diff --git a/advisories/published/2025/JLSEC-0000-mnss5i5ta-1j3fvky.md b/advisories/published/2025/JLSEC-0000-mnss5i5ta-1j3fvky.md
new file mode 100644
index 00000000..7c20d52e
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5i5ta-1j3fvky.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5i5ta-1j3fvky"
+modified = 2025-11-04T03:25:41.998Z
+upstream = ["CVE-2017-5950"]
+references = ["http://www.securityfocus.com/bid/97307", "https://github.com/jbeder/yaml-cpp/issues/459", "http://seclists.org/fulldisclosure/2024/Nov/0", "http://www.securityfocus.com/bid/97307", "https://github.com/jbeder/yaml-cpp/issues/459"]
+
+[[affected]]
+pkg = "yaml_cpp_jll"
+ranges = ["< 0.6.3+0"]
+
+[[jlsec_sources]]
+id = "CVE-2017-5950"
+imported = 2025-11-04T03:25:41.980Z
+modified = 2025-11-03T22:15:43.977Z
+published = 2017-04-03T05:59:00.800Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2017-5950"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2017-5950"
+```
+
+# The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers...
+
+The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5iczu-kbr10h.md b/advisories/published/2025/JLSEC-0000-mnss5iczu-kbr10h.md
new file mode 100644
index 00000000..290cb75f
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5iczu-kbr10h.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5iczu-kbr10h"
+modified = 2025-11-04T03:25:51.306Z
+upstream = ["CVE-2021-29338"]
+references = ["https://github.com/uclouvain/openjpeg/issues/1338", "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/", "https://security.gentoo.org/glsa/202209-04", "https://github.com/uclouvain/openjpeg/issues/1338", "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/", "https://security.gentoo.org/glsa/202209-04"]
+
+[[affected]]
+pkg = "OpenJpeg_jll"
+ranges = [">= 2.4.0+0, < 2.5.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-29338"
+imported = 2025-11-04T03:25:51.306Z
+modified = 2025-11-03T20:15:46.223Z
+published = 2021-04-14T14:15:14.133Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-29338"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-29338"
+```
+
+# Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Deni...
+
+Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5idbt-ntog76.md b/advisories/published/2025/JLSEC-0000-mnss5idbt-ntog76.md
new file mode 100644
index 00000000..a9410d77
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5idbt-ntog76.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5idbt-ntog76"
+modified = 2025-11-04T03:25:51.737Z
+upstream = ["CVE-2021-29921"]
+references = ["https://bugs.python.org/issue36384", "https://docs.python.org/3/library/ipaddress.html", "https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst", "https://github.com/python/cpython/pull/12577", "https://github.com/python/cpython/pull/25099", "https://github.com/sickcodes", "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md", "https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html", "https://security.gentoo.org/glsa/202305-02", "https://security.netapp.com/advisory/ntap-20210622-0003/", "https://sick.codes/sick-2021-014", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://bugs.python.org/issue36384", "https://docs.python.org/3/library/ipaddress.html", "https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst", "https://github.com/python/cpython/pull/12577", "https://github.com/python/cpython/pull/25099", "https://github.com/sickcodes", "https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html", "https://security.gentoo.org/glsa/202305-02", "https://security.netapp.com/advisory/ntap-20210622-0003/", "https://sick.codes/sick-2021-014", "https://www.oracle.com//security-alerts/cpujul2021.html", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.7+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-29921"
+imported = 2025-11-04T03:25:51.737Z
+modified = 2025-11-03T22:15:48.057Z
+published = 2021-05-06T13:15:12.573Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-29921"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-29921"
+```
+
+# In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an...
+
+In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ido5-ntjkh7.md b/advisories/published/2025/JLSEC-0000-mnss5ido5-ntjkh7.md
new file mode 100644
index 00000000..3c31d2e1
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ido5-ntjkh7.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ido5-ntjkh7"
+modified = 2025-11-04T03:25:52.181Z
+upstream = ["CVE-2021-3426"]
+references = ["https://bugzilla.redhat.com/show_bug.cgi?id=1935913", "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/", "https://security.gentoo.org/glsa/202104-04", "https://security.netapp.com/advisory/ntap-20210629-0003/", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1935913", "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/", "https://security.gentoo.org/glsa/202104-04", "https://security.netapp.com/advisory/ntap-20210629-0003/", "https://www.oracle.com/security-alerts/cpujan2022.html", "https://www.oracle.com/security-alerts/cpuoct2021.html"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.8.8+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-3426"
+imported = 2025-11-04T03:25:52.181Z
+modified = 2025-11-03T22:15:50.480Z
+published = 2021-05-20T13:15:07.753Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3426"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-3426"
+```
+
+# There's a flaw in Python 3's pydoc
+
+There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5if47-fiwpvy.md b/advisories/published/2025/JLSEC-0000-mnss5if47-fiwpvy.md
new file mode 100644
index 00000000..05dd1d4b
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5if47-fiwpvy.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5if47-fiwpvy"
+modified = 2025-11-04T03:25:54.055Z
+upstream = ["CVE-2021-24119"]
+references = ["https://github.com/ARMmbed/mbedtls/releases", "https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md", "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html", "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW/", "https://github.com/ARMmbed/mbedtls/releases", "https://github.com/UzL-ITS/util-lookup/blob/main/cve-vulnerability-publication.md", "https://lists.debian.org/debian-lts-announce/2021/11/msg00021.html", "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", "https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DRRVY7DMTX3ECFNZKDYTSFEG5AI2HBC6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EYJW7HAW3TDV2YMDFYXP3HD6WRQRTLJW/"]
+
+[[affected]]
+pkg = "MbedTLS_jll"
+ranges = ["< 2.26.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-24119"
+imported = 2025-11-04T03:25:54.055Z
+modified = 2025-11-03T20:15:45.783Z
+published = 2021-07-14T13:15:08.100Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-24119"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-24119"
+```
+
+# In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows...
+
+In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ifc6-1lbuai5.md b/advisories/published/2025/JLSEC-0000-mnss5ifc6-1lbuai5.md
new file mode 100644
index 00000000..4fa6a143
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ifc6-1lbuai5.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ifc6-1lbuai5"
+modified = 2025-11-04T03:25:54.342Z
+upstream = ["CVE-2021-36976"]
+references = ["http://seclists.org/fulldisclosure/2022/Mar/27", "http://seclists.org/fulldisclosure/2022/Mar/28", "http://seclists.org/fulldisclosure/2022/Mar/29", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375", "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/", "https://security.gentoo.org/glsa/202208-26", "https://support.apple.com/kb/HT213182", "https://support.apple.com/kb/HT213183", "https://support.apple.com/kb/HT213193", "http://seclists.org/fulldisclosure/2022/Mar/27", "http://seclists.org/fulldisclosure/2022/Mar/28", "http://seclists.org/fulldisclosure/2022/Mar/29", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375", "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml", "https://lists.debian.org/debian-lts-announce/2024/11/msg00007.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SE5NJQNM22ZE5Z55LPAGCUHSBQZBKMKC/", "https://security.gentoo.org/glsa/202208-26", "https://support.apple.com/kb/HT213182", "https://support.apple.com/kb/HT213183", "https://support.apple.com/kb/HT213193"]
+
+[[affected]]
+pkg = "LibArchive_jll"
+ranges = ["< 3.7.4+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-36976"
+imported = 2025-11-04T03:25:54.342Z
+modified = 2025-11-03T22:15:49.807Z
+published = 2021-07-20T07:15:07.950Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-36976"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-36976"
+```
+
+# libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block ...
+
+libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5iki5-1ga5quy.md b/advisories/published/2025/JLSEC-0000-mnss5iki5-1ga5quy.md
new file mode 100644
index 00000000..2dbc59b0
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5iki5-1ga5quy.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5iki5-1ga5quy"
+modified = 2025-11-04T03:26:01.037Z
+upstream = ["CVE-2021-44732"]
+references = ["https://bugs.gentoo.org/829660", "https://github.com/ARMmbed/mbedtls/releases", "https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12", "https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0", "https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0", "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12", "https://bugs.gentoo.org/829660", "https://github.com/ARMmbed/mbedtls/releases", "https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12", "https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0", "https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0", "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", "https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html", "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12"]
+
+[[affected]]
+pkg = "MbedTLS_jll"
+ranges = ["< 2.28.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-44732"
+imported = 2025-11-04T03:26:01.037Z
+modified = 2025-11-03T20:15:51.403Z
+published = 2021-12-20T08:15:06.620Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-44732"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-44732"
+```
+
+# Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an m...
+
+Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5imam-zsv4oi.md b/advisories/published/2025/JLSEC-0000-mnss5imam-zsv4oi.md
new file mode 100644
index 00000000..f6ffec61
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5imam-zsv4oi.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5imam-zsv4oi"
+modified = 2025-11-04T03:26:03.358Z
+upstream = ["CVE-2022-0391"]
+references = ["https://bugs.python.org/issue43882", "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", "https://security.gentoo.org/glsa/202305-02", "https://security.netapp.com/advisory/ntap-20220225-0009/", "https://www.oracle.com/security-alerts/cpuapr2022.html", "https://bugs.python.org/issue43882", "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", "https://security.gentoo.org/glsa/202305-02", "https://security.netapp.com/advisory/ntap-20220225-0009/", "https://www.oracle.com/security-alerts/cpuapr2022.html"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.7+0"]
+
+[[jlsec_sources]]
+id = "CVE-2022-0391"
+imported = 2025-11-04T03:26:03.358Z
+modified = 2025-11-03T22:15:54.307Z
+published = 2022-02-09T23:15:16.580Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-0391"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-0391"
+```
+
+# A flaw was found in Python, specifically within the urllib.parse module
+
+A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5inqo-rqycve.md b/advisories/published/2025/JLSEC-0000-mnss5inqo-rqycve.md
new file mode 100644
index 00000000..d8cae5ab
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5inqo-rqycve.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5inqo-rqycve"
+modified = 2025-11-04T03:26:05.232Z
+upstream = ["CVE-2021-3575"]
+references = ["https://bugzilla.redhat.com/show_bug.cgi?id=1957616", "https://github.com/uclouvain/openjpeg/issues/1347", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/", "https://ubuntu.com/security/CVE-2021-3575", "https://bugzilla.redhat.com/show_bug.cgi?id=1957616", "https://github.com/uclouvain/openjpeg/issues/1347", "https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/", "https://ubuntu.com/security/CVE-2021-3575"]
+
+[[affected]]
+pkg = "OpenJpeg_jll"
+ranges = ["< 2.5.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-3575"
+imported = 2025-11-04T03:26:05.232Z
+modified = 2025-11-03T20:15:50.027Z
+published = 2022-03-04T18:15:08.193Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3575"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-3575"
+```
+
+# A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompre...
+
+A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5inum-1baq8tl.md b/advisories/published/2025/JLSEC-0000-mnss5inum-1baq8tl.md
new file mode 100644
index 00000000..13822913
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5inum-1baq8tl.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5inum-1baq8tl"
+modified = 2025-11-04T03:26:05.374Z
+upstream = ["CVE-2021-3737"]
+references = ["https://bugs.python.org/issue44022", "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", "https://github.com/python/cpython/pull/25916", "https://github.com/python/cpython/pull/26503", "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html", "https://security.netapp.com/advisory/ntap-20220407-0009/", "https://ubuntu.com/security/CVE-2021-3737", "https://www.oracle.com/security-alerts/cpujul2022.html", "https://bugs.python.org/issue44022", "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", "https://github.com/python/cpython/pull/25916", "https://github.com/python/cpython/pull/26503", "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html", "https://security.netapp.com/advisory/ntap-20220407-0009/", "https://ubuntu.com/security/CVE-2021-3737", "https://www.oracle.com/security-alerts/cpujul2022.html"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.7+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-3737"
+imported = 2025-11-04T03:26:05.374Z
+modified = 2025-11-03T22:15:51.000Z
+published = 2022-03-04T19:15:08.730Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3737"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-3737"
+```
+
+# A flaw was found in python
+
+A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ioae-atwpy8.md b/advisories/published/2025/JLSEC-0000-mnss5ioae-atwpy8.md
new file mode 100644
index 00000000..5a66789d
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ioae-atwpy8.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ioae-atwpy8"
+modified = 2025-11-04T03:26:05.942Z
+upstream = ["CVE-2021-3733"]
+references = ["https://bugs.python.org/issue43075", "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb", "https://github.com/python/cpython/pull/24391", "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://security.netapp.com/advisory/ntap-20220407-0001/", "https://ubuntu.com/security/CVE-2021-3733", "https://bugs.python.org/issue43075", "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb", "https://github.com/python/cpython/pull/24391", "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://security.netapp.com/advisory/ntap-20220407-0001/", "https://ubuntu.com/security/CVE-2021-3733"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.7+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-3733"
+imported = 2025-11-04T03:26:05.942Z
+modified = 2025-11-03T22:15:50.833Z
+published = 2022-03-10T17:42:59.623Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-3733"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-3733"
+```
+
+# There's a flaw in urllib's AbstractBasicAuthHandler class
+
+There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ioz9-1tihqb0.md b/advisories/published/2025/JLSEC-0000-mnss5ioz9-1tihqb0.md
new file mode 100644
index 00000000..abaeb41b
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ioz9-1tihqb0.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ioz9-1tihqb0"
+modified = 2025-11-04T03:26:06.837Z
+upstream = ["CVE-2021-43666"]
+references = ["https://github.com/ARMmbed/mbedtls/issues/5136", "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", "https://github.com/ARMmbed/mbedtls/issues/5136", "https://lists.debian.org/debian-lts-announce/2022/12/msg00036.html", "https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html"]
+
+[[affected]]
+pkg = "MbedTLS_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2021-43666"
+imported = 2025-11-04T03:26:06.837Z
+modified = 2025-11-03T20:15:51.127Z
+published = 2022-03-24T18:15:08.333Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-43666"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-43666"
+```
+
+# A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivat...
+
+A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ipaz-avn7nl.md b/advisories/published/2025/JLSEC-0000-mnss5ipaz-avn7nl.md
new file mode 100644
index 00000000..6358b415
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ipaz-avn7nl.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ipaz-avn7nl"
+modified = 2025-11-04T03:26:07.259Z
+upstream = ["CVE-2022-1122"]
+references = ["https://github.com/uclouvain/openjpeg/issues/1368", "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4/", "https://security.gentoo.org/glsa/202209-04", "https://github.com/uclouvain/openjpeg/issues/1368", "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00002.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4/", "https://security.gentoo.org/glsa/202209-04"]
+
+[[affected]]
+pkg = "OpenJpeg_jll"
+ranges = [">= 2.4.0+0, < 2.5.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2022-1122"
+imported = 2025-11-04T03:26:07.259Z
+modified = 2025-11-03T20:15:52.347Z
+published = 2022-03-29T18:15:07.977Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-1122"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-1122"
+```
+
+# A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input di...
+
+A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ipgz-pxxw34.md b/advisories/published/2025/JLSEC-0000-mnss5ipgz-pxxw34.md
new file mode 100644
index 00000000..078fef1a
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ipgz-pxxw34.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ipgz-pxxw34"
+modified = 2025-11-04T03:26:07.475Z
+upstream = ["CVE-2015-20107"]
+references = ["https://bugs.python.org/issue24778", "https://github.com/python/cpython/issues/68966", "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/", "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html", "https://security.gentoo.org/glsa/202305-02", "https://security.netapp.com/advisory/ntap-20220616-0001/", "https://bugs.python.org/issue24778", "https://github.com/python/cpython/issues/68966", "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/", "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html", "https://security.gentoo.org/glsa/202305-02", "https://security.netapp.com/advisory/ntap-20220616-0001/"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.8+0"]
+
+[[jlsec_sources]]
+id = "CVE-2015-20107"
+imported = 2025-11-04T03:26:07.475Z
+modified = 2025-11-03T22:15:43.133Z
+published = 2022-04-13T16:15:08.937Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2015-20107"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2015-20107"
+```
+
+# In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into command...
+
+In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5isaw-zflqa2.md b/advisories/published/2025/JLSEC-0000-mnss5isaw-zflqa2.md
new file mode 100644
index 00000000..f5293d8b
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5isaw-zflqa2.md
@@ -0,0 +1,27 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5isaw-zflqa2"
+modified = 2025-11-04T03:26:11.144Z
+upstream = ["CVE-2022-2068"]
+references = ["https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", "https://security.netapp.com/advisory/ntap-20220707-0008/", "https://www.debian.org/security/2022/dsa-5169", "https://www.openssl.org/news/secadv/20220621.txt", "http://seclists.org/fulldisclosure/2024/Nov/0", "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7", "https://gitlab.com/fraf0/cve-2022-1292-re_score-analysis", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", "https://security.netapp.com/advisory/ntap-20220707-0008/", "https://www.debian.org/security/2022/dsa-5169", "https://www.openssl.org/news/secadv/20220621.txt"]
+
+[[affected]]
+pkg = "OpenSSL_jll"
+ranges = ["< 1.1.16+0"]
+[[affected]]
+pkg = "Openresty_jll"
+ranges = ["< 1.21.4+0"]
+
+[[jlsec_sources]]
+id = "CVE-2022-2068"
+imported = 2025-11-04T03:26:11.144Z
+modified = 2025-11-03T22:15:58.023Z
+published = 2022-06-21T15:15:09.060Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-2068"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-2068"
+```
+
+# In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstanc...
+
+In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5iutl-bkrp22.md b/advisories/published/2025/JLSEC-0000-mnss5iutl-bkrp22.md
new file mode 100644
index 00000000..1359bbb5
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5iutl-bkrp22.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5iutl-bkrp22"
+modified = 2025-11-04T03:26:14.409Z
+upstream = ["CVE-2021-28861"]
+references = ["https://bugs.python.org/issue43223", "https://github.com/python/cpython/pull/24848", "https://github.com/python/cpython/pull/93879", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/", "https://security.gentoo.org/glsa/202305-02", "https://bugs.python.org/issue43223", "https://github.com/python/cpython/pull/24848", "https://github.com/python/cpython/pull/93879", "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TRINJE3INWDVIHIABW4L2NP3RUSK7BJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LTSPFIULY2GZJN3QYNFVM4JSU6H4D6J/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OABQ5CMPQETJLFHROAXDIDXCMDTNVYG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DISZAFSIQ7IAPAEQTC7G2Z5QUA2V2PSW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPX4XHT2FGVQYLY2STT2MRVENILNZTTU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I3MQT5ZE3QH5PVDJMERTBOCILHK35CBE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRGKPYA5YHIXQAMRIXO5DSCX7D4UUW4Q/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLE5INSVJUZJGY5OJXV6JREXWD7UDHYN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S7G66SRWUM36ENQ3X6LAIG7HAB27D4XJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZEPOPUFC42KXXSLFPZ47ZZRGPOR7SQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X46T4EFTIBXZRYTGASBDEZGYJINH2OWV/", "https://security.gentoo.org/glsa/202305-02"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.7+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-28861"
+imported = 2025-11-04T03:26:14.409Z
+modified = 2025-11-03T22:15:47.860Z
+published = 2022-08-23T01:15:07.617Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-28861"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-28861"
+```
+
+# Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protec...
+
+Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5iuto-1mskoyj.md b/advisories/published/2025/JLSEC-0000-mnss5iuto-1mskoyj.md
new file mode 100644
index 00000000..90691ab3
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5iuto-1mskoyj.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5iuto-1mskoyj"
+modified = 2025-11-04T03:26:14.412Z
+upstream = ["CVE-2021-4189"]
+references = ["https://access.redhat.com/security/cve/CVE-2021-4189", "https://bugs.python.org/issue43285", "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e", "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://python-security.readthedocs.io/vuln/ftplib-pasv.html", "https://security-tracker.debian.org/tracker/CVE-2021-4189", "https://security.netapp.com/advisory/ntap-20221104-0004/", "https://access.redhat.com/security/cve/CVE-2021-4189", "https://bugs.python.org/issue43285", "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e", "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://python-security.readthedocs.io/vuln/ftplib-pasv.html", "https://security-tracker.debian.org/tracker/CVE-2021-4189", "https://security.netapp.com/advisory/ntap-20221104-0004/"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.7+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-4189"
+imported = 2025-11-04T03:26:14.412Z
+modified = 2025-11-03T22:15:54.013Z
+published = 2022-08-24T16:15:09.827Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-4189"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-4189"
+```
+
+# A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV ...
+
+A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5iv5m-1412y4v.md b/advisories/published/2025/JLSEC-0000-mnss5iv5m-1412y4v.md
new file mode 100644
index 00000000..2c881e21
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5iv5m-1412y4v.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5iv5m-1412y4v"
+modified = 2025-11-04T03:26:14.842Z
+upstream = ["CVE-2022-0367"]
+references = ["https://bugzilla.redhat.com/show_bug.cgi?id=2045571", "https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6", "https://github.com/stephane/libmodbus/issues/614", "https://lists.debian.org/debian-lts-announce/2022/09/msg00007.html", "https://bugzilla.redhat.com/show_bug.cgi?id=2045571", "https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6", "https://github.com/stephane/libmodbus/issues/614", "https://lists.debian.org/debian-lts-announce/2022/09/msg00007.html", "https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html"]
+
+[[affected]]
+pkg = "LibModbus_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2022-0367"
+imported = 2025-11-04T03:26:14.842Z
+modified = 2025-11-03T21:15:49.020Z
+published = 2022-08-29T15:15:09.370Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-0367"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-0367"
+```
+
+# A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c....
+
+A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ivlv-aftrdp.md b/advisories/published/2025/JLSEC-0000-mnss5ivlv-aftrdp.md
new file mode 100644
index 00000000..d63ab02f
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ivlv-aftrdp.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ivlv-aftrdp"
+modified = 2025-11-04T03:26:15.427Z
+upstream = ["CVE-2020-10735"]
+references = ["http://www.openwall.com/lists/oss-security/2022/09/21/1", "http://www.openwall.com/lists/oss-security/2022/09/21/4", "https://access.redhat.com/security/cve/CVE-2020-10735", "https://bugzilla.redhat.com/show_bug.cgi?id=1834423", "https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y", "https://github.com/python/cpython/issues/95778", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/", "http://www.openwall.com/lists/oss-security/2022/09/21/1", "http://www.openwall.com/lists/oss-security/2022/09/21/4", "https://access.redhat.com/security/cve/CVE-2020-10735", "https://bugzilla.redhat.com/show_bug.cgi?id=1834423", "https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y", "https://github.com/python/cpython/issues/95778", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.7+0"]
+
+[[jlsec_sources]]
+id = "CVE-2020-10735"
+imported = 2025-11-04T03:26:15.427Z
+modified = 2025-11-03T22:15:46.173Z
+published = 2022-09-09T14:15:08.660Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2020-10735"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2020-10735"
+```
+
+# A flaw was found in python
+
+A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ixy0-dhpe95.md b/advisories/published/2025/JLSEC-0000-mnss5ixy0-dhpe95.md
new file mode 100644
index 00000000..31f71515
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ixy0-dhpe95.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ixy0-dhpe95"
+modified = 2025-11-04T03:26:18.456Z
+upstream = ["CVE-2022-42919"]
+references = ["https://github.com/python/cpython/compare/v3.10.8...v3.10.9", "https://github.com/python/cpython/compare/v3.9.15...v3.9.16", "https://github.com/python/cpython/issues/97514", "https://github.com/python/cpython/issues/97514#issuecomment-1310277840", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PI5DYIED6U26BGX5IRZWNCP6TY4M2ZGZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6KGIRHSENZ4QAB234Z36HVIDTRJ3MFI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCRKBB5Y5EWTJUNC7LK665WO64DDXSTN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XX6LLAXGZVZ327REY6MDZRMMP47LJ53P/", "https://security.gentoo.org/glsa/202305-02", "https://security.netapp.com/advisory/ntap-20221209-0006/", "https://github.com/python/cpython/compare/v3.10.8...v3.10.9", "https://github.com/python/cpython/compare/v3.9.15...v3.9.16", "https://github.com/python/cpython/issues/97514", "https://github.com/python/cpython/issues/97514#issuecomment-1310277840", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PI5DYIED6U26BGX5IRZWNCP6TY4M2ZGZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6KGIRHSENZ4QAB234Z36HVIDTRJ3MFI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCRKBB5Y5EWTJUNC7LK665WO64DDXSTN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XX6LLAXGZVZ327REY6MDZRMMP47LJ53P/", "https://security.gentoo.org/glsa/202305-02", "https://security.netapp.com/advisory/ntap-20221209-0006/"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = [">= 3.8.8+0, < 3.10.13+0"]
+
+[[jlsec_sources]]
+id = "CVE-2022-42919"
+imported = 2025-11-04T03:26:18.456Z
+modified = 2025-11-03T22:16:00.810Z
+published = 2022-11-07T00:15:09.697Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-42919"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-42919"
+```
+
+# Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a ...
+
+Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5iy6a-1nv9b7b.md b/advisories/published/2025/JLSEC-0000-mnss5iy6a-1nv9b7b.md
new file mode 100644
index 00000000..e7afcdfc
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5iy6a-1nv9b7b.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5iy6a-1nv9b7b"
+modified = 2025-11-04T03:26:18.754Z
+upstream = ["CVE-2022-45061"]
+references = ["https://github.com/python/cpython/issues/98433", "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", "https://security.gentoo.org/glsa/202305-02", "https://security.netapp.com/advisory/ntap-20221209-0007/", "https://github.com/python/cpython/issues/98433", "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", "https://security.gentoo.org/glsa/202305-02", "https://security.netapp.com/advisory/ntap-20221209-0007/"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.13+0"]
+
+[[jlsec_sources]]
+id = "CVE-2022-45061"
+imported = 2025-11-04T03:26:18.754Z
+modified = 2025-11-03T22:16:01.150Z
+published = 2022-11-09T07:15:09.887Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-45061"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-45061"
+```
+
+# An issue was discovered in Python before 3.11.1
+
+An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5iz6k-1svh2op.md b/advisories/published/2025/JLSEC-0000-mnss5iz6k-1svh2op.md
new file mode 100644
index 00000000..ddcc87b8
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5iz6k-1svh2op.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5iz6k-1svh2op"
+modified = 2025-11-04T03:26:20.060Z
+upstream = ["CVE-2022-36227"]
+references = ["https://bugs.gentoo.org/882521", "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215", "https://github.com/libarchive/libarchive/issues/1754", "https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/", "https://security.gentoo.org/glsa/202309-14", "https://bugs.gentoo.org/882521", "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215", "https://github.com/libarchive/libarchive/issues/1754", "https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00007.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/", "https://security.gentoo.org/glsa/202309-14"]
+
+[[affected]]
+pkg = "LibArchive_jll"
+ranges = ["< 3.7.4+0"]
+
+[[jlsec_sources]]
+id = "CVE-2022-36227"
+imported = 2025-11-04T03:26:20.060Z
+modified = 2025-11-03T22:15:59.710Z
+published = 2022-11-22T02:15:11.003Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-36227"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-36227"
+```
+
+# In libarchive before 3.6.2, the software does not check for an error after calling calloc function t...
+
+In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j18c-vqsjxk.md b/advisories/published/2025/JLSEC-0000-mnss5j18c-vqsjxk.md
new file mode 100644
index 00000000..45a4c1ea
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j18c-vqsjxk.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j18c-vqsjxk"
+modified = 2025-11-04T03:26:22.716Z
+upstream = ["CVE-2022-46392"]
+references = ["https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2", "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/", "https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2", "https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.3.0", "https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4BR7ZCVKLPGCOEEALUHZMFHXQHR6S4QL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XMKJ5IMJEPXYAHHU56Z4P2FSYIEAESB/"]
+
+[[affected]]
+pkg = "MbedTLS_jll"
+ranges = ["< 2.28.2+0"]
+
+[[jlsec_sources]]
+id = "CVE-2022-46392"
+imported = 2025-11-04T03:26:22.716Z
+modified = 2025-11-03T20:15:57.980Z
+published = 2022-12-15T23:15:10.513Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-46392"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-46392"
+```
+
+# An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0
+
+An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j1od-1db0usa.md b/advisories/published/2025/JLSEC-0000-mnss5j1od-1db0usa.md
new file mode 100644
index 00000000..5bcbd30a
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j1od-1db0usa.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j1od-1db0usa"
+modified = 2025-11-04T03:26:23.293Z
+upstream = ["CVE-2022-4415"]
+references = ["https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c", "https://www.openwall.com/lists/oss-security/2022/12/21/3", "http://seclists.org/fulldisclosure/2025/Jun/9", "https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c", "https://security.netapp.com/advisory/ntap-20230216-0010/", "https://www.openwall.com/lists/oss-security/2022/12/21/3"]
+
+[[affected]]
+pkg = "systemd_jll"
+ranges = ["< 256.7.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2022-4415"
+imported = 2025-11-04T03:26:23.293Z
+modified = 2025-11-03T20:15:59.413Z
+published = 2023-01-11T15:15:09.590Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-4415"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-4415"
+```
+
+# A vulnerability was found in systemd
+
+A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j2h8-4vqiiw.md b/advisories/published/2025/JLSEC-0000-mnss5j2h8-4vqiiw.md
new file mode 100644
index 00000000..61741216
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j2h8-4vqiiw.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j2h8-4vqiiw"
+modified = 2025-11-04T03:26:24.332Z
+upstream = ["CVE-2021-36647"]
+references = ["https://github.com/ARMmbed/mbedtls/releases/", "https://kouzili.com/Load-Step.pdf", "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1", "https://github.com/ARMmbed/mbedtls/releases/", "https://kouzili.com/Load-Step.pdf", "https://lists.debian.org/debian-lts-announce/2025/06/msg00034.html", "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1"]
+
+[[affected]]
+pkg = "MbedTLS_jll"
+ranges = ["< 2.27.0+0", ">= 2.28.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-36647"
+imported = 2025-11-04T03:26:24.332Z
+modified = 2025-11-03T20:15:49.343Z
+published = 2023-01-17T21:15:10.880Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-36647"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-36647"
+```
+
+# Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c i...
+
+Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j45i-1bmvbap.md b/advisories/published/2025/JLSEC-0000-mnss5j45i-1bmvbap.md
new file mode 100644
index 00000000..9d72d579
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j45i-1bmvbap.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j45i-1bmvbap"
+modified = 2025-11-04T03:26:26.502Z
+upstream = ["CVE-2023-24329"]
+references = ["https://github.com/python/cpython/issues/102153", "https://github.com/python/cpython/pull/99421", "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/", "https://pointernull.com/security/python-url-parse-problem.html", "https://security.netapp.com/advisory/ntap-20230324-0004/", "https://www.kb.cert.org/vuls/id/127587", "https://github.com/python/cpython/issues/102153", "https://github.com/python/cpython/pull/99421", "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/", "https://pointernull.com/security/python-url-parse-problem.html", "https://security.netapp.com/advisory/ntap-20230324-0004/", "https://www.kb.cert.org/vuls/id/127587"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.13+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-24329"
+imported = 2025-11-04T03:26:26.502Z
+modified = 2025-11-03T22:16:05.300Z
+published = 2023-02-17T15:15:12.243Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-24329"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-24329"
+```
+
+# An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisti...
+
+An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j5h6-1y83csh.md b/advisories/published/2025/JLSEC-0000-mnss5j5h6-1y83csh.md
new file mode 100644
index 00000000..20c37ced
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j5h6-1y83csh.md
@@ -0,0 +1,27 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j5h6-1y83csh"
+modified = 2025-11-04T03:26:28.218Z
+upstream = ["CVE-2023-1544"]
+references = ["https://access.redhat.com/security/cve/CVE-2023-1544", "https://bugzilla.redhat.com/show_bug.cgi?id=2180364", "https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html", "https://security.netapp.com/advisory/ntap-20230511-0005/", "https://access.redhat.com/security/cve/CVE-2023-1544", "https://bugzilla.redhat.com/show_bug.cgi?id=2180364", "https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html", "https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html", "https://security.netapp.com/advisory/ntap-20230511-0005/"]
+
+[[affected]]
+pkg = "Qemu_jll"
+ranges = ["< 7.2.9+0"]
+[[affected]]
+pkg = "Qemu_static_jll"
+ranges = ["< 7.2.9+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-1544"
+imported = 2025-11-04T03:26:28.218Z
+modified = 2025-11-03T20:15:59.780Z
+published = 2023-03-23T20:15:14.497Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-1544"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-1544"
+```
+
+# A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device
+
+A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j6yi-190r5vp.md b/advisories/published/2025/JLSEC-0000-mnss5j6yi-190r5vp.md
new file mode 100644
index 00000000..e373f569
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j6yi-190r5vp.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j6yi-190r5vp"
+modified = 2025-11-04T03:26:30.138Z
+upstream = ["CVE-2023-27043"]
+references = ["http://python.org", "https://github.com/python/cpython/issues/102988", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/", "https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html", "https://security.netapp.com/advisory/ntap-20230601-0003/", "http://python.org", "http://seclists.org/fulldisclosure/2025/Apr/8", "https://github.com/python/cpython/issues/102988", "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOX7BCN6YL7B3RFPEEXPIU5CMTEHJOKR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZAEFSFZDNBNJPNOUTLG5COISGQDLMGV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75DTHSTNOFFNAWHXKMDXS7EJWC6W2FUC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAKLUJMHFGVBRDPEY57BJGNCE5UUPHW/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUNZSZ3CVSM2QWVYH3N2XGOCDWNYUA3/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORLXS5YTKN65E2Q2NWKXMFS5FWQHRNZW/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2MAICLFDDO3QVNHTZ2OCERZQ34R2PIC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2W2BZQIHMCKRI5FNBJERFYMS5PK6TAH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PHVGRKQAGANCSGFI3QMYOCIMS4IFOZA5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU6Y2S5CBN5BWCBDAJFTGIBZLK3S2G3J/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDRDDPDN3VFIYXJIYEABY6USX5EU66AG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDDC2VOX7OQC6OHMYTVD4HLFZIV6PYBC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SINP4OVYNB2AGDYI2GS37EMW3H3F7XPZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZXC32CJ7TWDPJO6GY2XIQRO7JZX5FLP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWMBD4LNHWEXRI6YVFWJMTJQUL5WOFTS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQVY5C5REXWJIORJIL2FIL3ALOEJEF72/", "https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html", "https://security.netapp.com/advisory/ntap-20230601-0003/"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.16+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-27043"
+imported = 2025-11-04T03:26:30.138Z
+modified = 2025-11-03T22:16:06.087Z
+published = 2023-04-19T00:15:07.973Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-27043"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-27043"
+```
+
+# The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special...
+
+The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j72m-1pau7g1.md b/advisories/published/2025/JLSEC-0000-mnss5j72m-1pau7g1.md
new file mode 100644
index 00000000..55de0222
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j72m-1pau7g1.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j72m-1pau7g1"
+modified = 2025-11-04T03:26:30.286Z
+upstream = ["CVE-2023-31484"]
+references = ["http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://github.com/andk/cpanpm/pull/175", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://www.openwall.com/lists/oss-security/2023/04/18/14", "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://github.com/andk/cpanpm/pull/175", "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://www.openwall.com/lists/oss-security/2023/04/18/14"]
+
+[[affected]]
+pkg = "Perl_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2023-31484"
+imported = 2025-11-04T03:26:30.286Z
+modified = 2025-11-03T22:16:19.470Z
+published = 2023-04-29T00:15:09.000Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-31484"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-31484"
+```
+
+# CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
+
+CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j9de-ebh2so.md b/advisories/published/2025/JLSEC-0000-mnss5j9de-ebh2so.md
new file mode 100644
index 00000000..f0772dc6
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j9de-ebh2so.md
@@ -0,0 +1,26 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j9de-ebh2so"
+modified = 2025-11-04T03:26:33.266Z
+upstream = ["CVE-2023-2976"]
+references = ["https://github.com/google/guava/issues/2575", "https://security.netapp.com/advisory/ntap-20230818-0008/", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html", "https://github.com/google/guava/issues/2575", "https://security.netapp.com/advisory/ntap-20230818-0008/", "https://security.netapp.com/advisory/ntap-20241108-0002/", "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01006.html"]
+
+[[affected]]
+pkg = "GAP_pkg_guava_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2023-2976"
+imported = 2025-11-04T03:26:33.266Z
+modified = 2025-11-03T22:16:08.973Z
+published = 2023-06-14T18:15:09.513Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-2976"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
+```
+
+# Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Gu...
+
+Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.
+
+Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j9l7-1keusjh.md b/advisories/published/2025/JLSEC-0000-mnss5j9l7-1keusjh.md
new file mode 100644
index 00000000..02e82222
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j9l7-1keusjh.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j9l7-1keusjh"
+modified = 2025-11-04T03:26:33.547Z
+upstream = ["CVE-2023-26965"]
+references = ["https://gitlab.com/libtiff/libtiff/-/merge_requests/472", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://security.netapp.com/advisory/ntap-20230706-0009/", "https://gitlab.com/libtiff/libtiff/-/merge_requests/472", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html", "https://security.netapp.com/advisory/ntap-20230706-0009/"]
+
+[[affected]]
+pkg = "Libtiff_jll"
+ranges = ["< 4.5.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-26965"
+imported = 2025-11-04T03:26:33.547Z
+modified = 2025-11-03T21:15:56.240Z
+published = 2023-06-14T21:15:09.483Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-26965"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-26965"
+```
+
+# loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a craft...
+
+loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j9p4-1ixdkw0.md b/advisories/published/2025/JLSEC-0000-mnss5j9p4-1ixdkw0.md
new file mode 100644
index 00000000..a81019d0
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j9p4-1ixdkw0.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j9p4-1ixdkw0"
+modified = 2025-11-04T03:26:33.688Z
+upstream = ["CVE-2023-3316"]
+references = ["https://gitlab.com/libtiff/libtiff/-/issues/515", "https://gitlab.com/libtiff/libtiff/-/merge_requests/468", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/", "https://gitlab.com/libtiff/libtiff/-/issues/515", "https://gitlab.com/libtiff/libtiff/-/merge_requests/468", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html", "https://research.jfrog.com/vulnerabilities/libtiff-nullderef-dos-xray-522144/"]
