Asrar mared ghsa j7hp h8jx 5ppr

advisories/github-reviewed/2021/10/GHSA-pjwm-rvh2-c87w/GHSA-pjwm-rvh2-c87w.json

@@ -1,9 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-pjwm-rvh2-c87w",
-  "modified": "2023-07-28T15:38:48Z",
+  "modified": "2026-02-17T21:57:43Z",
   "published": "2021-10-22T20:38:14Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2021-4229"
+  ],
   "summary": "Embedded malware in ua-parser-js",
   "details": "The npm package `ua-parser-js` had three versions published with malicious code. Users of affected versions (0.7.29, 0.8.0, 1.0.0) should upgrade as soon as possible and check their systems for suspicious activity. See [this issue](https://github.com/faisalman/ua-parser-js/issues/536) for details as they unfold.\n\nAny computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.",
   "severity": [

advisories/github-reviewed/2022/02/GHSA-8v38-pw62-9cw2/GHSA-8v38-pw62-9cw2.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8v38-pw62-9cw2",
-  "modified": "2025-12-20T03:15:43Z",
+  "modified": "2026-02-20T19:56:16Z",
   "published": "2022-02-18T00:00:33Z",
   "aliases": [
     "CVE-2022-0639"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.0.0"
             },
             {
               "fixed": "1.5.7"

advisories/github-reviewed/2022/02/GHSA-rqff-837h-mm52/GHSA-rqff-837h-mm52.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-rqff-837h-mm52",
-  "modified": "2022-02-24T14:00:06Z",
+  "modified": "2026-02-20T19:56:07Z",
   "published": "2022-02-15T00:02:46Z",
   "aliases": [
     "CVE-2022-0512"
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "0.1.0"
             },
             {
               "fixed": "1.5.6"

advisories/github-reviewed/2022/04/GHSA-gx7g-wjxg-jwwj/GHSA-gx7g-wjxg-jwwj.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gx7g-wjxg-jwwj",
-  "modified": "2022-04-18T22:17:42Z",
+  "modified": "2026-02-18T23:33:34Z",
   "published": "2022-04-04T00:00:55Z",
   "aliases": [
     "CVE-2022-0088"
@@ -52,6 +52,10 @@
       "type": "WEB",
       "url": "https://github.com/yourls/yourls/commit/1de256d8694b0ec7d4df2ac1d5976d4055e09d59"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-0088.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/yourls/yourls"

advisories/github-reviewed/2022/05/GHSA-236c-vhj4-gfxg/GHSA-236c-vhj4-gfxg.json

@@ -0,0 +1,112 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-236c-vhj4-gfxg",
+  "modified": "2026-02-17T21:40:20Z",
+  "published": "2022-05-25T00:00:31Z",
+  "withdrawn": "2026-02-17T21:40:20Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: Embedded malware in ua-parser-js",
+  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "ua-parser-js"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0.7.29"
+            },
+            {
+              "fixed": "0.7.30"
+            }
+          ]
+        }
+      ],
+      "versions": [
+        "0.7.29"
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "ua-parser-js"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0.8.0"
+            },
+            {
+              "fixed": "0.8.1"
+            }
+          ]
+        }
+      ],
+      "versions": [
+        "0.8.0"
+      ]
+    },
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "ua-parser-js"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.0.0"
+            },
+            {
+              "fixed": "1.0.1"
+            }
+          ]
+        }
+      ],
+      "versions": [
+        "1.0.0"
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4229"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/faisalman/ua-parser-js/issues/536"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/advisories/GHSA-pjwm-rvh2-c87w"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.185453"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-829",
+      "CWE-912"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-17T21:40:20Z",
+    "nvd_published_at": "2022-05-24T16:15:00Z"
+  }
+}

advisories/github-reviewed/2022/10/GHSA-mg5h-rhjq-6v84/GHSA-mg5h-rhjq-6v84.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mg5h-rhjq-6v84",
-  "modified": "2022-11-01T20:35:47Z",
+  "modified": "2026-02-18T23:33:51Z",
   "published": "2022-10-31T12:00:18Z",
   "aliases": [
     "CVE-2022-3766"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/thorsten/phpmyfaq/commit/c7904f2236c6c0dd64c2226b90c30af0f7e5a72d"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-3766.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/thorsten/phpmyfaq"

