Skip to content

Commit d6ddad7

Browse files
author
Markus Kusano
committed
data/reports: add 47 UNREVIEWED reports
 - data/reports/GO-2025-4026.yaml - data/reports/GO-2025-4028.yaml - data/reports/GO-2025-4029.yaml - data/reports/GO-2025-4030.yaml - data/reports/GO-2025-4031.yaml - data/reports/GO-2025-4032.yaml - data/reports/GO-2025-4033.yaml - data/reports/GO-2025-4034.yaml - data/reports/GO-2025-4035.yaml - data/reports/GO-2025-4036.yaml - data/reports/GO-2025-4039.yaml - data/reports/GO-2025-4040.yaml - data/reports/GO-2025-4041.yaml - data/reports/GO-2025-4042.yaml - data/reports/GO-2025-4043.yaml - data/reports/GO-2025-4045.yaml - data/reports/GO-2025-4046.yaml - data/reports/GO-2025-4047.yaml - data/reports/GO-2025-4048.yaml - data/reports/GO-2025-4049.yaml - data/reports/GO-2025-4050.yaml - data/reports/GO-2025-4051.yaml - data/reports/GO-2025-4052.yaml - data/reports/GO-2025-4053.yaml - data/reports/GO-2025-4054.yaml - data/reports/GO-2025-4055.yaml - data/reports/GO-2025-4056.yaml - data/reports/GO-2025-4057.yaml - data/reports/GO-2025-4058.yaml - data/reports/GO-2025-4059.yaml - data/reports/GO-2025-4060.yaml - data/reports/GO-2025-4061.yaml - data/reports/GO-2025-4062.yaml - data/reports/GO-2025-4063.yaml - data/reports/GO-2025-4064.yaml - data/reports/GO-2025-4065.yaml - data/reports/GO-2025-4066.yaml - data/reports/GO-2025-4067.yaml - data/reports/GO-2025-4068.yaml - data/reports/GO-2025-4070.yaml - data/reports/GO-2025-4071.yaml - data/reports/GO-2025-4072.yaml - data/reports/GO-2025-4073.yaml - data/reports/GO-2025-4074.yaml - data/reports/GO-2025-4075.yaml - data/reports/GO-2025-4076.yaml - data/reports/GO-2025-4077.yaml Fixes #4026 Fixes #4028 Fixes #4029 Fixes #4030 Fixes #4031 Fixes #4032 Fixes #4033 Fixes #4034 Fixes #4035 Fixes #4036 Fixes #4039 Fixes #4040 Fixes #4041 Fixes #4042 Fixes #4043 Fixes #4045 Fixes #4046 Fixes #4047 Fixes #4048 Fixes #4049 Fixes #4050 Fixes #4051 Fixes #4052 Fixes #4053 Fixes #4054 Fixes #4055 Fixes #4056 Fixes #4057 Fixes #4058 Fixes #4059 Fixes #4060 Fixes #4061 Fixes #4062 Fixes #4063 Fixes #4064 Fixes #4065 Fixes #4066 Fixes #4067 Fixes #4068 Fixes #4070 Fixes #4071 Fixes #4072 Fixes #4073 Fixes #4074 Fixes #4075 Fixes #4076 Fixes #4077 Change-Id: Ibea9f6e3012e2f5d18173c0cc185d5dd8ce07f15 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/715780 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Ethan Lee <[email protected]>
1 parent 99277ea commit d6ddad7

File tree

94 files changed

+4188
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

94 files changed

+4188
-0
lines changed

data/osv/GO-2025-4026.json

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-4026",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-61524",
8+
"GHSA-5m9m-j5p7-m7f9"
9+
],
10+
"summary": "Casdoor is vulnerable to Improper Authorization in github.com/casdoor/casdoor",
11+
"details": "Casdoor is vulnerable to Improper Authorization in github.com/casdoor/casdoor.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/casdoor/casdoor before v2.63.0.",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/casdoor/casdoor",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {
29+
"custom_ranges": [
30+
{
31+
"type": "ECOSYSTEM",
32+
"events": [
33+
{
34+
"introduced": "0"
35+
},
36+
{
37+
"fixed": "2.63.0"
38+
}
39+
]
40+
}
41+
]
42+
}
43+
}
44+
],
45+
"references": [
46+
{
47+
"type": "ADVISORY",
48+
"url": "https://github.com/advisories/GHSA-5m9m-j5p7-m7f9"
49+
},
50+
{
51+
"type": "ADVISORY",
52+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61524"
53+
},
54+
{
55+
"type": "FIX",
56+
"url": "https://github.com/casdoor/casdoor/commit/d883db907bb6e0b95737ef8e8b57b7da9078cbdd"
57+
},
58+
{
59+
"type": "WEB",
60+
"url": "http://casdoor.com"
61+
},
62+
{
63+
"type": "WEB",
64+
"url": "https://gist.github.com/DevHjz/e75cea851d48e5f5478ac2a90757851a"
65+
},
66+
{
67+
"type": "WEB",
68+
"url": "https://github.com/casdoor/casdoor/releases/tag/v2.63.0"
69+
}
70+
],
71+
"database_specific": {
72+
"url": "https://pkg.go.dev/vuln/GO-2025-4026",
73+
"review_status": "UNREVIEWED"
74+
}
75+
}