+
+[[affected]]
+pkg = "Libtiff_jll"
+ranges = ["< 4.5.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-3316"
+imported = 2025-11-04T03:26:33.688Z
+modified = 2025-11-03T21:15:59.493Z
+published = 2023-06-19T12:15:09.520Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-3316"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-3316"
+```
+
+# A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existen...
+
+A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j9t0-ivo622.md b/advisories/published/2025/JLSEC-0000-mnss5j9t0-ivo622.md
new file mode 100644
index 00000000..9ea2dca1
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j9t0-ivo622.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j9t0-ivo622"
+modified = 2025-11-04T03:26:33.828Z
+upstream = ["CVE-2023-2908"]
+references = ["https://access.redhat.com/security/cve/CVE-2023-2908", "https://bugzilla.redhat.com/show_bug.cgi?id=2218830", "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f", "https://gitlab.com/libtiff/libtiff/-/merge_requests/479", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://security.netapp.com/advisory/ntap-20230731-0004/", "https://access.redhat.com/security/cve/CVE-2023-2908", "https://bugzilla.redhat.com/show_bug.cgi?id=2218830", "https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f", "https://gitlab.com/libtiff/libtiff/-/merge_requests/479", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html", "https://security.netapp.com/advisory/ntap-20230731-0004/"]
+
+[[affected]]
+pkg = "Libtiff_jll"
+ranges = ["< 4.5.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-2908"
+imported = 2025-11-04T03:26:33.828Z
+modified = 2025-11-03T21:15:57.683Z
+published = 2023-06-30T22:15:10.017Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-2908"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-2908"
+```
+
+# A null pointer dereference issue was found in Libtiff's tif_dir.c file
+
+A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5j9t1-10jnv3n.md b/advisories/published/2025/JLSEC-0000-mnss5j9t1-10jnv3n.md
new file mode 100644
index 00000000..07996d47
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5j9t1-10jnv3n.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5j9t1-10jnv3n"
+modified = 2025-11-04T03:26:33.829Z
+upstream = ["CVE-2023-3618"]
+references = ["https://access.redhat.com/security/cve/CVE-2023-3618", "https://bugzilla.redhat.com/show_bug.cgi?id=2215865", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://security.netapp.com/advisory/ntap-20230824-0012/", "https://support.apple.com/kb/HT214036", "https://support.apple.com/kb/HT214037", "https://support.apple.com/kb/HT214038", "https://access.redhat.com/security/cve/CVE-2023-3618", "https://bugzilla.redhat.com/show_bug.cgi?id=2215865", "https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html", "https://security.netapp.com/advisory/ntap-20230824-0012/", "https://support.apple.com/kb/HT214036", "https://support.apple.com/kb/HT214037", "https://support.apple.com/kb/HT214038"]
+
+[[affected]]
+pkg = "Libtiff_jll"
+ranges = ["< 4.5.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-3618"
+imported = 2025-11-04T03:26:33.829Z
+modified = 2025-11-03T21:15:59.683Z
+published = 2023-07-12T15:15:09.060Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-3618"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-3618"
+```
+
+# A flaw was found in libtiff
+
+A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jb18-16u1kov.md b/advisories/published/2025/JLSEC-0000-mnss5jb18-16u1kov.md
new file mode 100644
index 00000000..cc218309
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jb18-16u1kov.md
@@ -0,0 +1,27 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jb18-16u1kov"
+modified = 2025-11-04T03:26:35.420Z
+upstream = ["CVE-2023-3019"]
+references = ["https://access.redhat.com/errata/RHSA-2024:0135", "https://access.redhat.com/errata/RHSA-2024:0404", "https://access.redhat.com/errata/RHSA-2024:0569", "https://access.redhat.com/errata/RHSA-2024:2135", "https://access.redhat.com/security/cve/CVE-2023-3019", "https://bugzilla.redhat.com/show_bug.cgi?id=2222351", "https://access.redhat.com/errata/RHSA-2024:0135", "https://access.redhat.com/errata/RHSA-2024:0404", "https://access.redhat.com/errata/RHSA-2024:0569", "https://access.redhat.com/errata/RHSA-2024:2135", "https://access.redhat.com/security/cve/CVE-2023-3019", "https://bugzilla.redhat.com/show_bug.cgi?id=2222351", "https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html", "https://security.netapp.com/advisory/ntap-20230831-0005/"]
+
+[[affected]]
+pkg = "Qemu_jll"
+ranges = ["*"]
+[[affected]]
+pkg = "Qemu_static_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2023-3019"
+imported = 2025-11-04T03:26:35.420Z
+modified = 2025-11-03T20:16:01.753Z
+published = 2023-07-24T16:15:12.253Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-3019"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-3019"
+```
+
+# A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code ...
+
+A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jc9u-tqxzoa.md b/advisories/published/2025/JLSEC-0000-mnss5jc9u-tqxzoa.md
new file mode 100644
index 00000000..bb08faae
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jc9u-tqxzoa.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jc9u-tqxzoa"
+modified = 2025-11-04T03:26:37.026Z
+upstream = ["CVE-2023-40217"]
+references = ["https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html", "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/", "https://security.netapp.com/advisory/ntap-20231006-0014/", "https://www.python.org/dev/security/", "https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/", "https://security.netapp.com/advisory/ntap-20231006-0014/", "https://www.python.org/dev/security/"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.13+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-40217"
+imported = 2025-11-04T03:26:37.026Z
+modified = 2025-11-03T22:16:25.860Z
+published = 2023-08-25T01:15:09.017Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-40217"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-40217"
+```
+
+# An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.1...
+
+An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jcdo-13apa7v.md b/advisories/published/2025/JLSEC-0000-mnss5jcdo-13apa7v.md
new file mode 100644
index 00000000..6f798fc6
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jcdo-13apa7v.md
@@ -0,0 +1,28 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jcdo-13apa7v"
+modified = 2025-11-04T03:26:37.164Z
+upstream = ["CVE-2021-32050"]
+references = ["https://jira.mongodb.org/browse/CDRIVER-3797", "https://jira.mongodb.org/browse/CXX-2028", "https://jira.mongodb.org/browse/NODE-3356", "https://jira.mongodb.org/browse/PHPC-1869", "https://jira.mongodb.org/browse/SWIFT-1229", "https://security.netapp.com/advisory/ntap-20231006-0001/", "https://jira.mongodb.org/browse/CDRIVER-3797", "https://jira.mongodb.org/browse/CXX-2028", "https://jira.mongodb.org/browse/NODE-3356", "https://jira.mongodb.org/browse/PHPC-1869", "https://jira.mongodb.org/browse/SWIFT-1229", "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html", "https://security.netapp.com/advisory/ntap-20231006-0001/"]
+
+[[affected]]
+pkg = "MongoC_jll"
+ranges = ["< 1.19.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-32050"
+imported = 2025-11-04T03:26:37.164Z
+modified = 2025-11-03T20:15:47.443Z
+published = 2023-08-29T16:15:08.423Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-32050"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-32050"
+```
+
+# Some MongoDB Drivers may erroneously publish events containing authentication-related data to a comm...
+
+Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.
+
+Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).
+
+This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jfbu-dbu83c.md b/advisories/published/2025/JLSEC-0000-mnss5jfbu-dbu83c.md
new file mode 100644
index 00000000..b76a8fad
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jfbu-dbu83c.md
@@ -0,0 +1,27 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jfbu-dbu83c"
+modified = 2025-11-04T03:26:40.986Z
+upstream = ["CVE-2023-38552"]
+references = ["https://hackerone.com/reports/2094235", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "https://security.netapp.com/advisory/ntap-20231116-0013/", "https://hackerone.com/reports/2094235", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "https://security.netapp.com/advisory/ntap-20231116-0013/", "https://security.netapp.com/advisory/ntap-20241108-0002/"]
+
+[[affected]]
+pkg = "libnode_jll"
+ranges = [">= 18.12.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-38552"
+imported = 2025-11-04T03:26:40.986Z
+modified = 2025-11-03T22:16:24.850Z
+published = 2023-10-18T04:15:11.200Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-38552"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-38552"
+```
+
+# When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the a...
+
+When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check.
+Impacts:
+This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.
+Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jfte-1xb1h1o.md b/advisories/published/2025/JLSEC-0000-mnss5jfte-1xb1h1o.md
new file mode 100644
index 00000000..5995ce6a
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jfte-1xb1h1o.md
@@ -0,0 +1,63 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jfte-1xb1h1o"
+modified = 2025-11-04T03:26:41.618Z
+upstream = ["CVE-2023-5363"]
+references = ["https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee", "https://www.openssl.org/news/secadv/20231024.txt", "http://www.openwall.com/lists/oss-security/2023/10/24/1", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee", "https://security.netapp.com/advisory/ntap-20231027-0010/", "https://security.netapp.com/advisory/ntap-20240201-0003/", "https://security.netapp.com/advisory/ntap-20240201-0004/", "https://security.netapp.com/advisory/ntap-20241108-0002/", "https://www.debian.org/security/2023/dsa-5532", "https://www.openssl.org/news/secadv/20231024.txt"]
+
+[[affected]]
+pkg = "OpenSSL_jll"
+ranges = [">= 3.0.8+0, < 3.0.12+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-5363"
+imported = 2025-11-04T03:26:41.618Z
+modified = 2025-11-03T22:16:32.357Z
+published = 2023-10-25T18:17:43.613Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-5363"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-5363"
+```
+
+# Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) len...
+
+Issue summary: A bug has been identified in the processing of key and
+initialisation vector (IV) lengths.  This can lead to potential truncation
+or overruns during the initialisation of some symmetric ciphers.
+
+Impact summary: A truncation in the IV can result in non-uniqueness,
+which could result in loss of confidentiality for some cipher modes.
+
+When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or
+EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after
+the key and IV have been established.  Any alterations to the key length,
+via the "keylen" parameter or the IV length, via the "ivlen" parameter,
+within the OSSL_PARAM array will not take effect as intended, potentially
+causing truncation or overreading of these values.  The following ciphers
+and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.
+
+For the CCM, GCM and OCB cipher modes, truncation of the IV can result in
+loss of confidentiality.  For example, when following NIST's SP 800-38D
+section 8.2.1 guidance for constructing a deterministic IV for AES in
+GCM mode, truncation of the counter portion could lead to IV reuse.
+
+Both truncations and overruns of the key and overruns of the IV will
+produce incorrect results and could, in some cases, trigger a memory
+exception.  However, these issues are not currently assessed as security
+critical.
+
+Changing the key and/or IV lengths is not considered to be a common operation
+and the vulnerable API was recently introduced. Furthermore it is likely that
+application developers will have spotted this problem during testing since
+decryption would fail unless both peers in the communication were similarly
+vulnerable. For these reasons we expect the probability of an application being
+vulnerable to this to be quite low. However if an application is vulnerable then
+this issue is considered very serious. For these reasons we have assessed this
+issue as Moderate severity overall.
+
+The OpenSSL SSL/TLS implementation is not affected by this issue.
+
+The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because
+the issue lies outside of the FIPS provider boundary.
+
+OpenSSL 3.1 and 3.0 are vulnerable to this issue.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jh3n-1rn6any.md b/advisories/published/2025/JLSEC-0000-mnss5jh3n-1rn6any.md
new file mode 100644
index 00000000..01421ee8
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jh3n-1rn6any.md
@@ -0,0 +1,27 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jh3n-1rn6any"
+modified = 2025-11-04T03:26:43.283Z
+upstream = ["CVE-2023-5088"]
+references = ["https://access.redhat.com/errata/RHSA-2024:2135", "https://access.redhat.com/errata/RHSA-2024:2962", "https://access.redhat.com/security/cve/CVE-2023-5088", "https://bugzilla.redhat.com/show_bug.cgi?id=2247283", "https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/", "https://access.redhat.com/errata/RHSA-2024:2135", "https://access.redhat.com/errata/RHSA-2024:2962", "https://access.redhat.com/security/cve/CVE-2023-5088", "https://bugzilla.redhat.com/show_bug.cgi?id=2247283", "https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html", "https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/", "https://security.netapp.com/advisory/ntap-20231208-0005/"]
+
+[[affected]]
+pkg = "Qemu_jll"
+ranges = ["*"]
+[[affected]]
+pkg = "Qemu_static_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2023-5088"
+imported = 2025-11-04T03:26:43.283Z
+modified = 2025-11-03T20:16:06.617Z
+published = 2023-11-03T14:15:08.560Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-5088"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-5088"
+```
+
+# A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to b...
+
+A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jh8c-19fboj3.md b/advisories/published/2025/JLSEC-0000-mnss5jh8c-19fboj3.md
new file mode 100644
index 00000000..01049298
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jh8c-19fboj3.md
@@ -0,0 +1,58 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jh8c-19fboj3"
+modified = 2025-11-04T03:26:43.452Z
+upstream = ["CVE-2023-5678"]
+references = ["https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "https://www.openssl.org/news/secadv/20231106.txt", "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://security.netapp.com/advisory/ntap-20231130-0010/", "https://www.openssl.org/news/secadv/20231106.txt"]
+
+[[affected]]
+pkg = "OpenSSL_jll"
+ranges = ["< 3.0.13+0"]
+[[affected]]
+pkg = "Openresty_jll"
+ranges = ["< 1.27.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-5678"
+imported = 2025-11-04T03:26:43.452Z
+modified = 2025-11-03T22:16:32.670Z
+published = 2023-11-06T16:15:42.670Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-5678"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-5678"
+```
+
+# Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys ...
+
+Issue summary: Generating excessively long X9.42 DH keys or checking
+excessively long X9.42 DH keys or parameters may be very slow.
+
+Impact summary: Applications that use the functions DH_generate_key() to
+generate an X9.42 DH key may experience long delays.  Likewise, applications
+that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
+to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
+Where the key or parameters that are being checked have been obtained from
+an untrusted source this may lead to a Denial of Service.
+
+While DH_check() performs all the necessary checks (as of CVE-2023-3817),
+DH_check_pub_key() doesn't make any of these checks, and is therefore
+vulnerable for excessively large P and Q parameters.
+
+Likewise, while DH_generate_key() performs a check for an excessively large
+P, it doesn't check for an excessively large Q.
+
+An application that calls DH_generate_key() or DH_check_pub_key() and
+supplies a key or parameters obtained from an untrusted source could be
+vulnerable to a Denial of Service attack.
+
+DH_generate_key() and DH_check_pub_key() are also called by a number of
+other OpenSSL functions.  An application calling any of those other
+functions may similarly be affected.  The other functions affected by this
+are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().
+
+Also vulnerable are the OpenSSL pkey command line application when using the
+"-pubcheck" option, as well as the OpenSSL genpkey command line application.
+
+The OpenSSL SSL/TLS implementation is not affected by this issue.
+
+The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ji4y-qihsdu.md b/advisories/published/2025/JLSEC-0000-mnss5ji4y-qihsdu.md
new file mode 100644
index 00000000..78f69532
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ji4y-qihsdu.md
@@ -0,0 +1,26 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ji4y-qihsdu"
+modified = 2025-11-04T03:26:44.626Z
+upstream = ["CVE-2023-30581"]
+references = ["https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "https://security.netapp.com/advisory/ntap-20241101-0011/"]
+
+[[affected]]
+pkg = "libnode_jll"
+ranges = [">= 16.14.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-30581"
+imported = 2025-11-04T03:26:44.626Z
+modified = 2025-11-03T22:16:09.510Z
+published = 2023-11-23T00:15:07.980Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-30581"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-30581"
+```
+
+# The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and r...
+
+The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20.
+
+Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jil3-hl7eia.md b/advisories/published/2025/JLSEC-0000-mnss5jil3-hl7eia.md
new file mode 100644
index 00000000..0b7074ab
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jil3-hl7eia.md
@@ -0,0 +1,30 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jil3-hl7eia"
+modified = 2025-11-04T03:26:45.207Z
+upstream = ["CVE-2023-30585"]
+references = ["https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "https://security.netapp.com/advisory/ntap-20241101-0011/"]
+
+[[affected]]
+pkg = "libnode_jll"
+ranges = [">= 16.14.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-30585"
+imported = 2025-11-04T03:26:45.207Z
+modified = 2025-11-03T22:16:09.827Z
+published = 2023-11-28T02:15:42.077Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-30585"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-30585"
+```
+
+# A vulnerability has been identified in the Node.js (.msi version) installation process, specifically...
+
+A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM context, attempts to read the %USERPROFILE% environment variable from the current user's registry.
+
+The issue arises when the path referenced by the %USERPROFILE% environment variable does not exist. In such cases, the "msiexec.exe" process attempts to create the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in arbitrary locations.
+
+The severity of this vulnerability is heightened by the fact that the %USERPROFILE% environment variable in the Windows registry can be modified by standard (or "non-privileged") users. Consequently, unprivileged actors, including malicious entities or trojans, can manipulate the environment variable key to deceive the privileged "msiexec.exe" process. This manipulation can result in the creation of folders in unintended and potentially malicious locations.
+
+It is important to note that this vulnerability is specific to Windows users who install Node.js using the .msi installer. Users who opt for other installation methods are not affected by this particular issue.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jiy0-h0ji1h.md b/advisories/published/2025/JLSEC-0000-mnss5jiy0-h0ji1h.md
new file mode 100644
index 00000000..e61b322e
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jiy0-h0ji1h.md
@@ -0,0 +1,26 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jiy0-h0ji1h"
+modified = 2025-11-04T03:26:45.672Z
+upstream = ["CVE-2023-30590"]
+references = ["https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html", "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html", "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "https://security.netapp.com/advisory/ntap-20241101-0011/"]
+
+[[affected]]
+pkg = "libnode_jll"
+ranges = [">= 16.14.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-30590"
+imported = 2025-11-04T03:26:45.672Z
+modified = 2025-11-03T22:16:10.300Z
+published = 2023-11-28T20:15:07.480Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-30590"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-30590"
+```
+
+# The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (o...
+
+The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values".
+
+The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jl42-kbutpj.md b/advisories/published/2025/JLSEC-0000-mnss5jl42-kbutpj.md
new file mode 100644
index 00000000..71b0076e
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jl42-kbutpj.md
@@ -0,0 +1,27 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jl42-kbutpj"
+modified = 2025-11-04T03:26:48.482Z
+upstream = ["CVE-2023-6693"]
+references = ["https://access.redhat.com/errata/RHSA-2024:2962", "https://access.redhat.com/errata/RHSA-2025:4492", "https://access.redhat.com/security/cve/CVE-2023-6693", "https://bugzilla.redhat.com/show_bug.cgi?id=2254580", "https://access.redhat.com/errata/RHSA-2024:2962", "https://access.redhat.com/security/cve/CVE-2023-6693", "https://bugzilla.redhat.com/show_bug.cgi?id=2254580", "https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/", "https://security.netapp.com/advisory/ntap-20240208-0004/"]
+
+[[affected]]
+pkg = "Qemu_jll"
+ranges = ["*"]
+[[affected]]
+pkg = "Qemu_static_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2023-6693"
+imported = 2025-11-04T03:26:48.482Z
+modified = 2025-11-03T20:16:07.487Z
+published = 2024-01-02T10:15:08.930Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-6693"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-6693"
+```
+
+# A stack based buffer overflow was found in the virtio-net device of QEMU
+
+A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jmnt-em113z.md b/advisories/published/2025/JLSEC-0000-mnss5jmnt-em113z.md
new file mode 100644
index 00000000..c6adbc43
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jmnt-em113z.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jmnt-em113z"
+modified = 2025-11-04T03:26:50.489Z
+upstream = ["CVE-2023-0437"]
+references = ["https://jira.mongodb.org/browse/CDRIVER-4747", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GUVOAFZFSYTNBF6R7H4XJM5DHWBRQ6P/", "https://jira.mongodb.org/browse/CDRIVER-4747", "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7GUVOAFZFSYTNBF6R7H4XJM5DHWBRQ6P/"]
+
+[[affected]]
+pkg = "MongoC_jll"
+ranges = ["< 1.25.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2023-0437"
+imported = 2025-11-04T03:26:50.489Z
+modified = 2025-11-03T20:15:59.617Z
+published = 2024-01-12T14:15:47.387Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-0437"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-0437"
+```
+
+# When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached ...
+
+When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5jooo-1cfiugo.md b/advisories/published/2025/JLSEC-0000-mnss5jooo-1cfiugo.md
new file mode 100644
index 00000000..5d3f15ed
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5jooo-1cfiugo.md
@@ -0,0 +1,47 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5jooo-1cfiugo"
+modified = 2025-11-04T03:26:53.112Z
+upstream = ["CVE-2024-0727"]
+references = ["https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", "https://www.openssl.org/news/secadv/20240125.txt", "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://security.netapp.com/advisory/ntap-20240208-0006/", "https://www.openssl.org/news/secadv/20240125.txt"]
+
+[[affected]]
+pkg = "OpenSSL_jll"
+ranges = ["< 3.0.13+0"]
+[[affected]]
+pkg = "Openresty_jll"
+ranges = ["< 1.27.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-0727"
+imported = 2025-11-04T03:26:53.111Z
+modified = 2025-11-03T22:16:34.223Z
+published = 2024-01-26T09:15:07.637Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-0727"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-0727"
+```
+
+# Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a...
+
+Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
+to crash leading to a potential Denial of Service attack
+
+Impact summary: Applications loading files in the PKCS12 format from untrusted
+sources might terminate abruptly.
+
+A file in PKCS12 format can contain certificates and keys and may come from an
+untrusted source. The PKCS12 specification allows certain fields to be NULL, but
+OpenSSL does not correctly check for this case. This can lead to a NULL pointer
+dereference that results in OpenSSL crashing. If an application processes PKCS12
+files from an untrusted source using the OpenSSL APIs then that application will
+be vulnerable to this issue.
+
+OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
+PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
+and PKCS12_newpass().
+
+We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
+function is related to writing data we do not consider it security significant.
+
+The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5nzcd-lpvq7j.md b/advisories/published/2025/JLSEC-0000-mnss5nzcd-lpvq7j.md
new file mode 100644
index 00000000..200f833f
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5nzcd-lpvq7j.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5nzcd-lpvq7j"
+modified = 2025-11-04T03:30:13.549Z
+upstream = ["CVE-2024-26306"]
+references = ["https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc", "https://github.com/esnet/iperf/releases/tag/3.17", "https://www.insyde.com/security-pledge/SA-2024005", "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc", "https://github.com/esnet/iperf/releases/tag/3.17", "https://lists.debian.org/debian-lts-announce/2025/01/msg00027.html", "https://security.netapp.com/advisory/ntap-20250228-0007/"]
+
+[[affected]]
+pkg = "iperf_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-26306"
+imported = 2025-11-04T03:30:13.549Z
+modified = 2025-11-03T21:16:07.653Z
+published = 2024-05-14T15:08:51.197Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-26306"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-26306"
+```
+
+# iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows ...
+
+iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5oj2c-brcwbt.md b/advisories/published/2025/JLSEC-0000-mnss5oj2c-brcwbt.md
new file mode 100644
index 00000000..a271b0ad
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5oj2c-brcwbt.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5oj2c-brcwbt"
+modified = 2025-11-04T03:30:39.108Z
+upstream = ["CVE-2024-36843"]
+references = ["https://github.com/balckgu1/libmodbusPoc/blob/main/gdb.md", "https://github.com/stephane/libmodbus/issues/748", "https://github.com/balckgu1/libmodbusPoc/blob/main/gdb.md", "https://github.com/stephane/libmodbus/issues/748", "https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html"]
+
+[[affected]]
+pkg = "LibModbus_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-36843"
+imported = 2025-11-04T03:30:39.108Z
+modified = 2025-11-03T21:16:13.037Z
+published = 2024-05-31T20:15:10.290Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-36843"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-36843"
+```
+
+# libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.
+
+libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ojqd-1cskiuo.md b/advisories/published/2025/JLSEC-0000-mnss5ojqd-1cskiuo.md
new file mode 100644
index 00000000..06bf7f00
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ojqd-1cskiuo.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ojqd-1cskiuo"
+modified = 2025-11-04T03:30:39.973Z
+upstream = ["CVE-2024-36844"]
+references = ["https://github.com/stephane/libmodbus/issues/749", "https://github.com/stephane/libmodbus/issues/749", "https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html"]
+
+[[affected]]
+pkg = "LibModbus_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-36844"
+imported = 2025-11-04T03:30:39.973Z
+modified = 2025-11-03T21:16:13.250Z
+published = 2024-05-31T20:15:10.380Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-36844"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-36844"
+```
+
+# libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer
+
+libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5oked-174xk95.md b/advisories/published/2025/JLSEC-0000-mnss5oked-174xk95.md
new file mode 100644
index 00000000..0a480163
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5oked-174xk95.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5oked-174xk95"
+modified = 2025-11-04T03:30:40.837Z
+upstream = ["CVE-2024-36845"]
+references = ["https://github.com/stephane/libmodbus/issues/750", "https://github.com/stephane/libmodbus/issues/750", "https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html"]
+
+[[affected]]
+pkg = "LibModbus_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-36845"
+imported = 2025-11-04T03:30:40.837Z
+modified = 2025-11-03T21:16:13.450Z
+published = 2024-05-31T20:15:10.463Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-36845"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-36845"
+```
+
+# An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a ...
+
+An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5p00o-1p70ndf.md b/advisories/published/2025/JLSEC-0000-mnss5p00o-1p70ndf.md
new file mode 100644
index 00000000..b01c2379
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5p00o-1p70ndf.md
@@ -0,0 +1,96 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5p00o-1p70ndf"
+modified = 2025-11-04T03:31:01.080Z
+aliases = ["CVE-2024-5535"]
+references = ["https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37", "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e", "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c", "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c", "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c", "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87", "https://www.openssl.org/news/secadv/20240627.txt", "http://www.openwall.com/lists/oss-security/2024/06/27/1", "http://www.openwall.com/lists/oss-security/2024/06/28/4", "http://www.openwall.com/lists/oss-security/2024/08/15/1", "https://github.com/openssl/openssl/commit/4ada436a1946cbb24db5ab4ca082b69c1bc10f37", "https://github.com/openssl/openssl/commit/99fb785a5f85315b95288921a321a935ea29a51e", "https://github.com/openssl/openssl/commit/cf6f91f6121f4db167405db2f0de410a456f260c", "https://github.com/openssl/openssl/commit/e86ac436f0bd54d4517745483e2315650fae7b2c", "https://github.openssl.org/openssl/extended-releases/commit/9947251413065a05189a63c9b7a6c1d4e224c21c", "https://github.openssl.org/openssl/extended-releases/commit/b78ec0824da857223486660177d3b1f255c65d87", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://security.netapp.com/advisory/ntap-20240712-0005/", "https://security.netapp.com/advisory/ntap-20241025-0006/", "https://security.netapp.com/advisory/ntap-20241025-0010/", "https://www.openssl.org/news/secadv/20240627.txt"]
+
+[[affected]]
+pkg = "OpenSSL_jll"
+ranges = ["< 3.0.15+0"]
+[[affected]]
+pkg = "Openresty_jll"
+ranges = ["< 1.27.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-5535"
+imported = 2025-11-04T03:31:01.080Z
+modified = 2025-11-03T23:17:30.510Z
+published = 2024-06-27T11:15:24.447Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-5535"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-5535"
+[[jlsec_sources]]
+id = "EUVD-2024-46737"
+imported = 2025-11-04T03:31:01.389Z
+modified = 2025-11-03T22:32:30.000Z
+published = 2024-06-27T10:30:53.000Z
+url = "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2024-46737"
+html_url = "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-46737"
+fields = ["affected"]
+```
+
+# Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client...
+
+Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an
+empty supported client protocols buffer may cause a crash or memory contents to
+be sent to the peer.
+
+Impact summary: A buffer overread can have a range of potential consequences
+such as unexpected application beahviour or a crash. In particular this issue
+could result in up to 255 bytes of arbitrary private data from memory being sent
+to the peer leading to a loss of confidentiality. However, only applications
+that directly call the SSL_select_next_proto function with a 0 length list of
+supported client protocols are affected by this issue. This would normally never
+be a valid scenario and is typically not under attacker control but may occur by
+accident in the case of a configuration or programming error in the calling
+application.
+
+The OpenSSL API function SSL_select_next_proto is typically used by TLS
+applications that support ALPN (Application Layer Protocol Negotiation) or NPN
+(Next Protocol Negotiation). NPN is older, was never standardised and
+is deprecated in favour of ALPN. We believe that ALPN is significantly more
+widely deployed than NPN. The SSL_select_next_proto function accepts a list of
+protocols from the server and a list of protocols from the client and returns
+the first protocol that appears in the server list that also appears in the
+client list. In the case of no overlap between the two lists it returns the
+first item in the client list. In either case it will signal whether an overlap
+between the two lists was found. In the case where SSL_select_next_proto is
+called with a zero length client list it fails to notice this condition and
+returns the memory immediately following the client list pointer (and reports
+that there was no overlap in the lists).
+
+This function is typically called from a server side application callback for
+ALPN or a client side application callback for NPN. In the case of ALPN the list
+of protocols supplied by the client is guaranteed by libssl to never be zero in
+length. The list of server protocols comes from the application and should never
+normally be expected to be of zero length. In this case if the
+SSL_select_next_proto function has been called as expected (with the list
+supplied by the client passed in the client/client_len parameters), then the
+application will not be vulnerable to this issue. If the application has
+accidentally been configured with a zero length server list, and has
+accidentally passed that zero length server list in the client/client_len
+parameters, and has additionally failed to correctly handle a "no overlap"
+response (which would normally result in a handshake failure in ALPN) then it
+will be vulnerable to this problem.
+
+In the case of NPN, the protocol permits the client to opportunistically select
+a protocol when there is no overlap. OpenSSL returns the first client protocol
+in the no overlap case in support of this. The list of client protocols comes
+from the application and should never normally be expected to be of zero length.
+However if the SSL_select_next_proto function is accidentally called with a
+client_len of 0 then an invalid memory pointer will be returned instead. If the
+application uses this output as the opportunistic protocol then the loss of
+confidentiality will occur.
+
+This issue has been assessed as Low severity because applications are most
+likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not
+widely used. It also requires an application configuration or programming error.
+Finally, this issue would not typically be under attacker control making active
+exploitation unlikely.
+
+The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
+
+Due to the low severity of this issue we are not issuing new releases of
+OpenSSL at this time. The fix will be included in the next releases when they
+become available.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5p528-rsoexr.md b/advisories/published/2025/JLSEC-0000-mnss5p528-rsoexr.md
new file mode 100644
index 00000000..2ed16a44
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5p528-rsoexr.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5p528-rsoexr"
+modified = 2025-11-04T03:31:07.616Z
+upstream = ["CVE-2024-37371"]
+references = ["https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", "https://web.mit.edu/kerberos/www/advisories/", "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", "https://security.netapp.com/advisory/ntap-20241108-0009/", "https://security.netapp.com/advisory/ntap-20250124-0010/", "https://web.mit.edu/kerberos/www/advisories/"]
+
+[[affected]]
+pkg = "Kerberos_krb5_jll"
+ranges = ["< 1.21.3+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-37371"
+imported = 2025-11-04T03:31:07.616Z
+modified = 2025-11-03T21:16:13.997Z
+published = 2024-06-28T23:15:11.603Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-37371"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-37371"
+```
+
+# In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS me...
+
+In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5p72a-tz1b8.md b/advisories/published/2025/JLSEC-0000-mnss5p72a-tz1b8.md
new file mode 100644
index 00000000..f9b719fc
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5p72a-tz1b8.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5p72a-tz1b8"
+modified = 2025-11-04T03:31:10.210Z
+upstream = ["CVE-2024-6381"]
+references = ["https://jira.mongodb.org/browse/CDRIVER-5622", "https://jira.mongodb.org/browse/CDRIVER-5622", "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"]
+
+[[affected]]
+pkg = "MongoC_jll"
+ranges = ["< 1.28.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-6381"
+imported = 2025-11-04T03:31:10.210Z
+modified = 2025-11-03T20:17:03.300Z
+published = 2024-07-02T18:15:03.963Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-6381"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-6381"
+```
+
+# The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow...
+
+The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5sjqn-kq0tt2.md b/advisories/published/2025/JLSEC-0000-mnss5sjqn-kq0tt2.md
new file mode 100644
index 00000000..4fe85f8a
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5sjqn-kq0tt2.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5sjqn-kq0tt2"
+modified = 2025-11-04T03:33:46.607Z
+upstream = ["CVE-2024-7006"]
+references = ["https://access.redhat.com/errata/RHSA-2024:6360", "https://access.redhat.com/errata/RHSA-2024:8833", "https://access.redhat.com/errata/RHSA-2024:8914", "https://access.redhat.com/security/cve/CVE-2024-7006", "https://bugzilla.redhat.com/show_bug.cgi?id=2302996", "https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html", "https://security.netapp.com/advisory/ntap-20240920-0001/"]
+
+[[affected]]
+pkg = "Libtiff_jll"
+ranges = ["< 4.7.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-7006"
+imported = 2025-11-04T03:33:46.607Z
+modified = 2025-11-03T21:18:47.940Z
+published = 2024-08-12T13:38:40.577Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-7006"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-7006"
+```
+
+# A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`
+
+A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5ti97-130k0dt.md b/advisories/published/2025/JLSEC-0000-mnss5ti97-130k0dt.md
new file mode 100644
index 00000000..11f77f5d
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5ti97-130k0dt.md
@@ -0,0 +1,30 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5ti97-130k0dt"
+modified = 2025-11-04T03:34:31.339Z
+upstream = ["CVE-2024-7592"]
+references = ["https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621", "https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef", "https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06", "https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a", "https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f", "https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774", "https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1", "https://github.com/python/cpython/issues/123067", "https://github.com/python/cpython/pull/123075", "https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://security.netapp.com/advisory/ntap-20241018-0006/"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.16+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-7592"
+imported = 2025-11-04T03:34:31.339Z
+modified = 2025-11-03T23:17:31.847Z
+published = 2024-08-19T19:15:08.180Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-7592"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-7592"
+```
+
+# There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard li...
+
+There is a LOW severity vulnerability affecting CPython, specifically the
+'http.cookies' standard library module.
+
+When parsing cookies that contained backslashes for quoted characters in
+the cookie value, the parser would use an algorithm with quadratic
+complexity, resulting in excess CPU resources being used while parsing the
+value.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5u7cc-1lt55ys.md b/advisories/published/2025/JLSEC-0000-mnss5u7cc-1lt55ys.md
new file mode 100644
index 00000000..8511bdd0
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5u7cc-1lt55ys.md
@@ -0,0 +1,26 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5u7cc-1lt55ys"
+modified = 2025-11-04T03:35:03.852Z
+upstream = ["CVE-2024-6232"]
+references = ["https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4", "https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06", "https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4", "https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d", "https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877", "https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf", "https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373", "https://github.com/python/cpython/issues/121285", "https://github.com/python/cpython/pull/121286", "https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/", "http://www.openwall.com/lists/oss-security/2024/09/03/5", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://security.netapp.com/advisory/ntap-20241018-0007/"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.16+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-6232"
+imported = 2025-11-04T03:35:03.852Z
+modified = 2025-11-03T23:17:30.710Z
+published = 2024-09-03T13:15:05.363Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-6232"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-6232"
+```
+
+# There is a MEDIUM severity vulnerability affecting CPython.
+
+There is a MEDIUM severity vulnerability affecting CPython.
+
+Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5wp8z-9k8p8o.md b/advisories/published/2025/JLSEC-0000-mnss5wp8z-9k8p8o.md
new file mode 100644
index 00000000..883d30cb
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5wp8z-9k8p8o.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5wp8z-9k8p8o"
+modified = 2025-11-04T03:37:00.371Z
+upstream = ["CVE-2024-47814"]
+references = ["https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3", "https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg", "https://lists.debian.org/debian-lts-announce/2025/03/msg00023.html", "https://security.netapp.com/advisory/ntap-20250411-0009/"]
+
+[[affected]]
+pkg = "Vim_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47814"
+imported = 2025-11-04T03:37:00.371Z
+modified = 2025-11-03T21:16:30.517Z
+published = 2024-10-07T22:15:03.657Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47814"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47814"
+```
+
+# Vim is an open source, command line text editor
+
+Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5x18y-xlr4qi.md b/advisories/published/2025/JLSEC-0000-mnss5x18y-xlr4qi.md
new file mode 100644
index 00000000..acb89073
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5x18y-xlr4qi.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5x18y-xlr4qi"
+modified = 2025-11-04T03:37:15.922Z
+upstream = ["CVE-2024-48958"]
+references = ["https://github.com/libarchive/libarchive/compare/v3.7.4...v3.7.5", "https://github.com/libarchive/libarchive/pull/2148", "https://github.com/terrynini/CVE-Reports/tree/main/CVE-2024-48958", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/8"]
+
+[[affected]]
+pkg = "LibArchive_jll"
+ranges = [">= 3.7.4+0, < 3.7.9+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-48958"
+imported = 2025-11-04T03:37:15.922Z
+modified = 2025-11-03T21:16:31.263Z
+published = 2024-10-10T02:15:03.057Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-48958"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-48958"
+```
+
+# execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-b...
+
+execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss5zrrk-1icit5p.md b/advisories/published/2025/JLSEC-0000-mnss5zrrk-1icit5p.md
new file mode 100644
index 00000000..9dc79ce8
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss5zrrk-1icit5p.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss5zrrk-1icit5p"
+modified = 2025-11-04T03:39:23.600Z
+upstream = ["CVE-2024-9287"]