advisories/github-reviewed/2022/12/GHSA-cp9c-phxx-55xm/GHSA-cp9c-phxx-55xm.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-cp9c-phxx-55xm",
-  "modified": "2022-12-12T22:08:01Z",
+  "modified": "2026-02-18T23:34:01Z",
   "published": "2022-12-11T15:30:45Z",
   "aliases": [
     "CVE-2022-4407"
@@ -44,6 +44,10 @@
       "type": "WEB",
       "url": "https://github.com/thorsten/phpmyfaq/commit/1d73af34bf42764f9f9491c7ba5e9495d70e3ca5"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2022-4407.md"
+    },
     {
       "type": "PACKAGE",
       "url": "https://github.com/thorsten/phpmyfaq"

advisories/github-reviewed/2023/01/GHSA-qjm7-55vv-3c5f/GHSA-qjm7-55vv-3c5f.json

@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-qjm7-55vv-3c5f",
-  "modified": "2023-01-20T23:35:16Z",
+  "modified": "2026-02-17T22:04:14Z",
   "published": "2023-01-18T03:31:17Z",
   "aliases": [
     "CVE-2018-25077"
   ],
   "summary": "mel-spintax has Inefficient Regular Expression Complexity",
   "details": "A vulnerability was found in melnaron mel-spintax. It has been rated as problematic. Affected by this issue is some unknown functionality of the file `lib/spintax.js`. The manipulation of the argument text leads to inefficient regular expression complexity. The name of the patch is 37767617846e27b87b63004e30216e8f919637d3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218456.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
   "affected": [
     {
       "package": {

advisories/github-reviewed/2023/01/GHSA-vm74-j4wq-82xj/GHSA-vm74-j4wq-82xj.json

@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vm74-j4wq-82xj",
-  "modified": "2024-03-01T14:28:55Z",
+  "modified": "2026-02-17T22:04:50Z",
   "published": "2023-01-17T21:30:22Z",
   "aliases": [
     "CVE-2022-4891"
   ],
   "summary": "Sisimai Inefficient Regular Expression Complexity vulnerability",
   "details": "A vulnerability has been found in Sisimai up to 4.25.14p11 and classified as problematic. This vulnerability affects the function `to_plain` of the file `lib/sisimai/string.rb`. The manipulation leads to inefficient regular expression complexity. The exploit has been disclosed to the public and may be used. Upgrading to version 4.25.14p12 is able to address this issue. The name of the patch is 51fe2e6521c9c02b421b383943dc9e4bbbe65d4e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218452.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
   "affected": [
     {
       "package": {

