Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit f90ac2fc1718 · 2026-06-09T10:47:33.000Z
GHSA-w65j-g6c7-g3m4 GHSA-7x36-h62w-vw65 GHSA-fgfm-hqjw-3265 GHSA-55wf-5m3q-6jjf
diff --git a/advisories/github-reviewed/2021/08/GHSA-w65j-g6c7-g3m4/GHSA-w65j-g6c7-g3m4.json b/advisories/github-reviewed/2021/08/GHSA-w65j-g6c7-g3m4/GHSA-w65j-g6c7-g3m4.json
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w65j-g6c7-g3m4",
-  "modified": "2021-08-24T19:13:30Z",
+  "modified": "2026-06-09T10:46:24Z",
   "published": "2021-08-25T20:42:50Z",
   "aliases": [],
   "summary": "Multiple memory safety issues in actix-web",
-  "details": "Affected versions contain multiple memory safety issues, such as:\n\n - Unsoundly coercing immutable references to mutable references\n - Unsoundly extending lifetimes of strings\n - Adding the `Send` marker trait to objects that cannot be safely sent between threads\n\nThis may result in a variety of memory corruption scenarios, most likely use-after-free.\n \nA signficant refactoring effort has been conducted to resolve these issues.\n",
+  "details": "Affected versions contain multiple memory safety issues, such as:\n\n - Unsoundly coercing immutable references to mutable references\n - Unsoundly extending lifetimes of strings\n - Adding the `Send` marker trait to objects that cannot be safely sent between threads\n\nThis may result in a variety of memory corruption scenarios, most likely use-after-free.\n \nA signficant refactoring effort has been conducted to resolve these issues.",
   "severity": [],
   "affected": [
     {
@@ -21,7 +21,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "0.7.15"
+              "fixed": "0.7.19"
             }
           ]
         }
diff --git a/advisories/github-reviewed/2022/01/GHSA-7x36-h62w-vw65/GHSA-7x36-h62w-vw65.json b/advisories/github-reviewed/2022/01/GHSA-7x36-h62w-vw65/GHSA-7x36-h62w-vw65.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-7x36-h62w-vw65",
-  "modified": "2022-01-06T18:34:36Z",
+  "modified": "2026-06-09T10:46:46Z",
   "published": "2022-01-06T22:18:58Z",
   "aliases": [
     "CVE-2018-25026"
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "0.7.15"
+              "fixed": "0.7.19"
             }
           ]
         }
diff --git a/advisories/github-reviewed/2022/01/GHSA-fgfm-hqjw-3265/GHSA-fgfm-hqjw-3265.json b/advisories/github-reviewed/2022/01/GHSA-fgfm-hqjw-3265/GHSA-fgfm-hqjw-3265.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fgfm-hqjw-3265",
-  "modified": "2022-01-06T18:35:59Z",
+  "modified": "2026-06-09T10:47:01Z",
   "published": "2022-01-06T22:18:46Z",
   "aliases": [
     "CVE-2018-25025"
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "0.7.15"
+              "fixed": "0.7.19"
             }
           ]
         }
diff --git a/advisories/github-reviewed/2026/04/GHSA-55wf-5m3q-6jjf/GHSA-55wf-5m3q-6jjf.json b/advisories/github-reviewed/2026/04/GHSA-55wf-5m3q-6jjf/GHSA-55wf-5m3q-6jjf.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-55wf-5m3q-6jjf",
-  "modified": "2026-05-13T13:38:05Z",
+  "modified": "2026-06-09T10:44:51Z",
   "published": "2026-04-29T21:01:55Z",
   "aliases": [
     "CVE-2026-42224"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "0.11.0"
             },
             {
               "fixed": "0.13.1"
@@ -36,6 +36,28 @@
       "database_specific": {
         "last_known_affected_version_range": "<= 0.13.0"
       }
+    },
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "ipl/web"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.10.3"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.10.2"
+      }
     }
   ],
   "references": [
@@ -55,6 +77,10 @@
       "type": "PACKAGE",
       "url": "https://github.com/Icinga/ipl-web"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Icinga/ipl-web/releases/tag/v0.10.3"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/Icinga/ipl-web/releases/tag/v0.13.1"

Original file line number	Diff line number	Diff line change
`@@ -1,11 +1,11 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-w65j-g6c7-g3m4",`
`4`		`- "modified": "2021-08-24T19:13:30Z",`
	`4`	`+ "modified": "2026-06-09T10:46:24Z",`
`5`	`5`	`"published": "2021-08-25T20:42:50Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "Multiple memory safety issues in actix-web",`
`8`		- "details": "Affected versions contain multiple memory safety issues, such as:\n\n - Unsoundly coercing immutable references to mutable references\n - Unsoundly extending lifetimes of strings\n - Adding the `Send` marker trait to objects that cannot be safely sent between threads\n\nThis may result in a variety of memory corruption scenarios, most likely use-after-free.\n \nA signficant refactoring effort has been conducted to resolve these issues.\n",
	`8`	+ "details": "Affected versions contain multiple memory safety issues, such as:\n\n - Unsoundly coercing immutable references to mutable references\n - Unsoundly extending lifetimes of strings\n - Adding the `Send` marker trait to objects that cannot be safely sent between threads\n\nThis may result in a variety of memory corruption scenarios, most likely use-after-free.\n \nA signficant refactoring effort has been conducted to resolve these issues.",
`9`	`9`	`"severity": [],`
`10`	`10`	`"affected": [`
`11`	`11`	`{`
`@@ -21,7 +21,7 @@`
`21`	`21`	`"introduced": "0"`
`22`	`22`	`},`
`23`	`23`	`{`
`24`		`- "fixed": "0.7.15"`
	`24`	`+ "fixed": "0.7.19"`
`25`	`25`	`}`
`26`	`26`	`]`
`27`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-7x36-h62w-vw65",`
`4`		`- "modified": "2022-01-06T18:34:36Z",`
	`4`	`+ "modified": "2026-06-09T10:46:46Z",`
`5`	`5`	`"published": "2022-01-06T22:18:58Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2018-25026"`
`@@ -28,7 +28,7 @@`
`28`	`28`	`"introduced": "0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`		`- "fixed": "0.7.15"`
	`31`	`+ "fixed": "0.7.19"`
`32`	`32`	`}`
`33`	`33`	`]`
`34`	`34`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-fgfm-hqjw-3265",`
`4`		`- "modified": "2022-01-06T18:35:59Z",`
	`4`	`+ "modified": "2026-06-09T10:47:01Z",`
`5`	`5`	`"published": "2022-01-06T22:18:46Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2018-25025"`
`@@ -28,7 +28,7 @@`
`28`	`28`	`"introduced": "0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`		`- "fixed": "0.7.15"`
	`31`	`+ "fixed": "0.7.19"`
`32`	`32`	`}`
`33`	`33`	`]`
`34`	`34`	`}`