data/osv/GO-2025-4028.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-4028",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-62375",
8+
"GHSA-72c7-4g63-hpw5"
9+
],
10+
"summary": "go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness",
11+
"details": "go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/in-toto/go-witness",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "0.9.1"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/in-toto/go-witness/security/advisories/GHSA-72c7-4g63-hpw5"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62375"
42+
},
43+
{
44+
"type": "FIX",
45+
"url": "https://github.com/in-toto/go-witness/commit/04ff20b600e28ce8fd1aa287534dd383a1cfefb9"
46+
}
47+
],
48+
"database_specific": {
49+
"url": "https://pkg.go.dev/vuln/GO-2025-4028",
50+
"review_status": "UNREVIEWED"
51+
}
52+
}

data/osv/GO-2025-4029.json

Lines changed: 141 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,141 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-4029",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-41410",
8+
"GHSA-3q4q-wqm6-hvf3"
9+
],
10+
"summary": "Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server",
11+
"details": "Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/mattermost/mattermost/server/v8 before v8.0.0-20250822083415-01b95392a450.",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/mattermost/mattermost-server",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "10.5.0+incompatible"
24+
},
25+
{
26+
"fixed": "10.5.11+incompatible"
27+
},
28+
{
29+
"introduced": "10.10.0+incompatible"
30+
},
31+
{
32+
"fixed": "10.10.3+incompatible"
33+
},
34+
{
35+
"introduced": "10.11.0+incompatible"
36+
},
37+
{
38+
"fixed": "10.11.3+incompatible"
39+
}
40+
]
41+
}
42+
],
43+
"ecosystem_specific": {}
44+
},
45+
{
46+
"package": {
47+
"name": "github.com/mattermost/mattermost-server/v5",
48+
"ecosystem": "Go"
49+
},
50+
"ranges": [
51+
{
52+
"type": "SEMVER",
53+
"events": [
54+
{
55+
"introduced": "0"
56+
}
57+
]
58+
}
59+
],
60+
"ecosystem_specific": {}
61+
},
62+
{
63+
"package": {
64+
"name": "github.com/mattermost/mattermost-server/v6",
65+
"ecosystem": "Go"
66+
},
67+
"ranges": [
68+
{
69+
"type": "SEMVER",
70+
"events": [
71+
{
72+
"introduced": "0"
73+
}
74+
]
75+
}
76+
],
77+
"ecosystem_specific": {}
78+
},
79+
{
80+
"package": {
81+
"name": "github.com/mattermost/mattermost/server/v8",
82+
"ecosystem": "Go"
83+
},
84+
"ranges": [
85+
{
86+
"type": "SEMVER",
87+
"events": [
88+
{
89+
"introduced": "0"
90+
}
91+
]
92+
}
93+
],
94+
"ecosystem_specific": {
95+
"custom_ranges": [
96+
{
97+
"type": "ECOSYSTEM",
98+
"events": [
99+
{
100+
"introduced": "0"
101+
},
102+
{
103+
"fixed": "8.0.0-20250822083415-01b95392a450"
104+
}
105+
]
106+
}
107+
]
108+
}
109+
}
110+
],
111+
"references": [
112+
{
113+
"type": "ADVISORY",
114+
"url": "https://github.com/advisories/GHSA-3q4q-wqm6-hvf3"
115+
},
116+
{
117+
"type": "ADVISORY",
118+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41410"
119+
},
120+
{
121+
"type": "WEB",
122+
"url": "https://github.com/mattermost/mattermost/commit/01b95392a450676407475596d1c041a047067329"
123+
},
124+
{
125+
"type": "WEB",
126+
"url": "https://github.com/mattermost/mattermost/commit/0d6e8fa2e4681a172a136db18001104a57f9c28e"
127+
},
128+
{
129+
"type": "WEB",
130+
"url": "https://github.com/mattermost/mattermost/commit/ef896a4ea60cacbe03124106e1f42e5c25276427"
131+
},
132+
{
133+
"type": "WEB",
134+
"url": "https://mattermost.com/security-updates"
135+
}
136+
],
137+
"database_specific": {
138+
"url": "https://pkg.go.dev/vuln/GO-2025-4029",
139+
"review_status": "UNREVIEWED"
140+
}
141+
}

0 commit comments

Comments
 (0)