+references = ["https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7", "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db", "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8", "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97", "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b", "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483", "https://github.com/python/cpython/issues/124651", "https://github.com/python/cpython/pull/124712", "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/", "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html", "https://security.netapp.com/advisory/ntap-20250425-0006/"]
+
+[[affected]]
+pkg = "Python_jll"
+ranges = ["< 3.10.16+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-9287"
+imported = 2025-11-04T03:39:23.600Z
+modified = 2025-11-03T23:17:33.603Z
+published = 2024-10-22T17:15:06.697Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-9287"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-9287"
+```
+
+# A vulnerability has been found in the CPython `venv` module and CLI where path names provided when c...
+
+A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6108s-1myh3y7.md b/advisories/published/2025/JLSEC-0000-mnss6108s-1myh3y7.md
new file mode 100644
index 00000000..390b18a0
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6108s-1myh3y7.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6108s-1myh3y7"
+modified = 2025-11-04T03:40:21.244Z
+upstream = ["CVE-2024-10525"]
+references = ["https://github.com/eclipse-mosquitto/mosquitto/commit/8ab20b4ba4204fdcdec78cb4d9f03c944a6e0e1c", "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/190", "https://mosquitto.org/blog/2024/10/version-2-0-19-released/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"]
+
+[[affected]]
+pkg = "mosquitto_client_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-10525"
+imported = 2025-11-04T03:40:21.244Z
+modified = 2025-11-03T21:16:03.947Z
+published = 2024-10-30T12:15:02.787Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-10525"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-10525"
+```
+
+# In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBAC...
+
+In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss610l9-17bu0bd.md b/advisories/published/2025/JLSEC-0000-mnss610l9-17bu0bd.md
new file mode 100644
index 00000000..6a24434b
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss610l9-17bu0bd.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss610l9-17bu0bd"
+modified = 2025-11-04T03:40:21.693Z
+upstream = ["CVE-2024-3935"]
+references = ["https://github.com/eclipse-mosquitto/mosquitto/commit/ae7a804dadac8f2aaedb24336df8496a9680fda9", "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/197", "https://mosquitto.org/blog/2024/10/version-2-0-19-released/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00022.html"]
+
+[[affected]]
+pkg = "mosquitto_client_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-3935"
+imported = 2025-11-04T03:40:21.693Z
+modified = 2025-11-03T21:16:16.427Z
+published = 2024-10-30T12:15:03.090Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-3935"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-3935"
+```
+
+# In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to crea...
+
+In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62gw3-kn29dd.md b/advisories/published/2025/JLSEC-0000-mnss62gw3-kn29dd.md
new file mode 100644
index 00000000..13912526
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62gw3-kn29dd.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62gw3-kn29dd"
+modified = 2025-11-04T03:41:29.475Z
+upstream = ["CVE-2024-46951"]
+references = ["https://bugs.ghostscript.com/show_bug.cgi?id=707991", "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f49812186baa7d1362880673408a6fbe8719b4f8", "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html", "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/", "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"]
+
+[[affected]]
+pkg = "Ghostscript_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-46951"
+imported = 2025-11-04T03:41:29.475Z
+modified = 2025-11-03T23:16:11.283Z
+published = 2024-11-10T21:15:14.880Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-46951"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-46951"
+```
+
+# An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0
+
+An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62h02-ym9d3e.md b/advisories/published/2025/JLSEC-0000-mnss62h02-ym9d3e.md
new file mode 100644
index 00000000..e97829db
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62h02-ym9d3e.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62h02-ym9d3e"
+modified = 2025-11-04T03:41:29.618Z
+upstream = ["CVE-2024-46953"]
+references = ["https://bugs.ghostscript.com/show_bug.cgi?id=707793", "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=1f21a45df0fa3abec4cff12951022b192dda3c00", "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html", "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/", "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"]
+
+[[affected]]
+pkg = "Ghostscript_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-46953"
+imported = 2025-11-04T03:41:29.618Z
+modified = 2025-11-03T23:16:11.553Z
+published = 2024-11-10T22:15:12.750Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-46953"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-46953"
+```
+
+# An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0
+
+An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62h3v-2trjw2.md b/advisories/published/2025/JLSEC-0000-mnss62h3v-2trjw2.md
new file mode 100644
index 00000000..67f8387b
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62h3v-2trjw2.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62h3v-2trjw2"
+modified = 2025-11-04T03:41:29.755Z
+upstream = ["CVE-2024-46955"]
+references = ["https://bugs.ghostscript.com/show_bug.cgi?id=707990", "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6", "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html", "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/", "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"]
+
+[[affected]]
+pkg = "Ghostscript_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-46955"
+imported = 2025-11-04T03:41:29.755Z
+modified = 2025-11-03T23:16:11.800Z
+published = 2024-11-10T22:15:12.887Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-46955"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-46955"
+```
+
+# An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0
+
+An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62hga-kulxa7.md b/advisories/published/2025/JLSEC-0000-mnss62hga-kulxa7.md
new file mode 100644
index 00000000..87fbf190
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62hga-kulxa7.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62hga-kulxa7"
+modified = 2025-11-04T03:41:30.202Z
+upstream = ["CVE-2024-46956"]
+references = ["https://bugs.ghostscript.com/show_bug.cgi?id=707895", "https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=f4151f12db32cd3ed26c24327de714bf2c3ed6ca", "https://github.com/ArtifexSoftware/ghostpdl/blob/master/doc/News.html", "https://www.suse.com/support/update/announcement/2024/suse-su-20243942-1/", "https://lists.debian.org/debian-lts-announce/2024/11/msg00023.html"]
+
+[[affected]]
+pkg = "Ghostscript_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-46956"
+imported = 2025-11-04T03:41:30.202Z
+modified = 2025-11-03T23:16:12.043Z
+published = 2024-11-10T22:15:12.943Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-46956"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-46956"
+```
+
+# An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0
+
+An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62hso-1ll9gw4.md b/advisories/published/2025/JLSEC-0000-mnss62hso-1ll9gw4.md
new file mode 100644
index 00000000..899e21d7
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62hso-1ll9gw4.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62hso-1ll9gw4"
+modified = 2025-11-04T03:41:30.648Z
+upstream = ["CVE-2024-52530"]
+references = ["https://gitlab.gnome.org/GNOME/libsoup/-/issues/377", "https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/402", "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", "https://lists.debian.org/debian-lts-announce/2024/12/msg00014.html"]
+
+[[affected]]
+pkg = "Soup3_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-52530"
+imported = 2025-11-04T03:41:30.648Z
+modified = 2025-11-03T23:17:14.843Z
+published = 2024-11-11T20:15:20.247Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-52530"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-52530"
+```
+
+# GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' charact...
+
+GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62ii2-1232kry.md b/advisories/published/2025/JLSEC-0000-mnss62ii2-1232kry.md
new file mode 100644
index 00000000..950e948f
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62ii2-1232kry.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62ii2-1232kry"
+modified = 2025-11-04T03:41:31.562Z
+upstream = ["CVE-2024-52531"]
+references = ["https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407", "https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407#note_2316401", "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", "https://offsec.almond.consulting/using-aflplusplus-on-bug-bounty-programs-an-example-with-gnome-libsoup.html", "https://lists.debian.org/debian-lts-announce/2024/12/msg00014.html"]
+
+[[affected]]
+pkg = "Soup3_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-52531"
+imported = 2025-11-04T03:41:31.562Z
+modified = 2025-11-03T23:17:15.063Z
+published = 2024-11-11T20:15:20.313Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-52531"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-52531"
+```
+
+# GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8...
+
+GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an application may want to retrieve the content type of a request or response).
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62imi-1pdv88b.md b/advisories/published/2025/JLSEC-0000-mnss62imi-1pdv88b.md
new file mode 100644
index 00000000..5e264487
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62imi-1pdv88b.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62imi-1pdv88b"
+modified = 2025-11-04T03:41:31.722Z
+upstream = ["CVE-2024-52532"]
+references = ["https://gitlab.gnome.org/GNOME/libsoup/-/issues/391", "https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/410", "https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home", "https://lists.debian.org/debian-lts-announce/2024/12/msg00014.html"]
+
+[[affected]]
+pkg = "Soup3_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-52532"
+imported = 2025-11-04T03:41:31.722Z
+modified = 2025-11-03T23:17:15.310Z
+published = 2024-11-11T20:15:20.370Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-52532"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-52532"
+```
+
+# GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption
+
+GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62mft-1lumd3.md b/advisories/published/2025/JLSEC-0000-mnss62mft-1lumd3.md
new file mode 100644
index 00000000..c1f1a91c
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62mft-1lumd3.md
@@ -0,0 +1,64 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62mft-1lumd3"
+modified = 2025-11-04T03:41:36.665Z
+aliases = ["CVE-2024-4741"]
+references = ["https://github.com/openssl/openssl/commit/704f725b96aa373ee45ecfb23f6abfe8be8d9177", "https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d", "https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac", "https://github.com/openssl/openssl/commit/e5093133c35ca82874ad83697af76f4b0f7e3bd8", "https://github.openssl.org/openssl/extended-releases/commit/f7a045f3143fc6da2ee66bf52d8df04829590dd4", "https://www.openssl.org/news/secadv/20240528.txt", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html"]
+
+[[affected]]
+pkg = "OpenSSL_jll"
+ranges = ["< 3.0.14+0"]
+[[affected]]
+pkg = "Openresty_jll"
+ranges = [">= 1.19.9+0, < 1.27.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-4741"
+imported = 2025-11-04T03:41:36.665Z
+modified = 2025-11-03T23:16:37.997Z
+published = 2024-11-13T11:15:04.480Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-4741"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-4741"
+[[jlsec_sources]]
+id = "EUVD-2024-44338"
+imported = 2025-11-04T03:41:37.241Z
+modified = 2024-11-13T14:49:05.000Z
+published = 2024-11-13T10:20:50.000Z
+url = "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2024-44338"
+html_url = "https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-44338"
+fields = ["affected"]
+```
+
+# Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed tha...
+
+Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause
+memory to be accessed that was previously freed in some situations
+
+Impact summary: A use after free can have a range of potential consequences such
+as the corruption of valid data, crashes or execution of arbitrary code.
+However, only applications that directly call the SSL_free_buffers function are
+affected by this issue. Applications that do not call this function are not
+vulnerable. Our investigations indicate that this function is rarely used by
+applications.
+
+The SSL_free_buffers function is used to free the internal OpenSSL buffer used
+when processing an incoming record from the network. The call is only expected
+to succeed if the buffer is not currently in use. However, two scenarios have
+been identified where the buffer is freed even when still in use.
+
+The first scenario occurs where a record header has been received from the
+network and processed by OpenSSL, but the full record body has not yet arrived.
+In this case calling SSL_free_buffers will succeed even though a record has only
+been partially processed and the buffer is still in use.
+
+The second scenario occurs where a full record containing application data has
+been received and processed by OpenSSL but the application has only read part of
+this data. Again a call to SSL_free_buffers will succeed even though the buffer
+is still in use.
+
+While these scenarios could occur accidentally during normal operation a
+malicious attacker could attempt to engineer a stituation where this occurs.
+We are not aware of this issue being actively exploited.
+
+The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62o7p-2ujnk1.md b/advisories/published/2025/JLSEC-0000-mnss62o7p-2ujnk1.md
new file mode 100644
index 00000000..a4fdeca4
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62o7p-2ujnk1.md
@@ -0,0 +1,27 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62o7p-2ujnk1"
+modified = 2025-11-04T03:41:38.965Z
+upstream = ["CVE-2024-3447"]
+references = ["https://access.redhat.com/security/cve/CVE-2024-3447", "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813", "https://bugzilla.redhat.com/show_bug.cgi?id=2274123", "https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/", "https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html", "https://security.netapp.com/advisory/ntap-20250425-0005/"]
+
+[[affected]]
+pkg = "Qemu_jll"
+ranges = ["*"]
+[[affected]]
+pkg = "Qemu_static_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-3447"
+imported = 2025-11-04T03:41:38.965Z
+modified = 2025-11-03T20:16:26.963Z
+published = 2024-11-14T12:15:17.743Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-3447"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-3447"
+```
+
+# A heap-based buffer overflow was found in the SDHCI device emulation of QEMU
+
+A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of  `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62obw-17h1ezf.md b/advisories/published/2025/JLSEC-0000-mnss62obw-17h1ezf.md
new file mode 100644
index 00000000..24c64f04
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62obw-17h1ezf.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62obw-17h1ezf"
+modified = 2025-11-04T03:41:39.116Z
+upstream = ["CVE-2024-10976"]
+references = ["https://www.postgresql.org/support/security/CVE-2024-10976/", "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html", "https://security.netapp.com/advisory/ntap-20250509-0010/"]
+
+[[affected]]
+pkg = "LibPQ_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-10976"
+imported = 2025-11-04T03:41:39.116Z
+modified = 2025-11-03T22:16:36.700Z
+published = 2024-11-14T13:15:03.793Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-10976"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-10976"
+```
+
+# Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or chang...
+
+Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended.  CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes.  They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy.  This has the same consequences as the two earlier CVEs.  That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles.  This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs.  Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications.  This affects only databases that have used CREATE POLICY to define a row security policy.  An attacker must tailor an attack to a particular application's pattern of query plan reuse, user ID changes, and role-specific row security policies.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62ouc-1487831.md b/advisories/published/2025/JLSEC-0000-mnss62ouc-1487831.md
new file mode 100644
index 00000000..4baa94aa
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62ouc-1487831.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62ouc-1487831"
+modified = 2025-11-04T03:41:39.780Z
+upstream = ["CVE-2024-10977"]
+references = ["https://www.postgresql.org/support/security/CVE-2024-10977/", "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html"]
+
+[[affected]]
+pkg = "LibPQ_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-10977"
+imported = 2025-11-04T03:41:39.780Z
+modified = 2025-11-03T22:16:36.810Z
+published = 2024-11-14T13:15:04.023Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-10977"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-10977"
+```
+
+# Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GS...
+
+Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application.  For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results.  This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62oya-add8za.md b/advisories/published/2025/JLSEC-0000-mnss62oya-add8za.md
new file mode 100644
index 00000000..d584f76c
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62oya-add8za.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62oya-add8za"
+modified = 2025-11-04T03:41:39.922Z
+upstream = ["CVE-2024-10978"]
+references = ["https://www.postgresql.org/support/security/CVE-2024-10978/", "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00018.html", "https://www.postgresql.org/message-id/173171334532.1547978.1518068370217143844%40wrigleys.postgresql.org"]
+
+[[affected]]
+pkg = "LibPQ_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-10978"
+imported = 2025-11-04T03:41:39.922Z
+modified = 2025-11-03T22:16:36.917Z
+published = 2024-11-14T13:15:04.217Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-10978"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-10978"
+```
+
+# Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or ch...
+
+Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended.  An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature.  The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker.  If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION.  The attacker does not control which incorrect user ID applies.  Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss62pgs-1ltf6kt.md b/advisories/published/2025/JLSEC-0000-mnss62pgs-1ltf6kt.md
new file mode 100644
index 00000000..493b6172
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss62pgs-1ltf6kt.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss62pgs-1ltf6kt"
+modified = 2025-11-04T03:41:40.588Z
+upstream = ["CVE-2024-10979"]
+references = ["https://www.postgresql.org/support/security/CVE-2024-10979/", "https://github.com/fmora50591/postgresql-env-vuln/blob/main/README.md", "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html", "https://security.netapp.com/advisory/ntap-20250110-0003/"]
+
+[[affected]]
+pkg = "LibPQ_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-10979"
+imported = 2025-11-04T03:41:40.588Z
+modified = 2025-11-03T22:16:37.020Z
+published = 2024-11-14T13:15:04.407Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-10979"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-10979"
+```
+
+# Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database use...
+
+Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH).  That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64bfg-1vniywm.md b/advisories/published/2025/JLSEC-0000-mnss64bfg-1vniywm.md
new file mode 100644
index 00000000..3c6e4f7c
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64bfg-1vniywm.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64bfg-1vniywm"
+modified = 2025-11-04T03:42:55.708Z
+upstream = ["CVE-2024-47537"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0005.html", "https://securitylab.github.com/advisories/GHSL-2024-094_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47537"
+imported = 2025-11-04T03:42:55.708Z
+modified = 2025-11-03T21:16:23.097Z
+published = 2024-12-12T02:03:27.877Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47537"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47537"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64dye-1sc4p21.md b/advisories/published/2025/JLSEC-0000-mnss64dye-1sc4p21.md
new file mode 100644
index 00000000..8aa3c677
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64dye-1sc4p21.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64dye-1sc4p21"
+modified = 2025-11-04T03:42:58.982Z
+upstream = ["CVE-2024-47538"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8035.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0022.html", "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47538"
+imported = 2025-11-04T03:42:58.982Z
+modified = 2025-11-03T23:16:12.917Z
+published = 2024-12-12T02:03:28.070Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47538"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47538"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be `GST_AUDIO_CHANNEL_POSITION_NONE`. This vulnerability allows someone to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the `GstAudioInfo` info structure. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64edz-2tjvwx.md b/advisories/published/2025/JLSEC-0000-mnss64edz-2tjvwx.md
new file mode 100644
index 00000000..6b1928cb
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64edz-2tjvwx.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64edz-2tjvwx"
+modified = 2025-11-04T03:42:59.543Z
+upstream = ["CVE-2024-47539"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0007.html", "https://securitylab.github.com/advisories/GHSL-2024-195_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47539"
+imported = 2025-11-04T03:42:59.543Z
+modified = 2025-11-03T21:16:23.250Z
+published = 2024-12-12T02:03:28.203Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47539"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47539"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64eta-1aszb4r.md b/advisories/published/2025/JLSEC-0000-mnss64eta-1aszb4r.md
new file mode 100644
index 00000000..f5097fcd
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64eta-1aszb4r.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64eta-1aszb4r"
+modified = 2025-11-04T03:43:00.094Z
+upstream = ["CVE-2024-47540"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0017.html", "https://securitylab.github.com/advisories/GHSL-2024-197_GStreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47540"
+imported = 2025-11-04T03:43:00.094Z
+modified = 2025-11-03T21:16:23.427Z
+published = 2024-12-12T02:03:28.343Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47540"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47540"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64exx-w3r4hs.md b/advisories/published/2025/JLSEC-0000-mnss64exx-w3r4hs.md
new file mode 100644
index 00000000..f7d86902
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64exx-w3r4hs.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64exx-w3r4hs"
+modified = 2025-11-04T03:43:00.261Z
+upstream = ["CVE-2024-47541"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8036.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0023.html", "https://securitylab.github.com/advisories/GHSL-2024-228_GStreamer/", "https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47541"
+imported = 2025-11-04T03:43:00.261Z
+modified = 2025-11-03T23:16:13.060Z
+published = 2024-12-12T02:03:28.477Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47541"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47541"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64fam-1lfo1la.md b/advisories/published/2025/JLSEC-0000-mnss64fam-1lfo1la.md
new file mode 100644
index 00000000..4a20c6a8
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64fam-1lfo1la.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64fam-1lfo1la"
+modified = 2025-11-04T03:43:00.718Z
+upstream = ["CVE-2024-47542"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8033.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0008.html", "https://securitylab.github.com/advisories/GHSL-2024-235_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47542"
+imported = 2025-11-04T03:43:00.718Z
+modified = 2025-11-03T23:16:13.203Z
+published = 2024-12-12T02:03:28.630Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47542"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47542"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64fek-s5imac.md b/advisories/published/2025/JLSEC-0000-mnss64fek-s5imac.md
new file mode 100644
index 00000000..dad6cc44
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64fek-s5imac.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64fek-s5imac"
+modified = 2025-11-04T03:43:00.860Z
+upstream = ["CVE-2024-47543"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0009.html", "https://securitylab.github.com/advisories/GHSL-2024-236_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47543"
+imported = 2025-11-04T03:43:00.860Z
+modified = 2025-11-03T21:16:23.563Z
+published = 2024-12-12T02:03:28.807Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47543"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47543"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64fqx-uhdebc.md b/advisories/published/2025/JLSEC-0000-mnss64fqx-uhdebc.md
new file mode 100644
index 00000000..a500ed09
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64fqx-uhdebc.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64fqx-uhdebc"
+modified = 2025-11-04T03:43:01.305Z
+upstream = ["CVE-2024-47544"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0011.html", "https://securitylab.github.com/advisories/GHSL-2024-238_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47544"
+imported = 2025-11-04T03:43:01.305Z
+modified = 2025-11-03T21:16:23.700Z
+published = 2024-12-12T02:03:28.950Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47544"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47544"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64g3n-16fecb4.md b/advisories/published/2025/JLSEC-0000-mnss64g3n-16fecb4.md
new file mode 100644
index 00000000..5cede5b9
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64g3n-16fecb4.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64g3n-16fecb4"
+modified = 2025-11-04T03:43:01.763Z
+upstream = ["CVE-2024-47545"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0010.html", "https://securitylab.github.com/advisories/GHSL-2024-242_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47545"
+imported = 2025-11-04T03:43:01.763Z
+modified = 2025-11-03T21:16:23.840Z
+published = 2024-12-12T02:03:29.083Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47545"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47545"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64g89-hqd1ho.md b/advisories/published/2025/JLSEC-0000-mnss64g89-hqd1ho.md
new file mode 100644
index 00000000..488845ee
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64g89-hqd1ho.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64g89-hqd1ho"
+modified = 2025-11-04T03:43:01.929Z
+upstream = ["CVE-2024-47546"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0013.html", "https://securitylab.github.com/advisories/GHSL-2024-243_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47546"
+imported = 2025-11-04T03:43:01.929Z
+modified = 2025-11-03T21:16:23.970Z
+published = 2024-12-12T02:03:29.210Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47546"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47546"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss64irb-1us5iyp.md b/advisories/published/2025/JLSEC-0000-mnss64irb-1us5iyp.md
new file mode 100644
index 00000000..282f31a6
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss64irb-1us5iyp.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss64irb-1us5iyp"
+modified = 2025-11-04T03:43:05.207Z
+upstream = ["CVE-2024-47596"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0015.html", "https://securitylab.github.com/advisories/GHSL-2024-244_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47596"
+imported = 2025-11-04T03:43:05.207Z
+modified = 2025-11-03T21:16:24.093Z
+published = 2024-12-12T02:03:31.010Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47596"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47596"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t3on-1tgdqev.md b/advisories/published/2025/JLSEC-0000-mnss6t3on-1tgdqev.md
new file mode 100644
index 00000000..97ea2ad5
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t3on-1tgdqev.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t3on-1tgdqev"
+modified = 2025-11-04T04:02:12.071Z
+upstream = ["CVE-2024-47597"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0012.html", "https://securitylab.github.com/advisories/GHSL-2024-245_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47597"
+imported = 2025-11-04T04:02:12.071Z
+modified = 2025-11-03T21:16:24.207Z
+published = 2024-12-12T02:03:31.137Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47597"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47597"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t3su-yq0vc1.md b/advisories/published/2025/JLSEC-0000-mnss6t3su-yq0vc1.md
new file mode 100644
index 00000000..a2b33ec8
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t3su-yq0vc1.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t3su-yq0vc1"
+modified = 2025-11-04T04:02:12.222Z
+upstream = ["CVE-2024-47598"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0006.html", "https://securitylab.github.com/advisories/GHSL-2024-246_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47598"
+imported = 2025-11-04T04:02:12.222Z
+modified = 2025-11-03T21:16:24.337Z
+published = 2024-12-12T02:03:31.283Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47598"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47598"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn’t properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t688-aaupw6.md b/advisories/published/2025/JLSEC-0000-mnss6t688-aaupw6.md
new file mode 100644
index 00000000..57b2c81a
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t688-aaupw6.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t688-aaupw6"
+modified = 2025-11-04T04:02:15.368Z
+upstream = ["CVE-2024-47599"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0016.html", "https://securitylab.github.com/advisories/GHSL-2024-247_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47599"
+imported = 2025-11-04T04:02:15.368Z
+modified = 2025-11-03T21:16:24.460Z
+published = 2024-12-12T02:03:31.440Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47599"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47599"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t6c1-12fccyv.md b/advisories/published/2025/JLSEC-0000-mnss6t6c1-12fccyv.md
new file mode 100644
index 00000000..6ba5d68c
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t6c1-12fccyv.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t6c1-12fccyv"
+modified = 2025-11-04T04:02:15.505Z
+upstream = ["CVE-2024-47600"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0018.html", "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47600"
+imported = 2025-11-04T04:02:15.505Z
+modified = 2025-11-03T23:16:13.350Z
+published = 2024-12-12T02:03:31.577Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47600"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47600"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t6fr-12ooo4h.md b/advisories/published/2025/JLSEC-0000-mnss6t6fr-12ooo4h.md
new file mode 100644
index 00000000..b3a1a22d
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t6fr-12ooo4h.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t6fr-12ooo4h"
+modified = 2025-11-04T04:02:15.639Z
+upstream = ["CVE-2024-47601"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0020.html", "https://securitylab.github.com/advisories/GHSL-2024-249_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47601"
+imported = 2025-11-04T04:02:15.639Z
+modified = 2025-11-03T21:16:24.573Z
+published = 2024-12-12T02:03:31.727Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47601"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47601"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t6je-ft09a0.md b/advisories/published/2025/JLSEC-0000-mnss6t6je-ft09a0.md
new file mode 100644
index 00000000..4ade3e50
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t6je-ft09a0.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t6je-ft09a0"
+modified = 2025-11-04T04:02:15.770Z
+upstream = ["CVE-2024-47602"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0019.html", "https://securitylab.github.com/advisories/GHSL-2024-250_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47602"
+imported = 2025-11-04T04:02:15.770Z
+modified = 2025-11-03T21:16:24.690Z
+published = 2024-12-12T02:03:31.893Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47602"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47602"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t6n3-1ehezbo.md b/advisories/published/2025/JLSEC-0000-mnss6t6n3-1ehezbo.md
new file mode 100644
index 00000000..6835b64b
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t6n3-1ehezbo.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t6n3-1ehezbo"
+modified = 2025-11-04T04:02:15.903Z
+upstream = ["CVE-2024-47603"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0021.html", "https://securitylab.github.com/advisories/GHSL-2024-251_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47603"
+imported = 2025-11-04T04:02:15.903Z
+modified = 2025-11-03T21:16:24.827Z
+published = 2024-12-12T02:03:32.033Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47603"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47603"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t6r1-w63t3x.md b/advisories/published/2025/JLSEC-0000-mnss6t6r1-w63t3x.md
new file mode 100644
index 00000000..d981130e
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t6r1-w63t3x.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t6r1-w63t3x"
+modified = 2025-11-04T04:02:16.045Z
+upstream = ["CVE-2024-47606"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0014.html", "https://securitylab.github.com/advisories/GHSL-2024-166_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2024/12/msg00016.html", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html", "https://security.netapp.com/advisory/ntap-20250418-0003/"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47606"
+imported = 2025-11-04T04:02:16.045Z
+modified = 2025-11-03T21:16:24.987Z
+published = 2024-12-12T02:03:32.220Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47606"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47606"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t76u-jsfshf.md b/advisories/published/2025/JLSEC-0000-mnss6t76u-jsfshf.md
new file mode 100644
index 00000000..2326609d
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t76u-jsfshf.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t76u-jsfshf"
+modified = 2025-11-04T04:02:16.614Z
+upstream = ["CVE-2024-47607"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8037.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0024.html", "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47607"
+imported = 2025-11-04T04:02:16.614Z
+modified = 2025-11-03T23:16:13.477Z
+published = 2024-12-12T02:03:32.363Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47607"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47607"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components.  stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t7m5-1gnqkni.md b/advisories/published/2025/JLSEC-0000-mnss6t7m5-1gnqkni.md
new file mode 100644
index 00000000..b026d538
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t7m5-1gnqkni.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t7m5-1gnqkni"
+modified = 2025-11-04T04:02:17.165Z
+upstream = ["CVE-2024-47613"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0025.html", "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47613"
+imported = 2025-11-04T04:02:17.165Z
+modified = 2025-11-03T21:16:25.160Z
+published = 2024-12-12T02:03:32.740Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47613"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47613"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. This function invokes `memcpy`, using `out_pix` as the destination address. `out_pix` is expected to point to the frame 0 from the frame structure, which is read from the input file. However, in certain situations, it can points to a NULL frame, causing the subsequent call to `memcpy` to attempt writing to the null address (0x00), leading to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t7qf-qb6bwf.md b/advisories/published/2025/JLSEC-0000-mnss6t7qf-qb6bwf.md
new file mode 100644
index 00000000..8b2eb432
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t7qf-qb6bwf.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t7qf-qb6bwf"
+modified = 2025-11-04T04:02:17.319Z
+upstream = ["CVE-2024-47615"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8038.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0026.html", "https://securitylab.github.com/advisories/GHSL-2024-115_GHSL-2024-118_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47615"
+imported = 2025-11-04T04:02:17.319Z
+modified = 2025-11-03T23:16:13.613Z
+published = 2024-12-12T02:03:32.940Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47615"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47615"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t7uj-7u4hom.md b/advisories/published/2025/JLSEC-0000-mnss6t7uj-7u4hom.md
new file mode 100644
index 00000000..8cd19330
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t7uj-7u4hom.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t7uj-7u4hom"
+modified = 2025-11-04T04:02:17.467Z
+upstream = ["CVE-2024-47774"]
+references = ["https://github.com/github/securitylab-vulnerabilities/issues/1826", "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043.patch", "https://securitylab.github.com/advisories/GHSL-2024-262_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47774"
+imported = 2025-11-04T04:02:17.467Z
+modified = 2025-11-03T21:16:29.720Z
+published = 2024-12-12T02:03:40.297Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47774"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47774"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t7yl-13dkt3q.md b/advisories/published/2025/JLSEC-0000-mnss6t7yl-13dkt3q.md
new file mode 100644
index 00000000..72313d34
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t7yl-13dkt3q.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t7yl-13dkt3q"
+modified = 2025-11-04T04:02:17.613Z
+upstream = ["CVE-2024-47775"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0027.html", "https://securitylab.github.com/advisories/GHSL-2024-261_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47775"
+imported = 2025-11-04T04:02:17.613Z
+modified = 2025-11-03T21:16:29.853Z
+published = 2024-12-12T02:03:40.430Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47775"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47775"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t829-t5il7s.md b/advisories/published/2025/JLSEC-0000-mnss6t829-t5il7s.md
new file mode 100644
index 00000000..e0c38a43
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t829-t5il7s.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t829-t5il7s"
+modified = 2025-11-04T04:02:17.745Z
+upstream = ["CVE-2024-47776"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0027.html", "https://securitylab.github.com/advisories/GHSL-2024-260_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47776"
+imported = 2025-11-04T04:02:17.745Z
+modified = 2025-11-03T21:16:29.987Z
+published = 2024-12-12T02:03:40.557Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47776"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47776"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison  if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t860-3prlb4.md b/advisories/published/2025/JLSEC-0000-mnss6t860-3prlb4.md
new file mode 100644
index 00000000..7de43400
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t860-3prlb4.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t860-3prlb4"
+modified = 2025-11-04T04:02:17.880Z
+upstream = ["CVE-2024-47777"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0027.html", "https://securitylab.github.com/advisories/GHSL-2024-259_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47777"
+imported = 2025-11-04T04:02:17.880Z
+modified = 2025-11-03T21:16:30.127Z
+published = 2024-12-12T02:03:40.700Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47777"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47777"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t8a6-1vey6ci.md b/advisories/published/2025/JLSEC-0000-mnss6t8a6-1vey6ci.md
new file mode 100644
index 00000000..16b91b81
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t8a6-1vey6ci.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t8a6-1vey6ci"
+modified = 2025-11-04T04:02:18.030Z
+upstream = ["CVE-2024-47778"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0027.html", "https://securitylab.github.com/advisories/GHSL-2024-258_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47778"
+imported = 2025-11-04T04:02:18.030Z
+modified = 2025-11-03T21:16:30.270Z
+published = 2024-12-12T02:03:40.840Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47778"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47778"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6t8dz-wu1rc8.md b/advisories/published/2025/JLSEC-0000-mnss6t8dz-wu1rc8.md
new file mode 100644
index 00000000..6bf20d24
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6t8dz-wu1rc8.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6t8dz-wu1rc8"
+modified = 2025-11-04T04:02:18.167Z
+upstream = ["CVE-2024-47834"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0030.html", "https://securitylab.github.com/advisories/GHSL-2024-280_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2025/02/msg00035.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47834"
+imported = 2025-11-04T04:02:18.167Z
+modified = 2025-11-03T21:16:30.680Z
+published = 2024-12-12T02:03:43.017Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47834"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47834"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6tazo-1k3516x.md b/advisories/published/2025/JLSEC-0000-mnss6tazo-1k3516x.md
new file mode 100644
index 00000000..92301630
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6tazo-1k3516x.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6tazo-1k3516x"
+modified = 2025-11-04T04:02:21.540Z
+upstream = ["CVE-2024-47835"]
+references = ["https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8039.patch", "https://gstreamer.freedesktop.org/security/sa-2024-0029.html", "https://securitylab.github.com/advisories/GHSL-2024-263_Gstreamer/", "https://lists.debian.org/debian-lts-announce/2024/12/msg00021.html"]
+
+[[affected]]
+pkg = "GStreamer_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-47835"
+imported = 2025-11-04T04:02:21.540Z
+modified = 2025-11-03T23:16:22.930Z
+published = 2024-12-12T02:03:43.163Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-47835"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-47835"
+```
+
+# GStreamer is a library for constructing graphs of media-handling components
+
+GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6u6is-cwvd1l.md b/advisories/published/2025/JLSEC-0000-mnss6u6is-cwvd1l.md
new file mode 100644
index 00000000..bcd36dab
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6u6is-cwvd1l.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6u6is-cwvd1l"
+modified = 2025-11-04T04:03:02.404Z
+upstream = ["CVE-2024-56378"]
+references = ["https://gitlab.freedesktop.org/poppler/poppler/-/blob/30eada0d2bceb42c2d2a87361339063e0b9bea50/CMakeLists.txt#L621", "https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e", "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553", "https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html"]
+
+[[affected]]
+pkg = "Poppler_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2024-56378"
+imported = 2025-11-04T04:03:02.404Z
+modified = 2025-11-03T20:16:51.900Z
+published = 2024-12-23T00:15:05.133Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-56378"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-56378"