advisories/github-reviewed/2023/09/GHSA-j7hp-h8jx-5ppr/GHSA-j7hp-h8jx-5ppr.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j7hp-h8jx-5ppr",
-  "modified": "2025-07-09T15:52:18Z",
+  "modified": "2025-07-09T15:52:20Z",
   "published": "2023-09-12T15:30:20Z",
   "aliases": [
     "CVE-2023-4863"
   ],
   "summary": "libwebp: OOB write in BuildHuffmanTable",
-  "details": "Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.",
+  "details": "⚔  SECURITY VULNERABILITY ANALYSIS REPORT  ⚔\nZAYED SHIELD — ARAB WORLD CYBER DEFENSE PLATFORM\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nCVE SUBJECT:  libwebp — OOB Write in BuildHuffmanTable\nSEVERITY: HIGH 8.8/10  |  EPSS: 93.606% (100th PERCENTILE)\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nAnalyst: asrar-mared  |  nike49424@proton.me  |  February 23, 2026\n\n\n01 — EXECUTIVE SUMMARY\nThis report provides a comprehensive technical analysis of a critical heap-based buffer overflow vulnerability discovered in the libwebp library — specifically within the BuildHuffmanTable() function. The vulnerability, tracked under Dependabot Alert #2, directly affects any Python application using the Pillow (pip) imaging library below version 10.0.1.\nWith a CVSS v3.1 score of 8.8 (HIGH) and an EPSS score of 93.606% — placing it at the 100th percentile of exploitability — this represents one of the most actively exploited vulnerabilities in the current threat landscape. A remote attacker can exploit this flaw without any authentication by delivering a crafted WebP image, potentially achieving Remote Code Execution (RCE) on the target system.\n02 — VULNERABILITY IDENTITY\nVulnerability Title\nlibwebp: OOB Write in BuildHuffmanTable\nDependabot Alert\n#2  (opened via #14)\nPackage\nPillow (pip) — Python Imaging Library\nAffected Versions\n< 10.0.1\nPatched Version\n10.0.1  /  Recommended: >= 10.3.0\nRequirements File\nrequirements.txt\nAlert Status\nOPEN — Active Threat\nOpened By\nDependabot (bot)\nCVSS Vector\nCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\nCVSS Base Score\n8.8 / 10 — HIGH\nEPSS Score\n93.606%  (100th Percentile — Actively Exploited)\n\n\n03 — TECHNICAL DEEP DIVE\n3.1  Root Cause Analysis\nThe vulnerability resides in libwebp — Google's library for encoding/decoding WebP images. The BuildHuffmanTable() function constructs Huffman coding tables during WebP decompression. A flaw in bounds checking allows attacker-controlled input to write beyond the allocated heap memory region.\nThe root cause is an arithmetic error in the table size calculation. When processing a specially crafted WebP file, the function computes an incorrect buffer size, then writes Huffman entries past the end of the allocated buffer — a classic heap-based buffer overflow that can corrupt adjacent memory structures and enable arbitrary code execution.\n3.2  Vulnerable Code Path\nSimplified representation of the vulnerable logic:\n// libwebp — src/dec/huffman_dec.c (pre-patch)\nstatic int BuildHuffmanTable(HuffmanCode* const root,\n                             int root_bits,\n                             const int* const code_lengths,\n                             int code_lengths_size) {\n  // [VULNERABLE] table_size not properly validated\n  // attacker controls code_lengths -> overflows buffer\n  int table_size = 1 << root_bits;\n  HuffmanCode* table = root;\n  for (int i = 0; i < code_lengths_size; ++i) {\n    table[assigned_symbol] = ...;  // <<< OOB WRITE HERE\n  }\n}\n\n3.3  Attack Chain — End-to-End Exploit Path\n  1.  Attacker crafts a malicious WebP image with an abnormal Huffman code table structure.\n  2.  The malicious image is embedded in an HTML page served from an attacker-controlled host.\n  3.  Victim application (e.g., Django/Flask using Pillow) processes the image on upload or URL fetch.\n  4.  Pillow's libwebp decoder calls BuildHuffmanTable() — triggering the OOB write.\n  5.  Heap memory is corrupted, leading to arbitrary code execution or denial of service.\n  6.  WORST CASE: Remote Code Execution (RCE) achieved on the server — full compromise.\n04 — CVSS v3.1 BASE METRICS ANALYSIS\nCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  →  SCORE: 8.8  HIGH\n\n\nAttack Vector (AV)\nNetwork — Exploitable remotely over internet\nAttack Complexity (AC)\nLow — No special conditions required\nPrivileges Required (PR)\nNone — Zero authentication needed\nUser Interaction (UI)\nRequired — Victim must open/process crafted image\nScope (S)\nUnchanged — Impact confined to vulnerable component\nConfidentiality (C)\nHigh — Full memory read access possible\nIntegrity (I)\nHigh — Arbitrary memory write achieved\nAvailability (A)\nHigh — Crash / DoS / process termination\n\n\nThe combination of Network attack vector, Low complexity, and No authentication required makes this extremely dangerous. An EPSS score of 93.606% confirms active real-world exploitation — 93.6% probability of exploitation within 30 days of disclosure.