github · asrar-mared · Feb 13, 2026 · Feb 13, 2026 · Feb 13, 2026 · Feb 13, 2026
diff --git a/advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json b/advisories/github-reviewed/2025/02/GHSA-76p7-773f-r4q5/GHSA-76p7-773f-r4q5.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-76p7-773f-r4q5",
-  "modified": "2026-01-29T12:30:25Z",
+  "modified": "2026-02-17T03:30:15Z",
   "published": "2025-02-10T18:30:47Z",
   "aliases": [
     "CVE-2024-11831"
@@ -64,6 +64,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/security/cve/CVE-2024-11831"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2026:2769"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:1536"

diff --git a/advisories/github-reviewed/2025/03/GHSA-3jxr-23ph-c89g/GHSA-3jxr-23ph-c89g.json b/advisories/github-reviewed/2025/03/GHSA-3jxr-23ph-c89g/GHSA-3jxr-23ph-c89g.json
@@ -1,13 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3jxr-23ph-c89g",
-  "modified": "2025-06-03T17:32:56Z",
+  "modified": "2026-02-13T20:52:09Z",
   "published": "2025-03-04T18:33:43Z",
-  "aliases": [
-    "CVE-2025-23368"
-  ],
-  "summary": "Wildfly Elytron integration susceptible to brute force attacks via CLI",
-  "details": "A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.",
+  "withdrawn": "2026-02-13T20:52:09Z",
+  "aliases": [],
+  "summary": "Duplicate Advisory: Wildfly Elytron integration susceptible to brute force attacks via CLI",
+  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qhp6-6p8p-2rqh. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.",
   "severity": [
     {
       "type": "CVSS_V3",

diff --git a/advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json b/advisories/github-reviewed/2025/09/GHSA-wp3j-xq48-xpjw/GHSA-wp3j-xq48-xpjw.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wp3j-xq48-xpjw",
-  "modified": "2026-02-09T21:31:02Z",
+  "modified": "2026-02-16T15:32:47Z",
   "published": "2025-09-04T20:01:54Z",
   "aliases": [
     "CVE-2025-9566"
@@ -122,6 +122,10 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:18217"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2025:17669"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:16724"
@@ -158,9 +162,25 @@
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2025:15900"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHEA-2025:4782"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHBA-2025:16163"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHBA-2025:16158"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHBA-2025:15712"
+    },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHBA-2025:15692"
     }
   ],
   "database_specific": {

diff --git a/advisories/github-reviewed/2026/01/GHSA-wv3h-x6c4-r867/GHSA-wv3h-x6c4-r867.json b/advisories/github-reviewed/2026/01/GHSA-wv3h-x6c4-r867/GHSA-wv3h-x6c4-r867.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-wv3h-x6c4-r867",
-  "modified": "2026-02-10T13:47:26Z",
+  "modified": "2026-02-13T20:24:37Z",
   "published": "2026-01-21T09:31:30Z",
   "aliases": [
     "CVE-2025-14559"
@@ -25,14 +25,33 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "26.5.0"
             },
             {
               "fixed": "26.5.2"
             }
           ]
         }
       ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.keycloak:keycloak-services"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "26.4.9"
+            }
+          ]
+        }
+      ]
     }
   ],
   "references": [
@@ -44,6 +63,10 @@
       "type": "WEB",
       "url": "https://github.com/keycloak/keycloak/issues/45651"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/commit/2d0aa31c4830ebaad094c3762e78b884c141e659"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/keycloak/keycloak/commit/d67349f3aa9fed5c61750619d0f9de6356aeaeff"

