github · kristentr · Mar 9, 2026 · Mar 9, 2026 · Mar 9, 2026 · Mar 9, 2026
diff --git a/advisories/github-reviewed/2017/10/GHSA-4whc-pp4x-9pf3/GHSA-4whc-pp4x-9pf3.json b/advisories/github-reviewed/2017/10/GHSA-4whc-pp4x-9pf3/GHSA-4whc-pp4x-9pf3.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4whc-pp4x-9pf3",
-  "modified": "2023-01-20T22:28:49Z",
+  "modified": "2026-01-14T21:44:14Z",
   "published": "2017-10-24T18:33:36Z",
   "aliases": [
     "CVE-2015-1840"
@@ -89,6 +89,10 @@
       "type": "WEB",
       "url": "https://github.com/rails/jquery-ujs/blob/master/CHANGELOG.md"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2015-1840.yml"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-ujs/CVE-2015-1840.yml"
@@ -129,6 +133,6 @@
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2020-06-16T20:59:28Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2015-07-26T22:59:00Z"
   }
 }
diff --git a/advisories/github-reviewed/2017/10/GHSA-x6fg-f45m-jf5q/GHSA-x6fg-f45m-jf5q.json b/advisories/github-reviewed/2017/10/GHSA-x6fg-f45m-jf5q/GHSA-x6fg-f45m-jf5q.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-x6fg-f45m-jf5q",
-  "modified": "2021-09-21T22:15:35Z",
+  "modified": "2026-03-03T20:03:27Z",
   "published": "2017-10-24T18:33:36Z",
   "aliases": [
     "CVE-2015-8855"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.0.4"
             },
             {
               "fixed": "4.3.2"
@@ -40,10 +40,26 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8855"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/github/advisory-database/pull/7102"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/npm/node-semver/commit/5c4c9f6e26c7052a42b5ced2a7481c5c9b4363a0"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/npm/node-semver/commit/c80180d8341a8ada0236815c29a2be59864afd70"
+    },
     {
       "type": "ADVISORY",
       "url": "https://github.com/advisories/GHSA-x6fg-f45m-jf5q"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/npm/node-semver"
+    },
     {
       "type": "WEB",
       "url": "https://www.npmjs.com/advisories/31"
@@ -68,6 +84,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2020-06-16T22:02:25Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2017-01-23T21:59:00Z"
   }
 }
diff --git a/advisories/github-reviewed/2018/08/GHSA-pv4c-p2j5-38j4/GHSA-pv4c-p2j5-38j4.json b/advisories/github-reviewed/2018/08/GHSA-pv4c-p2j5-38j4/GHSA-pv4c-p2j5-38j4.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pv4c-p2j5-38j4",
-  "modified": "2023-09-11T22:06:04Z",
+  "modified": "2026-01-23T20:10:56Z",
   "published": "2018-08-13T15:02:15Z",
   "aliases": [
     "CVE-2018-3774"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.0.0"
             },
             {
               "fixed": "1.4.3"
@@ -40,6 +40,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3774"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/unshiftio/url-parse/commit/209c296d302317268afbe19700a70c63ecbeb2d2"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/unshiftio/url-parse/commit/53b1794e54d0711ceb52505e0f74145270570d5a"
@@ -53,12 +57,12 @@
       "url": "https://hackerone.com/reports/384029"
     },
     {
-      "type": "ADVISORY",
-      "url": "https://github.com/advisories/GHSA-pv4c-p2j5-38j4"
+      "type": "PACKAGE",
+      "url": "https://github.com/unshiftio/url-parse"
     },
     {
       "type": "WEB",
-      "url": "https://www.npmjs.com/advisories/678"
+      "url": "https://github.com/unshiftio/url-parse/compare/0.2.3...1.0.0"
     }
   ],
   "database_specific": {

diff --git a/advisories/github-reviewed/2019/02/GHSA-j6p2-cx3w-6jcp/GHSA-j6p2-cx3w-6jcp.json b/advisories/github-reviewed/2019/02/GHSA-j6p2-cx3w-6jcp/GHSA-j6p2-cx3w-6jcp.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j6p2-cx3w-6jcp",
-  "modified": "2023-09-13T23:00:58Z",
+  "modified": "2026-01-16T22:08:33Z",
   "published": "2019-02-18T23:39:55Z",
   "aliases": [
     "CVE-2016-10537"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "0.3.3"
             },
             {
               "fixed": "0.5.0"
@@ -44,21 +44,25 @@
       "type": "WEB",
       "url": "https://github.com/jashkenas/backbone/commit/0cdc525961d3fa98e810ffae6bcc8e3838e36d93"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jashkenas/backbone/commit/7ae0384120c2552e1c426cda7fb02fdce6ef1076"
+    },
     {
       "type": "WEB",
       "url": "https://backbonejs.org/#changelog"
     },
     {
-      "type": "ADVISORY",
-      "url": "https://github.com/advisories/GHSA-j6p2-cx3w-6jcp"
+      "type": "PACKAGE",
+      "url": "https://github.com/jashkenas/backbone"
     },
     {
       "type": "WEB",
-      "url": "https://github.com/jashkenas/backbone/compare/0.3.3...0.5.0#diff-0d56d0d310de7ff18b3cef9c2f8f75dcL1008"
+      "url": "https://github.com/jashkenas/backbone/blame/0cdc525961d3fa98e810ffae6bcc8e3838e36d93/backbone.js"
     },
     {
       "type": "WEB",
-      "url": "https://www.npmjs.com/advisories/108"
+      "url": "https://github.com/jashkenas/backbone/compare/0.3.3...0.5.0#diff-0d56d0d310de7ff18b3cef9c2f8f75dcL1008"
     }
   ],
   "database_specific": {