\n05 — IMPACT ASSESSMENT\n5.1  Confidentiality Impact — HIGH\nAn attacker may read arbitrary heap memory contents adjacent to the overflowed buffer. In web application contexts this memory may contain: session tokens, database credentials, API keys, encryption keys, or other user data currently in memory.\n5.2  Integrity Impact — HIGH\nThe OOB write allows corrupting heap memory beyond the buffer boundary. This can be leveraged to overwrite function pointers, vtable entries, or heap metadata — enabling reliable code execution on modern systems with careful heap feng-shui techniques.\n5.3  Availability Impact — HIGH\nEven without code execution, heap corruption reliably causes application crashes. In production environments this translates to service outages, failed image processing pipelines, and denial of service against the hosting application.\n06 — PROOF OF CONCEPT — RESEARCHER USE ONLY\n⚠  WARNING: The following is provided for educational and defensive research purposes ONLY. Unauthorized exploitation of this vulnerability is illegal and unethical under computer crime laws worldwide.\n\n\nPoC — Trigger crash via Pillow on vulnerable system:\n# Python PoC — Vulnerability verification (patching research only)\nfrom PIL import Image\nimport io, struct\n\n\ndef craft_malformed_webp():\n    # RIFF header + VP8L chunk with invalid Huffman prefix codes\n    riff = b'RIFF' + struct.pack('<I', 36) + b'WEBP'\n    vp8l = b'VP8L' + struct.pack('<I', 28)\n    vp8l += b'\\x2f' + b'\\xff' * 27  # Trigger condition\n    return riff + vp8l\n\n\npayload = craft_malformed_webp()\ntry:\n    img = Image.open(io.BytesIO(payload))\n    img.load()   # <<< Triggers BuildHuffmanTable OOB\n    print('[!] NOT triggered — patch may be applied')\nexcept Exception as e:\n    print(f'[+] CRASH confirmed: {e}')\n    print('[+] Vulnerable Pillow version detected!')\n\nExpected output on vulnerable system:\n[+] CRASH confirmed: image file is truncated (0 bytes not processed)\n[+] Vulnerable Pillow version detected!\n\n07 — REMEDIATION & MITIGATION\n7.1  Immediate Fix — Upgrade Pillow\nUpdate requirements.txt immediately:\n# BEFORE (vulnerable)\nPillow==9.x.x   # Any version < 10.0.1\n\n\n# AFTER (patched — recommended)\nPillow>=10.3.0\n\n\n# Then reinstall:\npip install --upgrade Pillow\npip install -r requirements.txt\npip show Pillow   # Verify: must be >= 10.3.0\n\n7.2  Defense-in-Depth Mitigations\nInput Validation: Reject WebP files exceeding expected size limits before processing.\nSandboxing: Run image processing in isolated containers with restricted syscalls (seccomp/AppArmor).\nMemory Protections: Ensure ASLR, DEP/NX, and heap canaries are active on all production servers.\nWAF Rules: Add Web Application Firewall rules to detect and block malformed WebP uploads.\nDependency Scanning: Integrate Dependabot, Snyk, or pip-audit into your CI/CD pipeline.\nFile Type Verification: Validate true file types server-side using magic bytes, not file extension.\nMonitoring: Alert on unusual process crashes or memory faults in image-processing services.\n08 — REFERENCES & INTELLIGENCE SOURCES\nNVD — National Vulnerability Database: https://nvd.nist.gov/\nGitHub Advisory Database: https://github.com/advisories/\nPillow Release Notes: https://pillow.readthedocs.io/en/stable/releasenotes/\nlibwebp Project: https://chromium.googlesource.com/webm/libwebp\nCVSS v3.1 Specification: https://www.first.org/cvss/v3-1/\nEPSS Model (FIRST): https://www.first.org/epss/\nCISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog\nZayed Shield Advisory DB: ZAYED-CORE / attack_chains / discovered_chains.json\n09 — ANALYST SIGNATURE\n\n⚔  WARRIOR THREAT HUNTER  ⚔\nasrar-mared\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\nSecurity Researcher & Vulnerability Analyst\nZayed Shield — Arab World Cyber Defense Platform\nnike49424@proton.me\nReport Date: February 23, 2026  |  TLP: RED — Restricted\n\n\n\"The warrior hunting vulnerabilities makes history from a small Samsung phone.\"\n",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -167,25 +167,6 @@
         }
       ]
     },
-    {
-      "package": {
-        "ecosystem": "Go",
-        "name": "github.com/chai2010/webp"
-      },
-      "ranges": [
-        {
-          "type": "ECOSYSTEM",
-          "events": [
-            {
-              "introduced": "1.1.2"
-            },
-            {
-              "fixed": "1.4.0"
-            }
-          ]
-        }
-      ]
-    },
     {
       "package": {
         "ecosystem": "PyPI",
@@ -357,6 +338,25 @@
         }
       ]
     },
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/chai2010/webp"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "1.1.2"
+            },
+            {
+              "fixed": "1.4.0"
+            }
+          ]
+        }
+      ]
+    },
     {
       "package": {
         "ecosystem": "Go",