+```
+
+# libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bit...
+
+libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6xnfv-qrwrxj.md b/advisories/published/2025/JLSEC-0000-mnss6xnfv-qrwrxj.md
new file mode 100644
index 00000000..4991ecd1
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6xnfv-qrwrxj.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6xnfv-qrwrxj"
+modified = 2025-11-04T04:05:44.299Z
+upstream = ["CVE-2024-12085"]
+references = ["https://access.redhat.com/errata/RHSA-2025:0324", "https://access.redhat.com/errata/RHSA-2025:0325", "https://access.redhat.com/errata/RHSA-2025:0637", "https://access.redhat.com/errata/RHSA-2025:0688", "https://access.redhat.com/errata/RHSA-2025:0714", "https://access.redhat.com/errata/RHSA-2025:0774", "https://access.redhat.com/errata/RHSA-2025:0787", "https://access.redhat.com/errata/RHSA-2025:0790", "https://access.redhat.com/errata/RHSA-2025:0849", "https://access.redhat.com/errata/RHSA-2025:0884", "https://access.redhat.com/errata/RHSA-2025:0885", "https://access.redhat.com/errata/RHSA-2025:1120", "https://access.redhat.com/errata/RHSA-2025:1123", "https://access.redhat.com/errata/RHSA-2025:1128", "https://access.redhat.com/errata/RHSA-2025:1225", "https://access.redhat.com/errata/RHSA-2025:1227", "https://access.redhat.com/errata/RHSA-2025:1242", "https://access.redhat.com/errata/RHSA-2025:1451", "https://access.redhat.com/errata/RHSA-2025:2701", "https://access.redhat.com/security/cve/CVE-2024-12085", "https://bugzilla.redhat.com/show_bug.cgi?id=2330539", "https://kb.cert.org/vuls/id/952657", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://www.kb.cert.org/vuls/id/952657", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"]
+
+[[affected]]
+pkg = "rsync_jll"
+ranges = ["< 3.3.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-12085"
+imported = 2025-11-04T04:05:44.299Z
+modified = 2025-11-03T22:16:39.030Z
+published = 2025-01-14T18:15:25.123Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-12085"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-12085"
+```
+
+# A flaw was found in rsync which could be triggered when rsync compares file checksums
+
+A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6xnfw-t16kf9.md b/advisories/published/2025/JLSEC-0000-mnss6xnfw-t16kf9.md
new file mode 100644
index 00000000..7c1706fc
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6xnfw-t16kf9.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6xnfw-t16kf9"
+modified = 2025-11-04T04:05:44.300Z
+upstream = ["CVE-2024-12086"]
+references = ["https://access.redhat.com/security/cve/CVE-2024-12086", "https://bugzilla.redhat.com/show_bug.cgi?id=2330577", "https://kb.cert.org/vuls/id/952657", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://www.kb.cert.org/vuls/id/952657", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"]
+
+[[affected]]
+pkg = "rsync_jll"
+ranges = ["< 3.4.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-12086"
+imported = 2025-11-04T04:05:44.300Z
+modified = 2025-11-03T22:16:39.200Z
+published = 2025-01-14T18:15:25.297Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-12086"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-12086"
+```
+
+# A flaw was found in rsync
+
+A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6xnfx-p800cx.md b/advisories/published/2025/JLSEC-0000-mnss6xnfx-p800cx.md
new file mode 100644
index 00000000..f0a6fcb2
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6xnfx-p800cx.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6xnfx-p800cx"
+modified = 2025-11-04T04:05:44.301Z
+upstream = ["CVE-2024-12087"]
+references = ["https://access.redhat.com/errata/RHSA-2025:2600", "https://access.redhat.com/errata/RHSA-2025:7050", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12087", "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", "https://kb.cert.org/vuls/id/952657", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://www.kb.cert.org/vuls/id/952657", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"]
+
+[[affected]]
+pkg = "rsync_jll"
+ranges = ["< 3.4.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-12087"
+imported = 2025-11-04T04:05:44.301Z
+modified = 2025-11-03T22:16:39.313Z
+published = 2025-01-14T18:15:25.467Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-12087"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-12087"
+```
+
+# A path traversal vulnerability exists in rsync
+
+A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6xnfy-8e65zp.md b/advisories/published/2025/JLSEC-0000-mnss6xnfy-8e65zp.md
new file mode 100644
index 00000000..925f4c66
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6xnfy-8e65zp.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6xnfy-8e65zp"
+modified = 2025-11-04T04:05:44.302Z
+upstream = ["CVE-2024-12088"]
+references = ["https://access.redhat.com/errata/RHSA-2025:2600", "https://access.redhat.com/errata/RHSA-2025:7050", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12088", "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", "https://kb.cert.org/vuls/id/952657", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://www.kb.cert.org/vuls/id/952657", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"]
+
+[[affected]]
+pkg = "rsync_jll"
+ranges = ["< 3.4.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-12088"
+imported = 2025-11-04T04:05:44.302Z
+modified = 2025-11-03T22:16:39.430Z
+published = 2025-01-14T18:15:25.643Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-12088"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-12088"
+```
+
+# A flaw was found in rsync
+
+A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss6zr3y-18ywtip.md b/advisories/published/2025/JLSEC-0000-mnss6zr3y-18ywtip.md
new file mode 100644
index 00000000..4b5c87ff
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss6zr3y-18ywtip.md
@@ -0,0 +1,28 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss6zr3y-18ywtip"
+modified = 2025-11-04T04:07:22.366Z
+upstream = ["CVE-2025-23084"]
+references = ["https://nodejs.org/en/blog/vulnerability/january-2025-security-releases", "https://security.netapp.com/advisory/ntap-20250321-0003/"]
+
+[[affected]]
+pkg = "libnode_jll"
+ranges = [">= 18.12.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-23084"
+imported = 2025-11-04T04:07:22.366Z
+modified = 2025-11-03T21:19:14.733Z
+published = 2025-01-28T05:15:11.267Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-23084"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-23084"
+```
+
+# A vulnerability has been identified in Node.js, specifically affecting the handling of drive names i...
+
+A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.
+
+On Windows, a path that does not start with the file separator is treated as relative to the current directory.
+
+This vulnerability affects Windows users of `path.join` API.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss70kg0-y2j9gs.md b/advisories/published/2025/JLSEC-0000-mnss70kg0-y2j9gs.md
new file mode 100644
index 00000000..cb0fbe57
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss70kg0-y2j9gs.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss70kg0-y2j9gs"
+modified = 2025-11-04T04:08:00.384Z
+upstream = ["CVE-2025-26465"]
+references = ["https://access.redhat.com/errata/RHSA-2025:16823", "https://access.redhat.com/errata/RHSA-2025:3837", "https://access.redhat.com/errata/RHSA-2025:6993", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2025-26465", "https://access.redhat.com/solutions/7109879", "https://bugzilla.redhat.com/show_bug.cgi?id=2344780", "https://seclists.org/oss-sec/2025/q1/144", "http://seclists.org/fulldisclosure/2025/Feb/18", "http://seclists.org/fulldisclosure/2025/May/7", "http://seclists.org/fulldisclosure/2025/May/8", "https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466", "https://bugzilla.suse.com/show_bug.cgi?id=1237040", "https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig", "https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html", "https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html", "https://security-tracker.debian.org/tracker/CVE-2025-26465", "https://security.netapp.com/advisory/ntap-20250228-0003/", "https://ubuntu.com/security/CVE-2025-26465", "https://www.openssh.com/releasenotes.html#9.9p2", "https://www.openwall.com/lists/oss-security/2025/02/18/1", "https://www.openwall.com/lists/oss-security/2025/02/18/4", "https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/", "https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh", "https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh", "https://seclists.org/oss-sec/2025/q1/144"]
+
+[[affected]]
+pkg = "OpenSSH_jll"
+ranges = [">= 9.3.2+0, < 9.9.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-26465"
+imported = 2025-11-04T04:08:00.384Z
+modified = 2025-11-03T22:18:41.727Z
+published = 2025-02-18T19:15:29.230Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-26465"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-26465"
+```
+
+# A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled
+
+A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss71voi-id9gp8.md b/advisories/published/2025/JLSEC-0000-mnss71voi-id9gp8.md
new file mode 100644
index 00000000..5b1e4730
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss71voi-id9gp8.md
@@ -0,0 +1,25 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss71voi-id9gp8"
+modified = 2025-11-04T04:09:01.602Z
+upstream = ["CVE-2024-10918"]
+references = ["https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-10918", "https://lists.debian.org/debian-lts-announce/2025/03/msg00010.html"]
+
+[[affected]]
+pkg = "LibModbus_jll"
+ranges = [">= 3.1.10+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-10918"
+imported = 2025-11-04T04:09:01.602Z
+modified = 2025-11-03T21:16:04.100Z
+published = 2025-02-27T12:15:33.807Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-10918"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-10918"
+```
+
+# Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocat...
+
+Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an
+unexpected length.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss739fr-1bwm009.md b/advisories/published/2025/JLSEC-0000-mnss739fr-1bwm009.md
new file mode 100644
index 00000000..595bda7b
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss739fr-1bwm009.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss739fr-1bwm009"
+modified = 2025-11-04T04:10:06.087Z
+upstream = ["CVE-2025-24855"]
+references = ["https://gitlab.gnome.org/GNOME/libxslt/-/issues/128", "https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html"]
+
+[[affected]]
+pkg = "XSLT_jll"
+ranges = ["< 1.1.43+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-24855"
+imported = 2025-11-04T04:10:06.087Z
+modified = 2025-11-03T22:18:40.750Z
+published = 2025-03-14T02:15:15.717Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-24855"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-24855"
+```
+
+# numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPa...
+
+numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss739fr-1hjx17s.md b/advisories/published/2025/JLSEC-0000-mnss739fr-1hjx17s.md
new file mode 100644
index 00000000..b918bf56
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss739fr-1hjx17s.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss739fr-1hjx17s"
+modified = 2025-11-04T04:10:06.087Z
+upstream = ["CVE-2024-55549"]
+references = ["https://gitlab.gnome.org/GNOME/libxslt/-/issues/127", "https://lists.debian.org/debian-lts-announce/2025/03/msg00015.html"]
+
+[[affected]]
+pkg = "XSLT_jll"
+ranges = ["< 1.1.43+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-55549"
+imported = 2025-11-04T04:10:06.087Z
+modified = 2025-11-03T21:17:50.197Z
+published = 2025-03-14T02:15:15.333Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-55549"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-55549"
+```
+
+# xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of r...
+
+xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss73b1p-1h9na4w.md b/advisories/published/2025/JLSEC-0000-mnss73b1p-1h9na4w.md
new file mode 100644
index 00000000..019d2dd1
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss73b1p-1h9na4w.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss73b1p-1h9na4w"
+modified = 2025-11-04T04:10:08.173Z
+upstream = ["CVE-2025-0755"]
+references = ["https://jira.mongodb.org/browse/CDRIVER-5601", "https://jira.mongodb.org/browse/SERVER-94461", "https://lists.debian.org/debian-lts-announce/2025/05/msg00012.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00027.html"]
+
+[[affected]]
+pkg = "MongoC_jll"
+ranges = ["< 1.28.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-0755"
+imported = 2025-11-04T04:10:08.173Z
+modified = 2025-11-03T20:17:05.980Z
+published = 2025-03-18T09:15:11.487Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-0755"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-0755"
+```
+
+# The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overf...
+
+The various bson_append functions in the MongoDB C driver library may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size (INT32_MAX), resulting in a segmentation fault and possible application crash. This issue affected libbson versions prior to 1.27.5, MongoDB Server v8.0 versions prior to 8.0.1 and MongoDB Server v7.0 versions prior to 7.0.16
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss73fgh-14his2g.md b/advisories/published/2025/JLSEC-0000-mnss73fgh-14his2g.md
new file mode 100644
index 00000000..907487f4
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss73fgh-14his2g.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss73fgh-14his2g"
+modified = 2025-11-04T04:10:13.889Z
+upstream = ["CVE-2025-27830"]
+references = ["https://bugs.ghostscript.com/show_bug.cgi?id=708241", "https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html"]
+
+[[affected]]
+pkg = "Ghostscript_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-27830"
+imported = 2025-11-04T04:10:13.889Z
+modified = 2025-11-03T20:18:07.643Z
+published = 2025-03-25T21:15:42.353Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-27830"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-27830"
+```
+
+# An issue was discovered in Artifex Ghostscript before 10.05.0
+
+An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs during serialization of DollarBlend in a font, for base/write_t1.c and psi/zfapi.c.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss73fkf-39xx6h.md b/advisories/published/2025/JLSEC-0000-mnss73fkf-39xx6h.md
new file mode 100644
index 00000000..84237979
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss73fkf-39xx6h.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss73fkf-39xx6h"
+modified = 2025-11-04T04:10:14.031Z
+upstream = ["CVE-2025-27831"]
+references = ["https://bugs.ghostscript.com/show_bug.cgi?id=708132", "https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html"]
+
+[[affected]]
+pkg = "Ghostscript_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-27831"
+imported = 2025-11-04T04:10:14.031Z
+modified = 2025-11-03T20:18:07.790Z
+published = 2025-03-25T21:15:42.467Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-27831"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-27831"
+```
+
+# An issue was discovered in Artifex Ghostscript before 10.05.0
+
+An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss73fo9-16e4wio.md b/advisories/published/2025/JLSEC-0000-mnss73fo9-16e4wio.md
new file mode 100644
index 00000000..4b90ae08
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss73fo9-16e4wio.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss73fo9-16e4wio"
+modified = 2025-11-04T04:10:14.169Z
+upstream = ["CVE-2025-27832"]
+references = ["https://bugs.ghostscript.com/show_bug.cgi?id=708133", "https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html"]
+
+[[affected]]
+pkg = "Ghostscript_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-27832"
+imported = 2025-11-04T04:10:14.169Z
+modified = 2025-11-03T20:18:07.937Z
+published = 2025-03-25T21:15:42.570Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-27832"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-27832"
+```
+
+# An issue was discovered in Artifex Ghostscript before 10.05.0
+
+An issue was discovered in Artifex Ghostscript before 10.05.0. The NPDL device has a Compression buffer overflow for contrib/japanese/gdevnpdl.c.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss73fs7-6bvygy.md b/advisories/published/2025/JLSEC-0000-mnss73fs7-6bvygy.md
new file mode 100644
index 00000000..0157064d
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss73fs7-6bvygy.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss73fs7-6bvygy"
+modified = 2025-11-04T04:10:14.311Z
+upstream = ["CVE-2025-27835"]
+references = ["https://bugs.ghostscript.com/show_bug.cgi?id=708131", "https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html"]
+
+[[affected]]
+pkg = "Ghostscript_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-27835"
+imported = 2025-11-04T04:10:14.311Z
+modified = 2025-11-03T20:18:08.073Z
+published = 2025-03-25T21:15:43.013Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-27835"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-27835"
+```
+
+# An issue was discovered in Artifex Ghostscript before 10.05.0
+
+An issue was discovered in Artifex Ghostscript before 10.05.0. A buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss73fw3-dhrt3z.md b/advisories/published/2025/JLSEC-0000-mnss73fw3-dhrt3z.md
new file mode 100644
index 00000000..9ef1000c
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss73fw3-dhrt3z.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss73fw3-dhrt3z"
+modified = 2025-11-04T04:10:14.451Z
+upstream = ["CVE-2025-27836"]
+references = ["https://bugs.ghostscript.com/show_bug.cgi?id=708192", "https://lists.debian.org/debian-lts-announce/2025/04/msg00014.html"]
+
+[[affected]]
+pkg = "Ghostscript_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-27836"
+imported = 2025-11-04T04:10:14.451Z
+modified = 2025-11-03T20:18:08.220Z
+published = 2025-03-25T21:15:43.137Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-27836"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-27836"
+```
+
+# An issue was discovered in Artifex Ghostscript before 10.05.0
+
+An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss76bt8-1qygn89.md b/advisories/published/2025/JLSEC-0000-mnss76bt8-1qygn89.md
new file mode 100644
index 00000000..00793436
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss76bt8-1qygn89.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss76bt8-1qygn89"
+modified = 2025-11-04T04:12:29.132Z
+upstream = ["CVE-2025-2784"]
+references = ["https://access.redhat.com/errata/RHSA-2025:7505", "https://access.redhat.com/errata/RHSA-2025:8126", "https://access.redhat.com/errata/RHSA-2025:8132", "https://access.redhat.com/errata/RHSA-2025:8139", "https://access.redhat.com/errata/RHSA-2025:8140", "https://access.redhat.com/errata/RHSA-2025:8252", "https://access.redhat.com/errata/RHSA-2025:8480", "https://access.redhat.com/errata/RHSA-2025:8481", "https://access.redhat.com/errata/RHSA-2025:8482", "https://access.redhat.com/errata/RHSA-2025:8663", "https://access.redhat.com/errata/RHSA-2025:9179", "https://access.redhat.com/security/cve/CVE-2025-2784", "https://bugzilla.redhat.com/show_bug.cgi?id=2354669", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422", "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html", "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422"]
+
+[[affected]]
+pkg = "Soup3_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-2784"
+imported = 2025-11-04T04:12:29.132Z
+modified = 2025-11-03T20:18:09.230Z
+published = 2025-04-03T03:15:18.113Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-2784"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-2784"
+```
+
+# A flaw was found in libsoup
+
+A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss76eio-joxw9n.md b/advisories/published/2025/JLSEC-0000-mnss76eio-joxw9n.md
new file mode 100644
index 00000000..0561fa0f
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss76eio-joxw9n.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss76eio-joxw9n"
+modified = 2025-11-04T04:12:32.640Z
+upstream = ["CVE-2025-32364"]
+references = ["https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3", "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574", "https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html"]
+
+[[affected]]
+pkg = "Poppler_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-32364"
+imported = 2025-11-04T04:12:32.640Z
+modified = 2025-11-03T20:18:26.863Z
+published = 2025-04-05T22:15:18.337Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-32364"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-32364"
+```
+
+# A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an appl...
+
+A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss76h6w-1mlzjix.md b/advisories/published/2025/JLSEC-0000-mnss76h6w-1mlzjix.md
new file mode 100644
index 00000000..3ed7241f
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss76h6w-1mlzjix.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss76h6w-1mlzjix"
+modified = 2025-11-04T04:12:36.104Z
+upstream = ["CVE-2025-32365"]
+references = ["https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577", "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792", "https://lists.debian.org/debian-lts-announce/2025/04/msg00037.html"]
+
+[[affected]]
+pkg = "Poppler_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-32365"
+imported = 2025-11-04T04:12:36.104Z
+modified = 2025-11-03T20:18:26.977Z
+published = 2025-04-05T22:15:19.010Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-32365"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-32365"
+```
+
+# Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap:...
+
+Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss782nq-cg5va0.md b/advisories/published/2025/JLSEC-0000-mnss782nq-cg5va0.md
new file mode 100644
index 00000000..010ea802
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss782nq-cg5va0.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss782nq-cg5va0"
+modified = 2025-11-04T04:13:50.582Z
+upstream = ["CVE-2023-26819"]
+references = ["https://github.com/boofish/json_bugs/tree/main/cjson", "https://lists.debian.org/debian-lts-announce/2025/06/msg00014.html"]
+
+[[affected]]
+pkg = "cJSON_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2023-26819"
+imported = 2025-11-04T04:13:50.582Z
+modified = 2025-11-03T20:16:00.937Z
+published = 2025-04-19T22:15:14.103Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-26819"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-26819"
+```
+
+# cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ ...
+
+cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss782rh-1lyvfoe.md b/advisories/published/2025/JLSEC-0000-mnss782rh-1lyvfoe.md
new file mode 100644
index 00000000..3e17cf89
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss782rh-1lyvfoe.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss782rh-1lyvfoe"
+modified = 2025-11-04T04:13:50.717Z
+upstream = ["CVE-2025-43961"]
+references = ["https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2", "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4", "https://www.libraw.org/news/libraw-0-21-4-release", "https://lists.debian.org/debian-lts-announce/2025/04/msg00038.html"]
+
+[[affected]]
+pkg = "LibRaw_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-43961"
+imported = 2025-11-04T04:13:50.717Z
+modified = 2025-11-03T20:19:02.013Z
+published = 2025-04-21T00:15:32.873Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-43961"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-43961"
+```
+
+# In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag pars...
+
+In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss78342-mftvws.md b/advisories/published/2025/JLSEC-0000-mnss78342-mftvws.md
new file mode 100644
index 00000000..a8eab698
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss78342-mftvws.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss78342-mftvws"
+modified = 2025-11-04T04:13:51.170Z
+upstream = ["CVE-2025-43962"]
+references = ["https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2", "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4", "https://www.libraw.org/news/libraw-0-21-4-release", "https://lists.debian.org/debian-lts-announce/2025/04/msg00038.html"]
+
+[[affected]]
+pkg = "LibRaw_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-43962"
+imported = 2025-11-04T04:13:51.170Z
+modified = 2025-11-03T20:19:02.190Z
+published = 2025-04-21T00:15:33.027Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-43962"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-43962"
+```
+
+# In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for ...
+
+In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss78388-uu94lb.md b/advisories/published/2025/JLSEC-0000-mnss78388-uu94lb.md
new file mode 100644
index 00000000..e71bfc6e
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss78388-uu94lb.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss78388-uu94lb"
+modified = 2025-11-04T04:13:51.320Z
+upstream = ["CVE-2025-43963"]
+references = ["https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964", "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4", "https://www.libraw.org/news/libraw-0-21-4-release", "https://lists.debian.org/debian-lts-announce/2025/04/msg00038.html"]
+
+[[affected]]
+pkg = "LibRaw_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-43963"
+imported = 2025-11-04T04:13:51.320Z
+modified = 2025-11-03T20:19:02.580Z
+published = 2025-04-21T00:15:33.173Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-43963"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-43963"
+```
+
+# In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access ...
+
+In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss783by-1at7tuv.md b/advisories/published/2025/JLSEC-0000-mnss783by-1at7tuv.md
new file mode 100644
index 00000000..8d6a69c7
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss783by-1at7tuv.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss783by-1at7tuv"
+modified = 2025-11-04T04:13:51.454Z
+upstream = ["CVE-2025-43964"]
+references = ["https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0", "https://github.com/LibRaw/LibRaw/compare/0.21.3...0.21.4", "https://www.libraw.org/news/libraw-0-21-4-release", "https://lists.debian.org/debian-lts-announce/2025/04/msg00038.html"]
+
+[[affected]]
+pkg = "LibRaw_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-43964"
+imported = 2025-11-04T04:13:51.454Z
+modified = 2025-11-03T20:19:02.750Z
+published = 2025-04-21T00:15:33.310Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-43964"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-43964"
+```
+
+# In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does...
+
+In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7alf2-14ug9sp.md b/advisories/published/2025/JLSEC-0000-mnss7alf2-14ug9sp.md
new file mode 100644
index 00000000..581334c9
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7alf2-14ug9sp.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7alf2-14ug9sp"
+modified = 2025-11-04T04:15:48.206Z
+upstream = ["CVE-2025-48174"]
+references = ["https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109", "https://github.com/AOMediaCodec/libavif/commit/c9f1bea437f21cb78f9919c332922a3b0ba65e11", "https://github.com/AOMediaCodec/libavif/commit/e5fdefe7d1776e6c4cf1703c163a8c0535599029", "https://github.com/AOMediaCodec/libavif/pull/2768", "https://lists.debian.org/debian-lts-announce/2025/05/msg00031.html"]
+
+[[affected]]
+pkg = "libavif_jll"
+ranges = ["< 1.3.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-48174"
+imported = 2025-11-04T04:15:48.206Z
+modified = 2025-11-03T20:19:05.993Z
+published = 2025-05-16T05:15:37.213Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-48174"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-48174"
+```
+
+# In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow ...
+
+In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7alf3-1z0y8mv.md b/advisories/published/2025/JLSEC-0000-mnss7alf3-1z0y8mv.md
new file mode 100644
index 00000000..0d01c0d2
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7alf3-1z0y8mv.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7alf3-1z0y8mv"
+modified = 2025-11-04T04:15:48.207Z
+upstream = ["CVE-2025-48175"]
+references = ["https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd", "https://github.com/AOMediaCodec/libavif/pull/2769", "https://github.com/AOMediaCodec/libavif/security/advisories/GHSA-762c-2538-h844", "https://lists.debian.org/debian-lts-announce/2025/05/msg00031.html"]
+
+[[affected]]
+pkg = "libavif_jll"
+ranges = ["< 1.3.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-48175"
+imported = 2025-11-04T04:15:48.207Z
+modified = 2025-11-03T20:19:06.153Z
+published = 2025-05-16T05:15:37.470Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-48175"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-48175"
+```
+
+# In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications in...
+
+In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7beyo-15e6y2s.md b/advisories/published/2025/JLSEC-0000-mnss7beyo-15e6y2s.md
new file mode 100644
index 00000000..ae05a2ae
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7beyo-15e6y2s.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7beyo-15e6y2s"
+modified = 2025-11-04T04:16:26.496Z
+upstream = ["CVE-2023-53154"]
+references = ["https://github.com/DaveGamble/cJSON/compare/v1.7.17...v1.7.18", "https://github.com/DaveGamble/cJSON/issues/800", "https://lists.debian.org/debian-lts-announce/2025/06/msg00014.html", "https://github.com/DaveGamble/cJSON/issues/800"]
+
+[[affected]]
+pkg = "cJSON_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2023-53154"
+imported = 2025-11-04T04:16:26.496Z
+modified = 2025-11-03T20:16:06.467Z
+published = 2025-05-23T16:15:22.080Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-53154"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-53154"
+```
+
+# parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing n...
+
+parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7bpjq-a9kcoe.md b/advisories/published/2025/JLSEC-0000-mnss7bpjq-a9kcoe.md
new file mode 100644
index 00000000..e00e2715
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7bpjq-a9kcoe.md
@@ -0,0 +1,26 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7bpjq-a9kcoe"
+modified = 2025-11-04T04:16:40.214Z
+upstream = ["CVE-2025-4598"]
+references = ["https://access.redhat.com/security/cve/CVE-2025-4598", "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", "https://www.openwall.com/lists/oss-security/2025/05/29/3", "http://seclists.org/fulldisclosure/2025/Jun/9", "http://www.openwall.com/lists/oss-security/2025/06/05/1", "http://www.openwall.com/lists/oss-security/2025/06/05/3", "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", "https://www.openwall.com/lists/oss-security/2025/08/18/3"]
+
+[[affected]]
+pkg = "systemd_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-4598"
+imported = 2025-11-04T04:16:40.214Z
+modified = 2025-11-03T20:19:10.997Z
+published = 2025-05-30T14:15:23.557Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-4598"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
+```
+
+# A vulnerability was found in systemd-coredump
+
+A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.
+
+A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7dq0u-177y549.md b/advisories/published/2025/JLSEC-0000-mnss7dq0u-177y549.md
new file mode 100644
index 00000000..901fe8ac
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7dq0u-177y549.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7dq0u-177y549"
+modified = 2025-11-04T04:18:14.142Z
+upstream = ["CVE-2025-52496"]
+references = ["https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md", "https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html", "https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-1.md"]
+
+[[affected]]
+pkg = "MbedTLS_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-52496"
+imported = 2025-11-04T04:18:14.142Z
+modified = 2025-11-03T20:19:13.020Z
+published = 2025-07-04T15:15:22.633Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-52496"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-52496"
+```
+
+# Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occu...
+
+Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7dqdu-bbb4h6.md b/advisories/published/2025/JLSEC-0000-mnss7dqdu-bbb4h6.md
new file mode 100644
index 00000000..0c0da99b
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7dqdu-bbb4h6.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7dqdu-bbb4h6"
+modified = 2025-11-04T04:18:14.610Z
+upstream = ["CVE-2025-52497"]
+references = ["https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-2.md", "https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html"]
+
+[[affected]]
+pkg = "MbedTLS_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-52497"
+imported = 2025-11-04T04:18:14.610Z
+modified = 2025-11-03T20:19:13.123Z
+published = 2025-07-04T15:15:22.787Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-52497"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-52497"
+```
+
+# Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_bu...
+
+Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7dv1n-1hzeb22.md b/advisories/published/2025/JLSEC-0000-mnss7dv1n-1hzeb22.md
new file mode 100644
index 00000000..ac3013d0
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7dv1n-1hzeb22.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7dv1n-1hzeb22"
+modified = 2025-11-04T04:18:20.651Z
+upstream = ["CVE-2025-48384"]
+references = ["https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9", "http://seclists.org/fulldisclosure/2025/Sep/60", "https://lists.debian.org/debian-lts-announce/2025/10/msg00003.html", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48384"]
+
+[[affected]]
+pkg = "Git_jll"
+ranges = ["< 2.50.1+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-48384"
+imported = 2025-11-04T04:18:20.651Z
+modified = 2025-11-03T19:16:06.623Z
+published = 2025-07-08T19:15:42.800Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-48384"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-48384"
+```
+
+# Git is a fast, scalable, distributed revision control system with an unusually rich command set that...
+
+Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7dzqv-143tdbh.md b/advisories/published/2025/JLSEC-0000-mnss7dzqv-143tdbh.md
new file mode 100644
index 00000000..673059c9
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7dzqv-143tdbh.md
@@ -0,0 +1,26 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7dzqv-143tdbh"
+modified = 2025-11-04T04:18:26.743Z
+upstream = ["CVE-2025-32988"]
+references = ["https://access.redhat.com/errata/RHSA-2025:16115", "https://access.redhat.com/errata/RHSA-2025:16116", "https://access.redhat.com/errata/RHSA-2025:17348", "https://access.redhat.com/errata/RHSA-2025:17361", "https://access.redhat.com/errata/RHSA-2025:17415", "https://access.redhat.com/errata/RHSA-2025:19088", "https://access.redhat.com/security/cve/CVE-2025-32988", "https://bugzilla.redhat.com/show_bug.cgi?id=2359622", "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html"]
+
+[[affected]]
+pkg = "GnuTLS_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-32988"
+imported = 2025-11-04T04:18:26.743Z
+modified = 2025-11-03T20:18:29.860Z
+published = 2025-07-10T08:15:24.223Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-32988"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-32988"
+```
+
+# A flaw was found in GnuTLS
+
+A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.
+
+This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7esz4-a2b6ou.md b/advisories/published/2025/JLSEC-0000-mnss7esz4-a2b6ou.md
new file mode 100644
index 00000000..4a592cda
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7esz4-a2b6ou.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7esz4-a2b6ou"
+modified = 2025-11-04T04:19:04.624Z
+upstream = ["CVE-2025-53014"]
+references = ["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f", "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html"]
+
+[[affected]]
+pkg = "ImageMagick_jll"
+ranges = ["< 7.1.2001+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-53014"
+imported = 2025-11-04T04:19:04.624Z
+modified = 2025-11-03T19:16:07.910Z
+published = 2025-07-14T18:15:23.620Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-53014"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-53014"
+```
+
+# ImageMagick is free and open-source software used for editing and manipulating digital images
+
+ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). Versions 7.1.2-0 and 6.9.13-26 fix the issue.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7esz5-1jk9nj4.md b/advisories/published/2025/JLSEC-0000-mnss7esz5-1jk9nj4.md
new file mode 100644
index 00000000..dbbd421a
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7esz5-1jk9nj4.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7esz5-1jk9nj4"
+modified = 2025-11-04T04:19:04.625Z
+upstream = ["CVE-2025-53019"]
+references = ["https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc", "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc"]
+
+[[affected]]
+pkg = "ImageMagick_jll"
+ranges = ["< 7.1.2001+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-53019"
+imported = 2025-11-04T04:19:04.625Z
+modified = 2025-11-03T19:16:08.050Z
+published = 2025-07-14T20:15:29.043Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-53019"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-53019"
+```
+
+# ImageMagick is free and open-source software used for editing and manipulating digital images
+
+ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7esz6-16z0km5.md b/advisories/published/2025/JLSEC-0000-mnss7esz6-16z0km5.md
new file mode 100644
index 00000000..dfb8d686
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7esz6-16z0km5.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7esz6-16z0km5"
+modified = 2025-11-04T04:19:04.626Z
+upstream = ["CVE-2025-53101"]
+references = ["https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774", "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9", "https://lists.debian.org/debian-lts-announce/2025/09/msg00012.html", "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9"]
+
+[[affected]]
+pkg = "ImageMagick_jll"
+ranges = ["< 7.1.2001+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-53101"
+imported = 2025-11-04T04:19:04.626Z
+modified = 2025-11-03T19:16:08.327Z
+published = 2025-07-14T20:15:29.180Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-53101"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-53101"
+```
+
+# ImageMagick is free and open-source software used for editing and manipulating digital images
+
+ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, in ImageMagick's `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()`. Versions 7.1.2-0 and 6.9.13-26 fix the issue.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7eyx5-xqvsty.md b/advisories/published/2025/JLSEC-0000-mnss7eyx5-xqvsty.md
new file mode 100644
index 00000000..aafe7c2a
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7eyx5-xqvsty.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7eyx5-xqvsty"
+modified = 2025-11-04T04:19:12.329Z
+upstream = ["CVE-2025-48965"]
+references = ["https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-6.md", "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", "https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html"]
+
+[[affected]]
+pkg = "MbedTLS_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-48965"
+imported = 2025-11-04T04:19:12.329Z
+modified = 2025-11-03T20:19:07.613Z
+published = 2025-07-20T18:15:22.950Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-48965"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-48965"
+```
+
+# Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigg...
+
+Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7ez9r-1odzjwa.md b/advisories/published/2025/JLSEC-0000-mnss7ez9r-1odzjwa.md
new file mode 100644
index 00000000..2493b58e
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7ez9r-1odzjwa.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7ez9r-1odzjwa"
+modified = 2025-11-04T04:19:12.783Z
+upstream = ["CVE-2025-47917"]
+references = ["https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-7.md", "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", "https://lists.debian.org/debian-lts-announce/2025/08/msg00013.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00025.html"]
+
+[[affected]]
+pkg = "MbedTLS_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-47917"
+imported = 2025-11-04T04:19:12.783Z
+modified = 2025-11-03T20:19:05.870Z
+published = 2025-07-20T19:15:23.847Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-47917"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-47917"
+```
+
+# Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are develop...
+
+Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN).
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7ho0x-1n4s1gq.md b/advisories/published/2025/JLSEC-0000-mnss7ho0x-1n4s1gq.md
new file mode 100644
index 00000000..7b54ab40
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7ho0x-1n4s1gq.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7ho0x-1n4s1gq"
+modified = 2025-11-04T04:21:18.177Z
+upstream = ["CVE-2024-13978"]
+references = ["http://www.libtiff.org/", "https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4", "https://gitlab.com/libtiff/libtiff/-/issues/649", "https://gitlab.com/libtiff/libtiff/-/merge_requests/667", "https://vuldb.com/?ctiid.318355", "https://vuldb.com/?id.318355", "https://vuldb.com/?submit.624562", "https://lists.debian.org/debian-lts-announce/2025/09/msg00031.html", "https://gitlab.com/libtiff/libtiff/-/issues/649"]
+
+[[affected]]
+pkg = "Libtiff_jll"
+ranges = ["< 4.7.2+0"]
+
+[[jlsec_sources]]
+id = "CVE-2024-13978"
+imported = 2025-11-04T04:21:18.177Z
+modified = 2025-11-03T19:15:42.683Z
+published = 2025-08-01T22:15:25.320Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-13978"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-13978"
+```
+
+# A vulnerability was found in LibTIFF up to 4.7.0
+
+A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The patch is named 2ebfffb0e8836bfb1cd7d85c059cd285c59761a4. It is recommended to apply a patch to fix this issue.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7hod0-39p9e1.md b/advisories/published/2025/JLSEC-0000-mnss7hod0-39p9e1.md
new file mode 100644
index 00000000..13a78751
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7hod0-39p9e1.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7hod0-39p9e1"
+modified = 2025-11-04T04:21:18.612Z
+upstream = ["CVE-2025-54349"]
+references = ["https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf", "https://github.com/esnet/iperf/releases/tag/3.19.1", "https://lists.debian.org/debian-lts-announce/2025/08/msg00020.html"]
+
+[[affected]]
+pkg = "iperf_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-54349"
+imported = 2025-11-04T04:21:18.612Z
+modified = 2025-11-03T19:16:09.340Z
+published = 2025-08-03T02:15:35.597Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-54349"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-54349"
+```
+
+# In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflo...
+
+In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
+
diff --git a/advisories/published/2025/JLSEC-0000-mnss7hopk-ydhbqk.md b/advisories/published/2025/JLSEC-0000-mnss7hopk-ydhbqk.md
new file mode 100644
index 00000000..231163cd
--- /dev/null
+++ b/advisories/published/2025/JLSEC-0000-mnss7hopk-ydhbqk.md
@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.4"
+id = "JLSEC-0000-mnss7hopk-ydhbqk"
+modified = 2025-11-04T04:21:19.064Z
+upstream = ["CVE-2025-54350"]
+references = ["https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a", "https://github.com/esnet/iperf/releases/tag/3.19.1", "https://lists.debian.org/debian-lts-announce/2025/08/msg00020.html"]
+
+[[affected]]
+pkg = "iperf_jll"
+ranges = ["*"]
+
+[[jlsec_sources]]
+id = "CVE-2025-54350"
+imported = 2025-11-04T04:21:19.064Z
+modified = 2025-11-03T19:16:09.533Z
+published = 2025-08-03T02:15:37.193Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-54350"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-54350"
+```
+
+# In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon ...
+
+In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.
+
diff --git a/advisories/published/2025/JLSEC-2025-125.md b/advisories/published/2025/JLSEC-2025-125.md
index 3dae76fa..169960f7 100644
--- a/advisories/published/2025/JLSEC-2025-125.md
+++ b/advisories/published/2025/JLSEC-2025-125.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-125"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T19:08:53.760Z
 upstream = ["CVE-2024-31578"]
-references = ["https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179", "https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/", "https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179", "https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"]
+references = ["https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179", "https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/", "https://gist.github.com/1047524396/45400cce5859d78dcd3a62010df8d179", "https://github.com/ffmpeg/ffmpeg/commit/3bb00c0a420c3ce83c6fafee30270d69622ccad7", "https://lists.debian.org/debian-lts-announce/2024/10/msg00019.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"]
 
