[automatic] Publish 4 advisories for 4 packages

[jlsec-bot]

This action searched recent NVD/EUVD changes/publications, checking 495 (+0) advisories from NVD and 313 (+352) from EUVD for advisories that pertain here. It identified 4 advisories as being related to the Julia package(s): Git_jll, LibVPX_jll, ImageMagick_jll, and libwebp_jll.

2 advisories apply to all registered versions of a package

These advisories had no obvious failures but computed a range without bounds.

• CVE-2023-5217 for packages: LibVPX_jll
  • LibVPX_jll computed ["*"]. Its latest version (1.15.2+0) has components: {libvpx = "*"}
    • webmproject:libvpx at < 1.13.1 includes all versions
• CVE-2025-62171 for packages: ImageMagick_jll
  • ImageMagick_jll computed ["*"]. Its latest version (7.1.2005+0) has components: {imagemagick = "7.1.2-3"}
    • imagemagick:imagemagick at >= 7.0.0-0, < 7.1.2-7 mapped to [>= 7.1.0+0], includes the latest version`

2 advisories found concrete vulnerable ranges

• CVE-2023-4863 for packages: libwebp_jll
  • libwebp_jll computed ["< 1.3.2+0"]. Its latest version (1.6.0+0) has components: {libwebp = "1.6.0"}
• CVE-2025-48384 for packages: Git_jll
  • Git_jll computed ["< 2.50.1+0"]. Its latest version (2.51.2+0) has components: {git-for-windows = "2.51.1.windows.1", git = "2.51.1"}