a42b5ced2a7481c5c9b4363a0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/npm/node-semver/commit/c80180d8341a8ada0236815c29a2be59864afd70"
+    },
     {
       "type": "ADVISORY",
       "url": "https://github.com/advisories/GHSA-x6fg-f45m-jf5q"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/npm/node-semver"
+    },
     {
       "type": "WEB",
       "url": "https://www.npmjs.com/advisories/31"
@@ -68,6 +84,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2020-06-16T22:02:25Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2017-01-23T21:59:00Z"
   }
 }

advisories/github-reviewed/2019/07/GHSA-hf23-9pf7-388p/GHSA-hf23-9pf7-388p.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hf23-9pf7-388p",
-  "modified": "2025-04-01T16:33:05Z",
+  "modified": "2026-02-24T15:32:32Z",
   "published": "2019-07-26T16:09:47Z",
   "aliases": [
     "CVE-2019-10173"
@@ -25,17 +25,17 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.4.10"
             },
             {
               "fixed": "1.4.11"
             }
           ]
         }
       ],
-      "database_specific": {
-        "last_known_affected_version_range": "<= 1.4.10"
-      }
+      "versions": [
+        "1.4.10"
+      ]
     }
   ],
   "references": [

advisories/github-reviewed/2021/03/GHSA-5mg8-w23w-74h3/GHSA-5mg8-w23w-74h3.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-5mg8-w23w-74h3",
-  "modified": "2023-08-18T15:56:36Z",
+  "modified": "2026-02-23T22:45:53Z",
   "published": "2021-03-25T17:04:19Z",
   "aliases": [
     "CVE-2020-8908"
   ],
   "summary": "Information Disclosure in Guava",
-  "details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.\n",
+  "details": "A temp directory creation vulnerability exists in Guava prior to version 32.0.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava `com.google.common.io.Files.createTempDir()`. The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. Maintainers recommend explicitly changing the permissions after the creation of the directory, or removing uses of the vulnerable method.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2021/05/GHSA-pmqp-h87c-mr78/GHSA-pmqp-h87c-mr78.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pmqp-h87c-mr78",
-  "modified": "2023-09-29T15:22:47Z",
+  "modified": "2026-02-27T20:08:47Z",
   "published": "2021-05-18T15:38:48Z",
   "aliases": [
     "CVE-2019-11253"
@@ -125,6 +125,10 @@
       "type": "WEB",
       "url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs"
     },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2022-0703"
+    },
     {
       "type": "WEB",
       "url": "https://security.netapp.com/advisory/ntap-20191031-0006"
@@ -138,6 +142,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2021-05-17T21:06:33Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2019-10-17T16:15:10Z"
   }
 }

advisories/github-reviewed/2021/09/GHSA-7h6j-2268-fhcm/GHSA-7h6j-2268-fhcm.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7h6j-2268-fhcm",
-  "modified": "2022-07-16T04:16:14Z",
+  "modified": "2026-03-06T22:05:57Z",
   "published": "2021-09-02T22:00:01Z",
   "aliases": [
     "CVE-2020-9321"
   ],
-  "summary": "Improper Certificate Handling",
+  "summary": "Traefik has an Improper Certificate Handling issue",
   "details": "configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.",
   "severity": [
     {
@@ -40,10 +40,18 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9321"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/containous/traefik/pull/6281"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/traefik/traefik/pull/6281"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/containous/traefik/releases/tag/v2.1.4"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/traefik/traefik"

advisories/github-reviewed/2022/01/GHSA-39ph-wr67-j4xq/GHSA-39ph-wr67-j4xq.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-39ph-wr67-j4xq",
-  "modified": "2024-09-30T20:23:00Z",
+  "modified": "2026-02-27T20:17:55Z",
   "published": "2022-01-26T00:01:50Z",
   "aliases": [
     "CVE-2022-0338"
   ],
-  "summary": "loguru vulnerable to improper privilege management ",
-  "details": "Improper Privilege Management in Conda loguru prior to 0.5.3.",
+  "summary": "loguru logs sensitive information",
+  "details": "Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2022/01/GHSA-p5hj-xxfr-pwc3/GHSA-p5hj-xxfr-pwc3.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-p5hj-xxfr-pwc3",
-  "modified": "2022-01-27T18:32:42Z",
+  "modified": "2026-02-27T20:10:28Z",
   "published": "2022-01-21T18:02:39Z",
   "aliases": [
     "CVE-2022-0282"
   ],
   "summary": "Code Injection in microweber",
-  "details": "Code Injection in Packagist microweber/microweber prior to 1.2.11.",
+  "details": "Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2022/02/GHSA-254q-rqmw-vx45/GHSA-254q-rqmw-vx45.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-254q-rqmw-vx45",
-  "modified": "2022-02-24T13:05:38Z",
+  "modified": "2026-02-27T20:21:10Z",
   "published": "2022-02-16T00:01:52Z",
   "aliases": [
     "CVE-2022-0588"
   ],
-  "summary": "Exposure of Sensitive Information to an Unauthorized Actor in librenms",
-  "details": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist librenms/librenms prior to 22.2.0.",
+  "summary": "Missing Authorization in librenms/librenms",
+  "details": "Missing Authorization in Packagist librenms/librenms prior to 22.2.0.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8v38-pw62-9cw2",
-  "modified": "2025-12-20T03:15:43Z",
+  "modified": "2026-02-20T19:56:16Z",
   "published": "2022-02-18T00:00:33Z",
   "aliases": [
     "CVE-2022-0639"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.0.0"
             },
             {
               "fixed": "1.5.7"