 [[affected]]
 pkg = "FFMPEG_jll"
@@ -15,8 +15,8 @@ ranges = ["< 7.1.0+0"]
 
 [[jlsec_sources]]
 id = "CVE-2024-31578"
-imported = 2025-10-18T14:07:17.211Z
-modified = 2025-06-03T18:09:18.917Z
+imported = 2025-11-04T03:29:08.635Z
+modified = 2025-11-03T22:16:51.480Z
 published = 2024-04-17T14:15:08.563Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-31578"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-31578"
diff --git a/advisories/published/2025/JLSEC-2025-129.md b/advisories/published/2025/JLSEC-2025-129.md
index a0e011f4..56426458 100644
--- a/advisories/published/2025/JLSEC-2025-129.md
+++ b/advisories/published/2025/JLSEC-2025-129.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-129"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T19:08:53.760Z
 upstream = ["CVE-2023-49502"]
-references = ["https://github.com/FFmpeg/FFmpeg", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/", "https://trac.ffmpeg.org/ticket/10688", "https://github.com/FFmpeg/FFmpeg", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/", "https://trac.ffmpeg.org/ticket/10688"]
+references = ["https://github.com/FFmpeg/FFmpeg", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/", "https://trac.ffmpeg.org/ticket/10688", "https://github.com/FFmpeg/FFmpeg", "https://lists.debian.org/debian-lts-announce/2024/10/msg00019.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/", "https://trac.ffmpeg.org/ticket/10688"]
 
