Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 1cdd0338e2e7 · 2025-12-05T22:57:19.000Z
GHSA-3mwv-j45g-vp3w GHSA-q5hg-wppq-r2cc
diff --git a/advisories/github-reviewed/2025/12/GHSA-3mwv-j45g-vp3w/GHSA-3mwv-j45g-vp3w.json b/advisories/github-reviewed/2025/12/GHSA-3mwv-j45g-vp3w/GHSA-3mwv-j45g-vp3w.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3mwv-j45g-vp3w",
-  "modified": "2025-12-05T02:18:39Z",
+  "modified": "2025-12-05T22:55:41Z",
   "published": "2025-12-04T18:30:53Z",
   "aliases": [
     "CVE-2025-56427"
   ],
   "summary": "ComposioHQ has a directory traversal vulnerability",
   "details": "Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via the _download_file_or_dir function.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"
@@ -55,6 +59,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
+      "CWE-200",
       "CWE-22"
     ],
     "severity": "MODERATE",
diff --git a/advisories/github-reviewed/2025/12/GHSA-q5hg-wppq-r2cc/GHSA-q5hg-wppq-r2cc.json b/advisories/github-reviewed/2025/12/GHSA-q5hg-wppq-r2cc/GHSA-q5hg-wppq-r2cc.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q5hg-wppq-r2cc",
-  "modified": "2025-12-05T18:58:59Z",
+  "modified": "2025-12-05T22:55:29Z",
   "published": "2025-12-04T15:30:33Z",
   "aliases": [
     "CVE-2025-65346"
   ],
   "summary": "alexusmai laravel-file-manager is vulnerable to Directory Traversal via the unzip/extraction functionality",
   "details": "alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to insufficient validation of extraction paths.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P"
@@ -44,6 +48,10 @@
       "type": "WEB",
       "url": "https://github.com/Theethat-Thamwasin/CVE-2025-65346"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/Theethat-Thamwasin/CVE-2025-65346/blob/main/POC-CVE-65346.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/alexusmai/laravel-file-manager"