diff --git a/advisories/github-reviewed/2019/02/GHSA-qrmc-fj45-qfc2/GHSA-qrmc-fj45-qfc2.json b/advisories/github-reviewed/2019/02/GHSA-qrmc-fj45-qfc2/GHSA-qrmc-fj45-qfc2.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qrmc-fj45-qfc2",
-  "modified": "2020-08-31T18:43:30Z",
+  "modified": "2026-01-22T21:48:14Z",
   "published": "2019-02-07T18:03:28Z",
   "aliases": [
     "CVE-2018-16492"
@@ -39,7 +39,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.1.3"
             },
             {
               "fixed": "2.0.2"
@@ -56,15 +56,23 @@
     },
     {
       "type": "WEB",
-      "url": "https://hackerone.com/reports/381185"
+      "url": "https://github.com/github/advisory-database/pull/6695"
     },
     {
-      "type": "ADVISORY",
-      "url": "https://github.com/advisories/GHSA-qrmc-fj45-qfc2"
+      "type": "WEB",
+      "url": "https://github.com/justmoon/node-extend/pull/48"
     },
     {
       "type": "WEB",
-      "url": "https://www.npmjs.com/advisories/996"
+      "url": "https://github.com/justmoon/node-extend/commit/0e68e71d93507fcc391e398bc84abd0666b28190"
+    },
+    {
+      "type": "WEB",
+      "url": "https://hackerone.com/reports/381185"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/justmoon/node-extend"
     }
   ],
   "database_specific": {

diff --git a/advisories/github-reviewed/2019/05/GHSA-qr32-j4j6-3m7r/GHSA-qr32-j4j6-3m7r.json b/advisories/github-reviewed/2019/05/GHSA-qr32-j4j6-3m7r/GHSA-qr32-j4j6-3m7r.json
@@ -1,13 +1,14 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qr32-j4j6-3m7r",
-  "modified": "2020-08-31T18:20:27Z",
+  "modified": "2026-01-23T22:50:14Z",
   "published": "2019-05-29T20:23:00Z",
+  "withdrawn": "2026-01-23T22:50:14Z",
   "aliases": [
     "CVE-2017-16087"
   ],
-  "summary": "Command Injection in fs-git",
-  "details": "Affected versions of `fs-git` do not sanitize strings passed into the `buildCommand` method, resulting in arbitrary code execution.\n\n\n## Recommendation\n\nUpdate to version 1.0.2 or later. ",
+  "summary": "Duplicate Advisory: Command Injection in fs-git",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-wp3j-gv53-4pg8. This link is maintained to preserve external references.\n\n## Original Description\nAffected versions of `fs-git` do not sanitize strings passed into the `buildCommand` method, resulting in arbitrary code execution.\n\n\n## Recommendation\n\nUpdate to version 1.0.2 or later.",
   "severity": [],
   "affected": [
     {

diff --git a/advisories/github-reviewed/2019/05/GHSA-vmhw-fhj6-m3g5/GHSA-vmhw-fhj6-m3g5.json b/advisories/github-reviewed/2019/05/GHSA-vmhw-fhj6-m3g5/GHSA-vmhw-fhj6-m3g5.json
@@ -1,12 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vmhw-fhj6-m3g5",
-  "modified": "2020-08-31T18:31:33Z",
+  "modified": "2026-02-11T22:27:32Z",
   "published": "2019-05-31T23:46:33Z",
   "aliases": [],
   "summary": "Path Traversal in angular-http-server",
   "details": "Versions of `angular-http-server` before 1.4.4 are vulnerable to path traversal.\n\n\n## Recommendation\n\nUpdate to version 1.4.4 or later.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -37,6 +42,10 @@
       "type": "WEB",
       "url": "https://hackerone.com/reports/330349"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/simonh1000/angular-http-server"
+    },
     {
       "type": "WEB",
       "url": "https://www.npmjs.com/advisories/656"