 [[affected]]
 pkg = "FFMPEG_jll"
@@ -12,8 +12,8 @@ ranges = [">= 6.1.1+0, < 7.1.0+0"]
 
 [[jlsec_sources]]
 id = "CVE-2023-49502"
-imported = 2025-10-18T14:07:17.216Z
-modified = 2025-06-03T14:03:10.227Z
+imported = 2025-11-04T03:29:21.680Z
+modified = 2025-11-03T22:16:30.080Z
 published = 2024-04-19T17:15:51.850Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-49502"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-49502"
diff --git a/advisories/published/2025/JLSEC-2025-133.md b/advisories/published/2025/JLSEC-2025-133.md
index ee1263a0..6307331b 100644
--- a/advisories/published/2025/JLSEC-2025-133.md
+++ b/advisories/published/2025/JLSEC-2025-133.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-133"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T19:08:53.760Z
 upstream = ["CVE-2024-7055"]
-references = ["https://ffmpeg.org/", "https://ffmpeg.org/download.html", "https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3", "https://vuldb.com/?ctiid.273651", "https://vuldb.com/?id.273651", "https://vuldb.com/?submit.376532"]
+references = ["https://ffmpeg.org/", "https://ffmpeg.org/download.html", "https://github.com/CookedMelon/ReportCVE/tree/main/FFmpeg/poc3", "https://vuldb.com/?ctiid.273651", "https://vuldb.com/?id.273651", "https://vuldb.com/?submit.376532", "https://lists.debian.org/debian-lts-announce/2024/10/msg00019.html"]
 
