Skip to content

Commit 52c2b8f

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-6qq6-2j27-fq65 GHSA-cj2w-m49h-94fj GHSA-h943-hrx6-86cq GHSA-jvhj-49gh-v77p
1 parent a094218 commit 52c2b8f

4 files changed

Lines changed: 165 additions & 1 deletion

File tree

advisories/unreviewed/2026/03/GHSA-6qq6-2j27-fq65/GHSA-6qq6-2j27-fq65.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-6qq6-2j27-fq65",
4+
"modified": "2026-03-21T12:31:37Z",
5+
"published": "2026-03-21T12:31:37Z",
6+
"aliases": [
7+
"CVE-2026-4515"
8+
],
9+
"details": "A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4515"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Ka7arotto/cve/blob/main/metagpt-rce1.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.352080"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.352080"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.773929"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-74"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-21T12:16:19Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-cj2w-m49h-94fj/GHSA-cj2w-m49h-94fj.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-cj2w-m49h-94fj",
4+
"modified": "2026-03-21T12:31:37Z",
5+
"published": "2026-03-21T12:31:37Z",
6+
"aliases": [
7+
"CVE-2026-4514"
8+
],
9+
"details": "A flaw has been found in PbootCMS up to 3.2.12. Affected by this issue is some unknown functionality of the file apps/admin/controller/system/UserController.php of the component Backend. Executing a manipulation of the argument Field can lead to improper access controls. The attack may be performed from remote. The exploit has been published and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4514"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/zzj-create/cvetest/blob/main/VULN-06_BACKEND_ARBITRARY_FIELD_MODIFICATION_REPORT_EN.md#vuln-06-pbootcms-3212-backend-arbitrary-field-modification"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.352079"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.352079"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.773907"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-266"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-21T11:17:06Z"
51+
}
52+
}

advisories/unreviewed/2026/03/GHSA-h943-hrx6-86cq/GHSA-h943-hrx6-86cq.json

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-h943-hrx6-86cq",
4-
"modified": "2026-03-19T18:31:17Z",
4+
"modified": "2026-03-21T12:31:37Z",
55
"published": "2026-03-19T12:30:32Z",
66
"aliases": [
77
"CVE-2006-10002"
@@ -23,10 +23,18 @@
2323
"type": "WEB",
2424
"url": "https://github.com/cpan-authors/XML-Parser/issues/64"
2525
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/cpan-authors/XML-Parser/commit/56b0509dfc6b559cd7555ea81ee62e3622069255.patch"
29+
},
2630
{
2731
"type": "WEB",
2832
"url": "https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch"
2933
},
34+
{
35+
"type": "WEB",
36+
"url": "https://metacpan.org/release/TODDR/XML-Parser-2.46/changes"
37+
},
3038
{
3139
"type": "WEB",
3240
"url": "https://rt.cpan.org/Ticket/Display.html?id=19859"

advisories/unreviewed/2026/03/GHSA-jvhj-49gh-v77p/GHSA-jvhj-49gh-v77p.json

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jvhj-49gh-v77p",
4+
"modified": "2026-03-21T12:31:37Z",
5+
"published": "2026-03-21T12:31:37Z",
6+
"aliases": [
7+
"CVE-2026-4513"
8+
],
9+
"details": "A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\\legacy\\base\\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4513"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Ka7arotto/cve/blob/main/vanna-text2sql/vanna-sql-rce.md"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.352078"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.352078"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.773906"
41+
}
42+
],
43+
"database_specific": {
44+
"cwe_ids": [
45+
"CWE-74"
46+
],
47+
"severity": "MODERATE",
48+
"github_reviewed": false,
49+
"github_reviewed_at": null,
50+
"nvd_published_at": "2026-03-21T10:16:23Z"
51+
}
52+
}

0 commit comments

Comments
 (0)