diff --git a/advisories/github-reviewed/2019/06/GHSA-3fc5-9x9m-vqc4/GHSA-3fc5-9x9m-vqc4.json b/advisories/github-reviewed/2019/06/GHSA-3fc5-9x9m-vqc4/GHSA-3fc5-9x9m-vqc4.json
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3fc5-9x9m-vqc4",
-  "modified": "2021-08-04T21:25:59Z",
+  "modified": "2026-02-03T19:36:21Z",
   "published": "2019-06-03T17:31:32Z",
+  "withdrawn": "2026-02-03T19:36:21Z",
   "aliases": [],
-  "summary": "Privilege Escalation in express-cart",
-  "details": "Versions of `express-cart` before 1.1.6 are vulnerable to privilege escalation. This vulnerability can be exploited so that normal users can escalate their privilege and add new administrator users.\n\n\n## Recommendation\n\nUpdate to version 1.1.6 or later.",
+  "summary": "Duplicate Advisory: Privilege Escalation in express-cart",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hr89-w7p6-pjmq. This link is maintained to preserve external references.\n\n## Original Description\nVersions of `express-cart` before 1.1.6 are vulnerable to privilege escalation. This vulnerability can be exploited so that normal users can escalate their privilege and add new administrator users.\n\n\n## Recommendation\n\nUpdate to version 1.1.6 or later.",
   "severity": [
     {
       "type": "CVSS_V3",

diff --git a/advisories/github-reviewed/2019/06/GHSA-g95f-p29q-9xw4/GHSA-g95f-p29q-9xw4.json b/advisories/github-reviewed/2019/06/GHSA-g95f-p29q-9xw4/GHSA-g95f-p29q-9xw4.json
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g95f-p29q-9xw4",
-  "modified": "2021-08-04T21:35:07Z",
+  "modified": "2026-02-03T17:47:36Z",
   "published": "2019-06-06T15:30:30Z",
+  "withdrawn": "2026-02-03T17:47:36Z",
   "aliases": [],
-  "summary": "Regular Expression Denial of Service in braces",
-  "details": "Versions of `braces` prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 2.3.1 or higher.",
+  "summary": "Duplicate Advisory: Regular Expression Denial of Service in braces",
+  "details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references.\n\n## Original Description\nVersions of `braces` prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.\n\n\n## Recommendation\n\nUpgrade to version 2.3.1 or higher.",
   "severity": [
     {
       "type": "CVSS_V3",

diff --git a/advisories/github-reviewed/2019/06/GHSA-w7q7-vjp8-7jv4/GHSA-w7q7-vjp8-7jv4.json b/advisories/github-reviewed/2019/06/GHSA-w7q7-vjp8-7jv4/GHSA-w7q7-vjp8-7jv4.json
@@ -1,12 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-w7q7-vjp8-7jv4",
-  "modified": "2020-08-31T18:36:13Z",
+  "modified": "2026-02-11T22:05:23Z",
   "published": "2019-06-06T15:30:16Z",
   "aliases": [],
   "summary": "SQL Injection in typeorm",
   "details": "Versions of `typeorm` before 0.1.15 are vulnerable to SQL Injection. Field names are not properly validated allowing attackers to inject SQL statements and execute arbitrary SQL queries.\n\n\n## Recommendation\n\nUpgrade to version 0.1.15",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -37,6 +42,10 @@
       "type": "WEB",
       "url": "https://hackerone.com/reports/319458"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/typeorm/typeorm"
+    },
     {
       "type": "WEB",
       "url": "https://www.npmjs.com/advisories/800"
@@ -46,7 +55,7 @@
     "cwe_ids": [
       "CWE-89"
     ],
-    "severity": "HIGH",
+    "severity": "CRITICAL",
     "github_reviewed": true,
     "github_reviewed_at": "2019-06-05T21:25:43Z",
     "nvd_published_at": null

diff --git a/advisories/github-reviewed/2019/07/GHSA-hf23-9pf7-388p/GHSA-hf23-9pf7-388p.json b/advisories/github-reviewed/2019/07/GHSA-hf23-9pf7-388p/GHSA-hf23-9pf7-388p.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-hf23-9pf7-388p",
-  "modified": "2025-04-01T16:33:05Z",
+  "modified": "2026-02-24T15:32:32Z",
   "published": "2019-07-26T16:09:47Z",
   "aliases": [
     "CVE-2019-10173"
@@ -25,17 +25,17 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.4.10"
             },
             {
               "fixed": "1.4.11"
             }
           ]
         }
       ],
-      "database_specific": {
-        "last_known_affected_version_range": "<= 1.4.10"
-      }
+      "versions": [
+        "1.4.10"
+      ]
     }
   ],
   "references": [