 [[affected]]
 pkg = "FFMPEG_jll"
@@ -15,8 +15,8 @@ ranges = ["< 7.1.0+0"]
 
 [[jlsec_sources]]
 id = "CVE-2024-7055"
-imported = 2025-10-18T14:07:17.225Z
-modified = 2025-06-03T17:20:06.493Z
+imported = 2025-11-04T03:33:33.384Z
+modified = 2025-11-03T23:17:31.483Z
 published = 2024-08-06T06:15:36.107Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-7055"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-7055"
diff --git a/advisories/published/2025/JLSEC-2025-137.md b/advisories/published/2025/JLSEC-2025-137.md
index 9002ff55..1a103dda 100644
--- a/advisories/published/2025/JLSEC-2025-137.md
+++ b/advisories/published/2025/JLSEC-2025-137.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-137"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T19:08:53.760Z
 upstream = ["CVE-2024-36618"]
-references = ["https://gist.github.com/1047524396/a148f3679415a6da53ca112eb2ba1523", "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/avidec.c#L1699", "https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857"]
+references = ["https://gist.github.com/1047524396/a148f3679415a6da53ca112eb2ba1523", "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/avidec.c#L1699", "https://github.com/ffmpeg/ffmpeg/commit/7a089ed8e049e3bfcb22de1250b86f2106060857", "https://lists.debian.org/debian-lts-announce/2025/02/msg00000.html"]
 
 [[affected]]
 pkg = "FFMPEG_jll"
@@ -12,8 +12,8 @@ ranges = [">= 6.1.1+0, < 6.1.2+0"]
 
 [[jlsec_sources]]
 id = "CVE-2024-36618"
-imported = 2025-10-18T14:07:17.231Z
-modified = 2025-06-03T16:05:40.027Z
+imported = 2025-11-04T03:42:36.322Z
+modified = 2025-11-03T21:16:12.853Z
 published = 2024-11-29T18:15:07.390Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-36618"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-36618"
diff --git a/advisories/published/2025/JLSEC-2025-141.md b/advisories/published/2025/JLSEC-2025-141.md
index f704f74b..4a2a136b 100644
--- a/advisories/published/2025/JLSEC-2025-141.md
+++ b/advisories/published/2025/JLSEC-2025-141.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-141"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T19:08:53.760Z
 upstream = ["CVE-2024-35367"]
-references = ["https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4", "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53", "https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667"]
+references = ["https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4", "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53", "https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667", "https://lists.debian.org/debian-lts-announce/2025/02/msg00000.html"]
 
 [[affected]]
 pkg = "FFMPEG_jll"
@@ -12,8 +12,8 @@ ranges = [">= 6.1.1+0, < 6.1.2+0"]
 
 [[jlsec_sources]]
 id = "CVE-2024-35367"
-imported = 2025-10-18T14:07:17.235Z
-modified = 2025-06-03T16:03:14.833Z
+imported = 2025-11-04T03:42:36.323Z
+modified = 2025-11-03T21:16:11.467Z
 published = 2024-11-29T20:15:19.957Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-35367"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-35367"
diff --git a/advisories/published/2025/JLSEC-2025-142.md b/advisories/published/2025/JLSEC-2025-142.md
index 2ad54617..f96ba4c2 100644
--- a/advisories/published/2025/JLSEC-2025-142.md
+++ b/advisories/published/2025/JLSEC-2025-142.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-142"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T19:08:53.760Z
 upstream = ["CVE-2023-6602"]
-references = ["https://bugzilla.redhat.com/show_bug.cgi?id=2334338", "https://bugzilla.redhat.com/show_bug.cgi?id=2334338"]
+references = ["https://bugzilla.redhat.com/show_bug.cgi?id=2334338", "https://lists.debian.org/debian-lts-announce/2025/07/msg00004.html", "https://bugzilla.redhat.com/show_bug.cgi?id=2334338"]
 
 [[affected]]
 pkg = "FFMPEG_jll"
@@ -15,8 +15,8 @@ ranges = ["< 7.1.0+0"]
 
 [[jlsec_sources]]
 id = "CVE-2023-6602"
-imported = 2025-10-18T14:07:17.236Z
-modified = 2025-06-20T18:46:29.987Z
+imported = 2025-11-04T04:04:49.356Z
+modified = 2025-11-03T20:16:06.973Z
 published = 2024-12-31T15:15:06.240Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-6602"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-6602"
diff --git a/advisories/published/2025/JLSEC-2025-146.md b/advisories/published/2025/JLSEC-2025-146.md
index 4679d527..c208bf40 100644
--- a/advisories/published/2025/JLSEC-2025-146.md
+++ b/advisories/published/2025/JLSEC-2025-146.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-146"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T19:08:53.760Z
 upstream = ["CVE-2023-6601"]
-references = ["https://bugzilla.redhat.com/show_bug.cgi?id=2253172"]
+references = ["https://bugzilla.redhat.com/show_bug.cgi?id=2253172", "https://lists.debian.org/debian-lts-announce/2025/07/msg00004.html"]
 
 [[affected]]
 pkg = "FFMPEG_jll"
@@ -15,8 +15,8 @@ ranges = ["< 7.1.0+0"]
 
 [[jlsec_sources]]
 id = "CVE-2023-6601"
-imported = 2025-10-18T14:07:17.240Z
-modified = 2025-08-05T18:04:59.290Z
+imported = 2025-11-04T04:04:49.898Z
+modified = 2025-11-03T20:16:06.793Z
 published = 2025-01-06T17:15:14.217Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-6601"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-6601"
diff --git a/advisories/published/2025/JLSEC-2025-147.md b/advisories/published/2025/JLSEC-2025-147.md
index eddd31b9..a72cf3ad 100644
--- a/advisories/published/2025/JLSEC-2025-147.md
+++ b/advisories/published/2025/JLSEC-2025-147.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-147"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T19:08:53.760Z
 upstream = ["CVE-2023-6605"]
-references = ["https://bugzilla.redhat.com/show_bug.cgi?id=2334336"]
+references = ["https://bugzilla.redhat.com/show_bug.cgi?id=2334336", "https://lists.debian.org/debian-lts-announce/2025/07/msg00004.html"]
 
 [[affected]]
 pkg = "FFMPEG_jll"
@@ -15,8 +15,8 @@ ranges = ["< 7.1.0+0"]
 
 [[jlsec_sources]]
 id = "CVE-2023-6605"
-imported = 2025-10-18T14:07:17.241Z
-modified = 2025-08-05T16:58:45.920Z
+imported = 2025-11-04T04:04:49.900Z
+modified = 2025-11-03T20:16:07.323Z
 published = 2025-01-06T17:15:14.613Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-6605"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-6605"
diff --git a/advisories/published/2025/JLSEC-2025-148.md b/advisories/published/2025/JLSEC-2025-148.md
index a3479bed..30cf54eb 100644
--- a/advisories/published/2025/JLSEC-2025-148.md
+++ b/advisories/published/2025/JLSEC-2025-148.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-148"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T19:08:53.760Z
 upstream = ["CVE-2023-6604"]
-references = ["https://bugzilla.redhat.com/show_bug.cgi?id=2334337"]
+references = ["https://bugzilla.redhat.com/show_bug.cgi?id=2334337", "https://lists.debian.org/debian-lts-announce/2025/07/msg00004.html"]
 
 [[affected]]
 pkg = "FFMPEG_jll"
@@ -15,8 +15,8 @@ ranges = ["< 7.1.0+0"]
 
 [[jlsec_sources]]
 id = "CVE-2023-6604"
-imported = 2025-10-18T14:07:17.241Z
-modified = 2025-08-05T18:05:55.853Z
+imported = 2025-11-04T04:04:49.899Z
+modified = 2025-11-03T20:16:07.137Z
 published = 2025-01-06T17:15:14.413Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-6604"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-6604"
diff --git a/advisories/published/2025/JLSEC-2025-149.md b/advisories/published/2025/JLSEC-2025-149.md
index 081789b3..29ac9402 100644
--- a/advisories/published/2025/JLSEC-2025-149.md
+++ b/advisories/published/2025/JLSEC-2025-149.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-149"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T19:08:53.760Z
 upstream = ["CVE-2025-0518"]
-references = ["https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a"]
+references = ["https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a", "https://lists.debian.org/debian-lts-announce/2025/02/msg00037.html"]
 
 [[affected]]
 pkg = "FFMPEG_jll"
@@ -15,8 +15,8 @@ ranges = [">= 7.1.0+0, < 7.1.1+0"]
 
 [[jlsec_sources]]
 id = "CVE-2025-0518"
-imported = 2025-10-18T14:07:17.242Z
-modified = 2025-08-05T19:54:45.033Z
+imported = 2025-11-04T04:05:58.471Z
+modified = 2025-11-03T21:18:49.047Z
 published = 2025-01-16T17:15:12.577Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-0518"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-0518"
diff --git a/advisories/published/2025/JLSEC-2025-196.md b/advisories/published/2025/JLSEC-2025-196.md
index c91d8611..4dda2c0e 100644
--- a/advisories/published/2025/JLSEC-2025-196.md
+++ b/advisories/published/2025/JLSEC-2025-196.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-196"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-28T13:50:46.694Z
 upstream = ["CVE-2025-6021"]
-references = ["https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13267", "https://access.redhat.com/errata/RHSA-2025:13289", "https://access.redhat.com/errata/RHSA-2025:13325", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:13336", "https://access.redhat.com/errata/RHSA-2025:14059", "https://access.redhat.com/errata/RHSA-2025:14396", "https://access.redhat.com/errata/RHSA-2025:15308", "https://access.redhat.com/errata/RHSA-2025:15672", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/security/cve/CVE-2025-6021", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"]
+references = ["https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13267", "https://access.redhat.com/errata/RHSA-2025:13289", "https://access.redhat.com/errata/RHSA-2025:13325", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:13336", "https://access.redhat.com/errata/RHSA-2025:14059", "https://access.redhat.com/errata/RHSA-2025:14396", "https://access.redhat.com/errata/RHSA-2025:15308", "https://access.redhat.com/errata/RHSA-2025:15672", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/security/cve/CVE-2025-6021", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.14.4+0"]
 
 [[jlsec_sources]]
 id = "CVE-2025-6021"
-imported = 2025-10-28T18:09:09.649Z
-modified = 2025-10-27T18:15:44.393Z
+imported = 2025-11-04T04:16:49.207Z
+modified = 2025-11-03T20:19:17.717Z
 published = 2025-06-12T13:15:25.590Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-6021"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
diff --git a/advisories/published/2025/JLSEC-2025-38.md b/advisories/published/2025/JLSEC-2025-38.md
index 0c17c4aa..13403418 100644
--- a/advisories/published/2025/JLSEC-2025-38.md
+++ b/advisories/published/2025/JLSEC-2025-38.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-38"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-10T15:04:01.319Z
 upstream = ["CVE-2024-7264"]
-references = ["http://www.openwall.com/lists/oss-security/2024/07/31/1", "https://curl.se/docs/CVE-2024-7264.html", "https://curl.se/docs/CVE-2024-7264.json", "https://hackerone.com/reports/2629968", "http://www.openwall.com/lists/oss-security/2024/07/31/1", "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", "https://security.netapp.com/advisory/ntap-20240828-0008/"]
+references = ["http://www.openwall.com/lists/oss-security/2024/07/31/1", "https://curl.se/docs/CVE-2024-7264.html", "https://curl.se/docs/CVE-2024-7264.json", "https://hackerone.com/reports/2629968", "http://www.openwall.com/lists/oss-security/2024/07/31/1", "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", "https://security.netapp.com/advisory/ntap-20240828-0008/", "https://security.netapp.com/advisory/ntap-20241025-0006/", "https://security.netapp.com/advisory/ntap-20241025-0010/"]
 
 [[affected]]
 pkg = "CURL_jll"
@@ -15,8 +15,8 @@ ranges = ["< 8.9.1+0"]
 
 [[jlsec_sources]]
 id = "CVE-2024-7264"
-imported = 2025-10-10T14:33:22.352Z
-modified = 2024-11-21T09:51:10.360Z
+imported = 2025-11-04T03:33:27.656Z
+modified = 2025-11-03T23:17:31.647Z
 published = 2024-07-31T08:15:02.657Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-7264"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-7264"
diff --git a/advisories/published/2025/JLSEC-2025-62.md b/advisories/published/2025/JLSEC-2025-62.md
index 6efb4e85..6f8b78a7 100644
--- a/advisories/published/2025/JLSEC-2025-62.md
+++ b/advisories/published/2025/JLSEC-2025-62.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-62"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-14T15:35:41.198Z
 upstream = ["CVE-2024-45490"]
-references = ["https://github.com/libexpat/libexpat/issues/887", "https://github.com/libexpat/libexpat/pull/890", "https://security.netapp.com/advisory/ntap-20241018-0004/"]
+references = ["https://github.com/libexpat/libexpat/issues/887", "https://github.com/libexpat/libexpat/pull/890", "http://seclists.org/fulldisclosure/2024/Dec/10", "http://seclists.org/fulldisclosure/2024/Dec/12", "http://seclists.org/fulldisclosure/2024/Dec/6", "http://seclists.org/fulldisclosure/2024/Dec/7", "http://seclists.org/fulldisclosure/2024/Dec/8", "https://security.netapp.com/advisory/ntap-20241018-0004/"]
 
 [[affected]]
 pkg = "Expat_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.6.4+0"]
 
 [[jlsec_sources]]
 id = "CVE-2024-45490"
-imported = 2025-10-10T21:54:56.861Z
-modified = 2025-03-14T19:15:47.253Z
+imported = 2025-11-04T03:35:01.989Z
+modified = 2025-11-03T23:15:50.997Z
 published = 2024-08-30T03:15:03.757Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-45490"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-45490"
diff --git a/advisories/published/2025/JLSEC-2025-81.md b/advisories/published/2025/JLSEC-2025-81.md
index ae99f0d5..d5b81340 100644
--- a/advisories/published/2025/JLSEC-2025-81.md
+++ b/advisories/published/2025/JLSEC-2025-81.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-81"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-17T17:40:51.659Z
 upstream = ["CVE-2023-39615"]
-references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535"]
+references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = [">= 2.11.5+0, < 2.12.0+0"]
 
 [[jlsec_sources]]
 id = "CVE-2023-39615"
-imported = 2025-10-28T18:09:09.635Z
-modified = 2024-11-21T08:15:42.583Z
+imported = 2025-11-04T03:26:37.165Z
+modified = 2025-11-03T21:15:59.297Z
 published = 2023-08-29T17:15:12.527Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-39615"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-39615"
diff --git a/advisories/published/2025/JLSEC-2025-82.md b/advisories/published/2025/JLSEC-2025-82.md
index ca437b0c..ced89534 100644
--- a/advisories/published/2025/JLSEC-2025-82.md
+++ b/advisories/published/2025/JLSEC-2025-82.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-82"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-17T17:40:51.659Z
 upstream = ["CVE-2023-45322"]
-references = ["http://www.openwall.com/lists/oss-security/2023/10/06/5", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", "http://www.openwall.com/lists/oss-security/2023/10/06/5", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583"]
+references = ["http://www.openwall.com/lists/oss-security/2023/10/06/5", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", "http://www.openwall.com/lists/oss-security/2023/10/06/5", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.12.0+0"]
 