diff --git a/...A-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json → ...A-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json b/...A-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json → ...A-2xf7-hmf6-p64j/GHSA-2xf7-hmf6-p64j.json
@@ -1,24 +1,52 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2xf7-hmf6-p64j",
-  "modified": "2026-02-13T12:31:21Z",
+  "modified": "2026-02-13T20:55:54Z",
   "published": "2026-02-13T12:31:21Z",
   "aliases": [
     "CVE-2026-20796"
   ],
+  "summary": "Mattermost doesn't properly validate channel membership at the time of data retrieval",
   "details": "Mattermost versions 10.11.x <= 10.11.9 fail to properly validate channel membership at the time of data retrieval which allows a deactivated user to learn team names they should not have access to via a race condition in the /common_teams API endpoint.. Mattermost Advisory ID: MMSA-2025-00549",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Go",
+        "name": "github.com/mattermost/mattermost-server"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "10.11.0"
+            },
+            {
+              "fixed": "10.11.10"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 10.11.9"
+      }
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20796"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/mattermost/mattermost"
+    },
     {
       "type": "WEB",
       "url": "https://mattermost.com/security-updates"
@@ -29,8 +57,8 @@
       "CWE-367"
     ],
     "severity": "LOW",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-13T20:55:54Z",
     "nvd_published_at": "2026-02-13T11:16:10Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/02/GHSA-37gf-gmxv-74wv/GHSA-37gf-gmxv-74wv.json b/advisories/github-reviewed/2026/02/GHSA-37gf-gmxv-74wv/GHSA-37gf-gmxv-74wv.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-37gf-gmxv-74wv",
-  "modified": "2026-02-10T18:35:15Z",
+  "modified": "2026-02-13T21:49:42Z",
   "published": "2026-02-09T21:31:03Z",
   "aliases": [
     "CVE-2026-1486"
@@ -25,14 +25,33 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "26.5.0"
             },
             {
               "fixed": "26.5.3"
             }
           ]
         }
       ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.keycloak:keycloak-services"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "26.4.9"
+            }
+          ]
+        }
+      ]
     }
   ],
   "references": [
@@ -52,6 +71,10 @@
       "type": "WEB",
       "url": "https://github.com/keycloak/keycloak/commit/176dc8902ce552056d3648c4601d519afc6fb043"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/keycloak/keycloak/commit/8316e8538f0037d9f998181e73122cff93a94035"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2026:2365"

diff --git a/...A-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json → ...A-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json b/...A-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json → ...A-38c4-r59v-3vqw/GHSA-38c4-r59v-3vqw.json
@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-38c4-r59v-3vqw",
-  "modified": "2026-02-12T06:30:13Z",
+  "modified": "2026-02-13T20:04:39Z",
   "published": "2026-02-12T06:30:13Z",
   "aliases": [
     "CVE-2026-2327"
   ],
+  "summary": "markdown-it is has a Regular Expression Denial of Service (ReDoS)",
   "details": "Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /\\*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.",
   "severity": [
     {
@@ -14,10 +15,30 @@
     },
     {
       "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "npm",
+        "name": "markdown-it"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "13.0.0"
+            },
+            {
+              "fixed": "14.1.1"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "affected": [],
   "references": [
     {
       "type": "ADVISORY",
@@ -31,9 +52,13 @@
       "type": "WEB",
       "url": "https://gist.github.com/ltduc147/c9abecae1b291ede4f692f2ab988c917"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/markdown-it/markdown-it"
+    },
     {
       "type": "WEB",
-      "url": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs%23L33"
+      "url": "https://github.com/markdown-it/markdown-it/blob/14.1.0/lib/rules_inline/linkify.mjs#L33"
     },
     {
       "type": "WEB",
@@ -45,8 +70,8 @@
       "CWE-1333"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-02-13T20:04:39Z",
     "nvd_published_at": "2026-02-12T06:16:02Z"
   }
 }
diff --git a/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json b/advisories/github-reviewed/2026/02/GHSA-6426-9fv3-65x8/GHSA-6426-9fv3-65x8.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6426-9fv3-65x8",
-  "modified": "2026-02-03T19:35:57Z",
+  "modified": "2026-02-13T19:55:25Z",
   "published": "2026-02-03T15:30:24Z",
   "aliases": [
     "CVE-2026-1312"
@@ -10,8 +10,8 @@
   "details": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\n`.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Solomon Kebede for reporting this issue.",
   "severity": [
     {
-      "type": "CVSS_V4",
-      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"
     }
   ],
   "affected": [
@@ -107,7 +107,7 @@
     "cwe_ids": [
       "CWE-89"
     ],
-    "severity": "HIGH",
+    "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-03T19:35:56Z",
     "nvd_published_at": "2026-02-03T15:16:13Z"

diff --git a/advisories/github-reviewed/2026/02/GHSA-699m-4v95-rmpm/GHSA-699m-4v95-rmpm.json b/advisories/github-reviewed/2026/02/GHSA-699m-4v95-rmpm/GHSA-699m-4v95-rmpm.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-699m-4v95-rmpm",
-  "modified": "2026-02-13T16:16:04Z",
+  "modified": "2026-02-13T22:11:49Z",
   "published": "2026-02-13T16:16:04Z",
   "aliases": [
     "CVE-2026-26187"
@@ -43,6 +43,10 @@
       "type": "WEB",
       "url": "https://github.com/treeverse/lakeFS/security/advisories/GHSA-699m-4v95-rmpm"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26187"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/treeverse/lakeFS/commit/cbc106275357302a834280f133265dc39f1384ce"
@@ -63,6 +67,6 @@
     "severity": "HIGH",
     "github_reviewed": true,
     "github_reviewed_at": "2026-02-13T16:16:04Z",
-    "nvd_published_at": null
+    "nvd_published_at": "2026-02-13T19:17:29Z"
   }
 }