advisories/github-reviewed/2022/02/GHSA-h9vc-2p9g-63gp/GHSA-h9vc-2p9g-63gp.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-h9vc-2p9g-63gp",
-  "modified": "2024-01-26T00:35:40Z",
+  "modified": "2026-02-27T20:14:49Z",
   "published": "2022-02-15T00:02:47Z",
   "aliases": [
     "CVE-2022-0565"
   ],
-  "summary": "Exposure of Sensitive Information to an Unauthorized Actor in pimcore",
-  "details": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist pimcore/pimcore prior to 10.3.1.",
+  "summary": "Cross-site Scripting in pimcore",
+  "details": "Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2022/02/GHSA-qpv2-jxc7-3638/GHSA-qpv2-jxc7-3638.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qpv2-jxc7-3638",
-  "modified": "2022-02-24T13:13:01Z",
+  "modified": "2026-02-27T20:20:07Z",
   "published": "2022-02-15T00:02:47Z",
   "aliases": [
     "CVE-2022-0569"
   ],
   "summary": "Exposure of Sensitive Information in snipe/snipe-it",
-  "details": "Snipe-IT prior to v5.3.10 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor.",
+  "details": "Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.10.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rqff-837h-mm52",
-  "modified": "2022-02-24T14:00:06Z",
+  "modified": "2026-02-20T19:56:07Z",
   "published": "2022-02-15T00:02:46Z",
   "aliases": [
     "CVE-2022-0512"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "0.1.0"
             },
             {
               "fixed": "1.5.6"

advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gx7g-wjxg-jwwj",
-  "modified": "2022-04-18T22:17:42Z",
+  "modified": "2026-02-18T23:33:34Z",
   "published": "2022-04-04T00:00:55Z",
   "aliases": [
     "CVE-2022-0088"
@@ -52,6 +52,10 @@
       "type": "WEB",
       "url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/yourls/yourls"

advisories/github-reviewed/2022/05/GHSA-hj57-j5cw-2mwp/GHSA-hj57-j5cw-2mwp.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hj57-j5cw-2mwp",
-  "modified": "2022-06-08T21:57:40Z",
+  "modified": "2026-03-11T19:49:57Z",
   "published": "2022-05-25T19:37:37Z",
   "aliases": [
     "CVE-2022-1706"
@@ -72,7 +72,7 @@
     },
     {
       "type": "PACKAGE",
-      "url": "github.com/coreos/ignition"
+      "url": "https://github.com/coreos/ignition"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2022/05/GHSA-j7j6-7hfx-5522/GHSA-j7j6-7hfx-5522.json

@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j7j6-7hfx-5522",
-  "modified": "2026-01-22T22:34:03Z",
+  "modified": "2026-02-25T14:07:30Z",
   "published": "2022-05-24T17:07:06Z",
   "withdrawn": "2026-01-22T22:34:03Z",
   "aliases": [],
   "summary": "Duplicate Advisory: Inconsistent Interpretation of HTTP Requests in Waitress",
-  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references.\n\n## Original Description\nWaitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-4ppp-gpcr-7qf6. This link is maintained to preserve external references.\n\n## Original Description\nWaitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.",
   "severity": [
     {
       "type": "CVSS_V3",

advisories/github-reviewed/2022/05/GHSA-q5rg-wg7h-73m5/GHSA-q5rg-wg7h-73m5.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q5rg-wg7h-73m5",
-  "modified": "2023-07-17T23:09:56Z",
+  "modified": "2026-03-06T15:10:27Z",
   "published": "2022-05-24T16:55:40Z",
   "aliases": [
     "CVE-2019-10665"
   ],
   "summary": "LibreNMS Information Disclosure",
-  "details": "An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (`html/includes/graphs/common.inc.php` and `html/includes/graphs/graphs.inc.php`) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with `mysqli_real_escape_string`, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the `html/graph.php` script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.",
+  "details": "An issue was discovered in LibreNMS through 1.47. The scripts that handle graphing options (`html/includes/graphs/common.inc.php` and `html/includes/graphs/graphs.inc.php`) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with `mysqli_real_escape_string`, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the `html/graph.php` script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -41,12 +41,8 @@
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10665"
     },
     {
-      "type": "WEB",
-      "url": "https://github.com/spaceraccoon/CVE-2020-10665"
-    },
-    {
-      "type": "WEB",
-      "url": "https://www.activecyber.us/activelabs/docker-desktop-local-privilege-escalation-cve-2020-10665"
+      "type": "PACKAGE",
+      "url": "https://github.com/librenms/librenms"
     },
     {
       "type": "WEB",

advisories/github-reviewed/2022/08/GHSA-3w5g-989p-35r8/GHSA-3w5g-989p-35r8.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3w5g-989p-35r8",
-  "modified": "2022-08-18T19:14:55Z",
+  "modified": "2026-03-06T22:40:31Z",
   "published": "2022-08-10T00:00:31Z",
   "aliases": [
     "CVE-2022-36125"

advisories/github-reviewed/2022/09/GHSA-x92g-49gh-63qm/GHSA-x92g-49gh-63qm.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x92g-49gh-63qm",
-  "modified": "2023-08-03T16:41:39Z",
+  "modified": "2026-02-27T20:47:54Z",
   "published": "2022-09-17T00:00:34Z",
   "aliases": [
     "CVE-2022-3225"
   ],
-  "summary": "Budibase Improper Access Control vulnerability",
-  "details": "Improper Access Control in GitHub repository budibase/budibase prior to 1.3.20.",
+  "summary": "Budibase Improper Control of Dynamically-Managed Code Resources vulnerability",
+  "details": "Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.",
   "severity": [
     {
       "type": "CVSS_V3",