 [[jlsec_sources]]
 id = "CVE-2023-45322"
-imported = 2025-10-28T18:09:09.636Z
-modified = 2024-11-21T08:26:44.780Z
+imported = 2025-11-04T03:26:39.806Z
+modified = 2025-11-03T21:16:01.673Z
 published = 2023-10-06T22:15:11.660Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-45322"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-45322"
diff --git a/advisories/published/2025/JLSEC-2025-83.md b/advisories/published/2025/JLSEC-2025-83.md
index 24e18a8e..7912938a 100644
--- a/advisories/published/2025/JLSEC-2025-83.md
+++ b/advisories/published/2025/JLSEC-2025-83.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-83"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-17T17:40:51.659Z
 upstream = ["CVE-2024-25062"]
-references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "https://gitlab.gnome.org/GNOME/libxml2/-/tags"]
+references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", "https://security.netapp.com/advisory/ntap-20241018-0009/"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.12.5+0"]
 
 [[jlsec_sources]]
 id = "CVE-2024-25062"
-imported = 2025-10-28T18:09:09.638Z
-modified = 2025-05-09T18:16:03.707Z
+imported = 2025-11-04T03:26:54.574Z
+modified = 2025-11-03T22:16:47.667Z
 published = 2024-02-04T16:15:45.120Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-25062"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
diff --git a/advisories/published/2025/JLSEC-2025-84.md b/advisories/published/2025/JLSEC-2025-84.md
index 720bd118..db141669 100644
--- a/advisories/published/2025/JLSEC-2025-84.md
+++ b/advisories/published/2025/JLSEC-2025-84.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-84"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-17T17:40:51.659Z
 upstream = ["CVE-2024-34459"]
-references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/"]
+references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.12.7+0"]
 
 [[jlsec_sources]]
 id = "CVE-2024-34459"
-imported = 2025-10-28T18:09:09.639Z
-modified = 2025-10-10T18:00:14.990Z
+imported = 2025-11-04T03:30:14.954Z
+modified = 2025-11-03T20:16:12.470Z
 published = 2024-05-14T15:39:11.917Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-34459"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-34459"
diff --git a/advisories/published/2025/JLSEC-2025-85.md b/advisories/published/2025/JLSEC-2025-85.md
index 5eaa2a38..75dd3cc7 100644
--- a/advisories/published/2025/JLSEC-2025-85.md
+++ b/advisories/published/2025/JLSEC-2025-85.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-85"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-17T17:40:51.659Z
 upstream = ["CVE-2022-49043"]
-references = ["https://github.com/php/php-src/issues/17467", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b"]
+references = ["https://github.com/php/php-src/issues/17467", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b", "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.12.0+0"]
 
 [[jlsec_sources]]
 id = "CVE-2022-49043"
-imported = 2025-10-28T18:09:09.640Z
-modified = 2025-10-07T16:24:00.340Z
+imported = 2025-11-04T04:06:39.829Z
+modified = 2025-11-03T21:15:55.003Z
 published = 2025-01-26T06:15:21.000Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2022-49043"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2022-49043"
diff --git a/advisories/published/2025/JLSEC-2025-86.md b/advisories/published/2025/JLSEC-2025-86.md
index 31954ced..458f9cf1 100644
--- a/advisories/published/2025/JLSEC-2025-86.md
+++ b/advisories/published/2025/JLSEC-2025-86.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-86"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-17T17:40:51.659Z
 upstream = ["CVE-2024-56171"]
-references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/828", "https://security.netapp.com/advisory/ntap-20250328-0010/"]
+references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/828", "http://seclists.org/fulldisclosure/2025/Apr/10", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/5", "http://seclists.org/fulldisclosure/2025/Apr/8", "http://seclists.org/fulldisclosure/2025/Apr/9", "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", "https://security.netapp.com/advisory/ntap-20250328-0010/"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.13.6+1"]
 
 [[jlsec_sources]]
 id = "CVE-2024-56171"
-imported = 2025-10-28T18:09:09.642Z
-modified = 2025-10-16T19:39:26.400Z
+imported = 2025-11-04T04:08:00.386Z
+modified = 2025-11-03T21:17:50.750Z
 published = 2025-02-18T22:15:12.797Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-56171"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2024-56171"
diff --git a/advisories/published/2025/JLSEC-2025-87.md b/advisories/published/2025/JLSEC-2025-87.md
index 20106cfe..123b3717 100644
--- a/advisories/published/2025/JLSEC-2025-87.md
+++ b/advisories/published/2025/JLSEC-2025-87.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-87"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-17T17:40:51.659Z
 upstream = ["CVE-2025-24928"]
-references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/847", "https://issues.oss-fuzz.com/issues/392687022", "https://security.netapp.com/advisory/ntap-20250321-0006/"]
+references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/847", "https://issues.oss-fuzz.com/issues/392687022", "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", "https://security.netapp.com/advisory/ntap-20250321-0006/"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.13.6+1"]
 
 [[jlsec_sources]]
 id = "CVE-2025-24928"
-imported = 2025-10-28T18:09:09.643Z
-modified = 2025-10-16T19:34:33.453Z
+imported = 2025-11-04T04:08:03.518Z
+modified = 2025-11-03T22:18:40.877Z
 published = 2025-02-18T23:15:10.250Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-24928"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-24928"
diff --git a/advisories/published/2025/JLSEC-2025-88.md b/advisories/published/2025/JLSEC-2025-88.md
index 97ae33b7..0a54e30b 100644
--- a/advisories/published/2025/JLSEC-2025-88.md
+++ b/advisories/published/2025/JLSEC-2025-88.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-88"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-17T17:40:51.659Z
 upstream = ["CVE-2025-27113"]
-references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", "https://security.netapp.com/advisory/ntap-20250306-0004/"]
+references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", "http://seclists.org/fulldisclosure/2025/Apr/10", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/5", "http://seclists.org/fulldisclosure/2025/Apr/8", "http://seclists.org/fulldisclosure/2025/Apr/9", "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", "https://security.netapp.com/advisory/ntap-20250306-0004/"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.13.6+1"]
 
 [[jlsec_sources]]
 id = "CVE-2025-27113"
-imported = 2025-10-28T18:09:09.645Z
-modified = 2025-03-07T01:15:12.823Z
+imported = 2025-11-04T04:08:06.884Z
+modified = 2025-11-03T22:18:43.340Z
 published = 2025-02-18T23:15:10.960Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-27113"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-27113"
diff --git a/advisories/published/2025/JLSEC-2025-89.md b/advisories/published/2025/JLSEC-2025-89.md
index 5c32dc52..b8c0518c 100644
--- a/advisories/published/2025/JLSEC-2025-89.md
+++ b/advisories/published/2025/JLSEC-2025-89.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-89"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-17T17:40:51.659Z
 upstream = ["CVE-2025-32414"]
-references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"]
+references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.13.8+0", ">= 2.14.1+0, < 2.14.4+0"]
 
 [[jlsec_sources]]
 id = "CVE-2025-32414"
-imported = 2025-10-28T18:09:09.647Z
-modified = 2025-04-23T19:09:35.517Z
+imported = 2025-11-04T04:12:36.262Z
+modified = 2025-11-03T20:18:27.087Z
 published = 2025-04-08T03:15:15.940Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-32414"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-32414"
diff --git a/advisories/published/2025/JLSEC-2025-90.md b/advisories/published/2025/JLSEC-2025-90.md
index f2f0c2f0..cc940298 100644
--- a/advisories/published/2025/JLSEC-2025-90.md
+++ b/advisories/published/2025/JLSEC-2025-90.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-90"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-17T17:40:51.659Z
 upstream = ["CVE-2025-32415"]
-references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"]
+references = ["https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890"]
 
 [[affected]]
 pkg = "XML2_jll"
@@ -12,8 +12,8 @@ ranges = ["< 2.13.8+0", ">= 2.14.1+0, < 2.14.4+0"]
 
 [[jlsec_sources]]
 id = "CVE-2025-32415"
-imported = 2025-10-28T18:09:09.648Z
-modified = 2025-04-23T18:17:52.053Z
+imported = 2025-11-04T04:13:45.488Z
+modified = 2025-11-03T20:18:27.213Z
 published = 2025-04-17T17:15:33.733Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-32415"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-32415"
diff --git a/advisories/published/2025/JLSEC-2025-95.md b/advisories/published/2025/JLSEC-2025-95.md
index 9326a9af..59a206e1 100644
--- a/advisories/published/2025/JLSEC-2025-95.md
+++ b/advisories/published/2025/JLSEC-2025-95.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-95"
 modified = 2025-10-31T18:41:21.318Z
 published = 2025-10-19T18:40:48.457Z
 upstream = ["CVE-2023-48795"]
-references = ["http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "http://seclists.org/fulldisclosure/2024/Mar/21", "http://www.openwall.com/lists/oss-security/2023/12/18/3", "http://www.openwall.com/lists/oss-security/2023/12/19/5", "http://www.openwall.com/lists/oss-security/2023/12/20/3", "http://www.openwall.com/lists/oss-security/2024/03/06/3", "http://www.openwall.com/lists/oss-security/2024/04/17/8", "https://access.redhat.com/security/cve/cve-2023-48795", "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "https://bugs.gentoo.org/920280", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "https://crates.io/crates/thrussh/versions", "https://filezilla-project.org/versions.php", "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "https://github.com/NixOS/nixpkgs/pull/275249", "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "https://github.com/advisories/GHSA-45x7-px36-x8w8", "https://github.com/apache/mina-sshd/issues/445", "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "https://github.com/cyd01/KiTTY/issues/520", "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "https://github.com/hierynomus/sshj/issues/916", "https://github.com/janmojzis/tinyssh/issues/81", "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "https://github.com/libssh2/libssh2/pull/1291", "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "https://github.com/mwiede/jsch/issues/457", "https://github.com/mwiede/jsch/pull/461", "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "https://github.com/openssh/openssh-portable/commits/master", "https://github.com/paramiko/paramiko/issues/2337", "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "https://github.com/proftpd/proftpd/issues/456", "https://github.com/rapier1/hpn-ssh/releases", "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "https://github.com/ronf/asyncssh/tags", "https://github.com/ssh-mitm/ssh-mitm/issues/165", "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "https://gitlab.com/libssh/libssh-mirror/-/tags", "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "https://help.panic.com/releasenotes/transmit5/", "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "https://matt.ucc.asn.au/dropbear/CHANGES", "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "https://news.ycombinator.com/item?id=38684904", "https://news.ycombinator.com/item?id=38685286", "https://news.ycombinator.com/item?id=38732005", "https://nova.app/releases/#v11.8", "https://oryx-embedded.com/download/#changelog", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "https://roumenpetrov.info/secsh/#news20231220", "https://security-tracker.debian.org/tracker/CVE-2023-48795", "https://security-tracker.debian.org/tracker/source-package/libssh2", "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "https://security.gentoo.org/glsa/202312-16", "https://security.gentoo.org/glsa/202312-17", "https://security.netapp.com/advisory/ntap-20240105-0004/", "https://support.apple.com/kb/HT214084", "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "https://twitter.com/TrueSkrillor/status/1736774389725565005", "https://ubuntu.com/security/CVE-2023-48795", "https://winscp.net/eng/docs/history#6.2.2", "https://www.bitvise.com/ssh-client-version-history#933", "https://www.bitvise.com/ssh-server-version-history", "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "https://www.debian.org/security/2023/dsa-5586", "https://www.debian.org/security/2023/dsa-5588", "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "https://www.netsarang.com/en/xshell-update-history/", "https://www.openssh.com/openbsd.html", "https://www.openssh.com/txt/release-9.6", "https://www.openwall.com/lists/oss-security/2023/12/18/2", "https://www.openwall.com/lists/oss-security/2023/12/20/3", "https://www.paramiko.org/changelog.html", "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "https://www.terrapin-attack.com", "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "https://www.vandyke.com/products/securecrt/history.txt", "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "http://seclists.org/fulldisclosure/2024/Mar/21", "http://www.openwall.com/lists/oss-security/2023/12/18/3", "http://www.openwall.com/lists/oss-security/2023/12/19/5", "http://www.openwall.com/lists/oss-security/2023/12/20/3", "http://www.openwall.com/lists/oss-security/2024/03/06/3", "http://www.openwall.com/lists/oss-security/2024/04/17/8", "https://access.redhat.com/security/cve/cve-2023-48795", "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "https://bugs.gentoo.org/920280", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "https://crates.io/crates/thrussh/versions", "https://filezilla-project.org/versions.php", "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "https://github.com/NixOS/nixpkgs/pull/275249", "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "https://github.com/advisories/GHSA-45x7-px36-x8w8", "https://github.com/apache/mina-sshd/issues/445", "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "https://github.com/cyd01/KiTTY/issues/520", "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "https://github.com/hierynomus/sshj/issues/916", "https://github.com/janmojzis/tinyssh/issues/81", "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "https://github.com/libssh2/libssh2/pull/1291", "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "https://github.com/mwiede/jsch/issues/457", "https://github.com/mwiede/jsch/pull/461", "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "https://github.com/openssh/openssh-portable/commits/master", "https://github.com/paramiko/paramiko/issues/2337", "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "https://github.com/proftpd/proftpd/issues/456", "https://github.com/rapier1/hpn-ssh/releases", "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "https://github.com/ronf/asyncssh/tags", "https://github.com/ssh-mitm/ssh-mitm/issues/165", "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "https://gitlab.com/libssh/libssh-mirror/-/tags", "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "https://help.panic.com/releasenotes/transmit5/", "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "https://matt.ucc.asn.au/dropbear/CHANGES", "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "https://news.ycombinator.com/item?id=38684904", "https://news.ycombinator.com/item?id=38685286", "https://news.ycombinator.com/item?id=38732005", "https://nova.app/releases/#v11.8", "https://oryx-embedded.com/download/#changelog", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "https://roumenpetrov.info/secsh/#news20231220", "https://security-tracker.debian.org/tracker/CVE-2023-48795", "https://security-tracker.debian.org/tracker/source-package/libssh2", "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "https://security.gentoo.org/glsa/202312-16", "https://security.gentoo.org/glsa/202312-17", "https://security.netapp.com/advisory/ntap-20240105-0004/", "https://support.apple.com/kb/HT214084", "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "https://twitter.com/TrueSkrillor/status/1736774389725565005", "https://ubuntu.com/security/CVE-2023-48795", "https://winscp.net/eng/docs/history#6.2.2", "https://www.bitvise.com/ssh-client-version-history#933", "https://www.bitvise.com/ssh-server-version-history", "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "https://www.debian.org/security/2023/dsa-5586", "https://www.debian.org/security/2023/dsa-5588", "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "https://www.netsarang.com/en/xshell-update-history/", "https://www.openssh.com/openbsd.html", "https://www.openssh.com/txt/release-9.6", "https://www.openwall.com/lists/oss-security/2023/12/18/2", "https://www.openwall.com/lists/oss-security/2023/12/20/3", "https://www.paramiko.org/changelog.html", "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "https://www.terrapin-attack.com", "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "https://www.vandyke.com/products/securecrt/history.txt", "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"]
+references = ["http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "http://seclists.org/fulldisclosure/2024/Mar/21", "http://www.openwall.com/lists/oss-security/2023/12/18/3", "http://www.openwall.com/lists/oss-security/2023/12/19/5", "http://www.openwall.com/lists/oss-security/2023/12/20/3", "http://www.openwall.com/lists/oss-security/2024/03/06/3", "http://www.openwall.com/lists/oss-security/2024/04/17/8", "https://access.redhat.com/security/cve/cve-2023-48795", "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "https://bugs.gentoo.org/920280", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "https://crates.io/crates/thrussh/versions", "https://filezilla-project.org/versions.php", "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "https://github.com/NixOS/nixpkgs/pull/275249", "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "https://github.com/advisories/GHSA-45x7-px36-x8w8", "https://github.com/apache/mina-sshd/issues/445", "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "https://github.com/cyd01/KiTTY/issues/520", "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "https://github.com/hierynomus/sshj/issues/916", "https://github.com/janmojzis/tinyssh/issues/81", "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "https://github.com/libssh2/libssh2/pull/1291", "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "https://github.com/mwiede/jsch/issues/457", "https://github.com/mwiede/jsch/pull/461", "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "https://github.com/openssh/openssh-portable/commits/master", "https://github.com/paramiko/paramiko/issues/2337", "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "https://github.com/proftpd/proftpd/issues/456", "https://github.com/rapier1/hpn-ssh/releases", "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "https://github.com/ronf/asyncssh/tags", "https://github.com/ssh-mitm/ssh-mitm/issues/165", "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "https://gitlab.com/libssh/libssh-mirror/-/tags", "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "https://help.panic.com/releasenotes/transmit5/", "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "https://matt.ucc.asn.au/dropbear/CHANGES", "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "https://news.ycombinator.com/item?id=38684904", "https://news.ycombinator.com/item?id=38685286", "https://news.ycombinator.com/item?id=38732005", "https://nova.app/releases/#v11.8", "https://oryx-embedded.com/download/#changelog", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "https://roumenpetrov.info/secsh/#news20231220", "https://security-tracker.debian.org/tracker/CVE-2023-48795", "https://security-tracker.debian.org/tracker/source-package/libssh2", "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "https://security.gentoo.org/glsa/202312-16", "https://security.gentoo.org/glsa/202312-17", "https://security.netapp.com/advisory/ntap-20240105-0004/", "https://support.apple.com/kb/HT214084", "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "https://twitter.com/TrueSkrillor/status/1736774389725565005", "https://ubuntu.com/security/CVE-2023-48795", "https://winscp.net/eng/docs/history#6.2.2", "https://www.bitvise.com/ssh-client-version-history#933", "https://www.bitvise.com/ssh-server-version-history", "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "https://www.debian.org/security/2023/dsa-5586", "https://www.debian.org/security/2023/dsa-5588", "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "https://www.netsarang.com/en/xshell-update-history/", "https://www.openssh.com/openbsd.html", "https://www.openssh.com/txt/release-9.6", "https://www.openwall.com/lists/oss-security/2023/12/18/2", "https://www.openwall.com/lists/oss-security/2023/12/20/3", "https://www.paramiko.org/changelog.html", "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "https://www.terrapin-attack.com", "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "https://www.vandyke.com/products/securecrt/history.txt", "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "http://seclists.org/fulldisclosure/2024/Mar/21", "http://www.openwall.com/lists/oss-security/2023/12/18/3", "http://www.openwall.com/lists/oss-security/2023/12/19/5", "http://www.openwall.com/lists/oss-security/2023/12/20/3", "http://www.openwall.com/lists/oss-security/2024/03/06/3", "http://www.openwall.com/lists/oss-security/2024/04/17/8", "https://access.redhat.com/security/cve/cve-2023-48795", "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "https://bugs.gentoo.org/920280", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "https://crates.io/crates/thrussh/versions", "https://filezilla-project.org/versions.php", "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "https://github.com/NixOS/nixpkgs/pull/275249", "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "https://github.com/advisories/GHSA-45x7-px36-x8w8", "https://github.com/apache/mina-sshd/issues/445", "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "https://github.com/cyd01/KiTTY/issues/520", "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "https://github.com/hierynomus/sshj/issues/916", "https://github.com/janmojzis/tinyssh/issues/81", "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "https://github.com/libssh2/libssh2/pull/1291", "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "https://github.com/mwiede/jsch/issues/457", "https://github.com/mwiede/jsch/pull/461", "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "https://github.com/openssh/openssh-portable/commits/master", "https://github.com/paramiko/paramiko/issues/2337", "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "https://github.com/proftpd/proftpd/issues/456", "https://github.com/rapier1/hpn-ssh/releases", "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "https://github.com/ronf/asyncssh/tags", "https://github.com/ssh-mitm/ssh-mitm/issues/165", "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "https://gitlab.com/libssh/libssh-mirror/-/tags", "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "https://help.panic.com/releasenotes/transmit5/", "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "https://matt.ucc.asn.au/dropbear/CHANGES", "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "https://news.ycombinator.com/item?id=38684904", "https://news.ycombinator.com/item?id=38685286", "https://news.ycombinator.com/item?id=38732005", "https://nova.app/releases/#v11.8", "https://oryx-embedded.com/download/#changelog", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "https://roumenpetrov.info/secsh/#news20231220", "https://security-tracker.debian.org/tracker/CVE-2023-48795", "https://security-tracker.debian.org/tracker/source-package/libssh2", "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "https://security.gentoo.org/glsa/202312-16", "https://security.gentoo.org/glsa/202312-17", "https://security.netapp.com/advisory/ntap-20240105-0004/", "https://support.apple.com/kb/HT214084", "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "https://twitter.com/TrueSkrillor/status/1736774389725565005", "https://ubuntu.com/security/CVE-2023-48795", "https://winscp.net/eng/docs/history#6.2.2", "https://www.bitvise.com/ssh-client-version-history#933", "https://www.bitvise.com/ssh-server-version-history", "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "https://www.debian.org/security/2023/dsa-5586", "https://www.debian.org/security/2023/dsa-5588", "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "https://www.netsarang.com/en/xshell-update-history/", "https://www.openssh.com/openbsd.html", "https://www.openssh.com/txt/release-9.6", "https://www.openwall.com/lists/oss-security/2023/12/18/2", "https://www.openwall.com/lists/oss-security/2023/12/20/3", "https://www.paramiko.org/changelog.html", "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "https://www.terrapin-attack.com", "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "https://www.vandyke.com/products/securecrt/history.txt", "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"]
 
 [[affected]]
 pkg = "LibSSH2_jll"
@@ -15,8 +15,8 @@ ranges = ["< 9.9.1+0"]
 
 [[jlsec_sources]]
 id = "CVE-2023-48795"
-imported = 2025-10-18T14:10:40.045Z
-modified = 2025-09-29T21:56:10.567Z
+imported = 2025-11-04T03:26:47.807Z
+modified = 2025-11-03T22:16:29.467Z
 published = 2023-12-18T16:15:10.897Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-48795"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
diff --git a/advisories/published/2025/JLSEC-2025-96.md b/advisories/published/2025/JLSEC-2025-96.md
index 2b7a9244..d7e8b0c9 100644
--- a/advisories/published/2025/JLSEC-2025-96.md
+++ b/advisories/published/2025/JLSEC-2025-96.md
@@ -4,7 +4,7 @@ id = "JLSEC-2025-96"
 modified = 2025-11-03T15:18:39.722Z
 published = 2025-10-19T18:40:48.457Z
 upstream = ["CVE-2025-5318"]
-references = ["https://access.redhat.com/errata/RHSA-2025:18231", "https://access.redhat.com/errata/RHSA-2025:18275", "https://access.redhat.com/errata/RHSA-2025:18286", "https://access.redhat.com/errata/RHSA-2025:19012", "https://access.redhat.com/errata/RHSA-2025:19098", "https://access.redhat.com/errata/RHSA-2025:19101", "https://access.redhat.com/errata/RHSA-2025:19400", "https://access.redhat.com/security/cve/CVE-2025-5318", "https://bugzilla.redhat.com/show_bug.cgi?id=2369131", "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"]
+references = ["https://access.redhat.com/errata/RHSA-2025:18231", "https://access.redhat.com/errata/RHSA-2025:18275", "https://access.redhat.com/errata/RHSA-2025:18286", "https://access.redhat.com/errata/RHSA-2025:19012", "https://access.redhat.com/errata/RHSA-2025:19098", "https://access.redhat.com/errata/RHSA-2025:19101", "https://access.redhat.com/errata/RHSA-2025:19400", "https://access.redhat.com/errata/RHSA-2025:19401", "https://access.redhat.com/errata/RHSA-2025:19470", "https://access.redhat.com/errata/RHSA-2025:19472", "https://access.redhat.com/security/cve/CVE-2025-5318", "https://bugzilla.redhat.com/show_bug.cgi?id=2369131", "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"]
 
 [[affected]]
 pkg = "libssh_jll"
@@ -12,8 +12,8 @@ ranges = ["< 0.11.3+0"]
 
 [[jlsec_sources]]
 id = "CVE-2025-5318"
-imported = 2025-11-03T03:34:02.572Z
-modified = 2025-11-03T02:15:42.123Z
+imported = 2025-11-04T04:17:22.828Z
+modified = 2025-11-03T13:15:36.603Z
 published = 2025-06-24T14:15:30.523Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5318"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"