[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 10 09:33:43 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d309878 by Salvatore Bonaccorso at 2026-01-10T10:31:49+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46,39 +46,39 @@ CVE-2026-22690 (pypdf is a free and open-source pure-python PDF library. Prior t
 	NOTE: https://github.com/py-pdf/pypdf/pull/3594
 	NOTE: Fixed by; https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45 (6.6.0)
 CVE-2026-22689 (Mailpit is an email testing tool and API for developers. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Mailpit
 CVE-2026-22688 (WeKnora is an LLM-powered framework designed for deep document underst ...)
-	TODO: check
+	NOT-FOR-US: WeKnora
 CVE-2026-22687 (WeKnora is an LLM-powered framework designed for deep document underst ...)
-	TODO: check
+	NOT-FOR-US: WeKnora
 CVE-2026-22685 (DevToys is a desktop app for developers. In versions from 2.0.0.0 to b ...)
-	TODO: check
+	NOT-FOR-US: DevToys
 CVE-2026-22612 (Fickling is a Python pickling decompiler and static analyzer. Prior to ...)
-	TODO: check
+	NOT-FOR-US: Fickling
 CVE-2026-22611 (AWS SDK for .NET works with Amazon Web Services to help build scalable ...)
-	TODO: check
+	NOT-FOR-US: Amazon AWS SDK
 CVE-2026-22610 (Angular is a development platform for building mobile and desktop web  ...)
 	TODO: check
 CVE-2026-22609 (Fickling is a Python pickling decompiler and static analyzer. Prior to ...)
-	TODO: check
+	NOT-FOR-US: Fickling
 CVE-2026-22608 (Fickling is a Python pickling decompiler and static analyzer. Prior to ...)
-	TODO: check
+	NOT-FOR-US: Fickling
 CVE-2026-22607 (Fickling is a Python pickling decompiler and static analyzer. Fickling ...)
-	TODO: check
+	NOT-FOR-US: Fickling
 CVE-2026-22606 (Fickling is a Python pickling decompiler and static analyzer. Fickling ...)
-	TODO: check
+	NOT-FOR-US: Fickling
 CVE-2026-22605 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-22604 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-22603 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-22602 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-22601 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-22600 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-22597 (Ghost is a Node.js content management system. In versions 5.38.0 throu ...)
 	TODO: check
 CVE-2026-22596 (Ghost is a Node.js content management system. In versions 5.90.0 throu ...)
@@ -88,37 +88,37 @@ CVE-2026-22595 (Ghost is a Node.js content management system. In versions 5.121.
 CVE-2026-22594 (Ghost is a Node.js content management system. In versions 5.105.0 thro ...)
 	TODO: check
 CVE-2026-22589 (Spree is an open source e-commerce solution built with Ruby on Rails.  ...)
-	TODO: check
+	NOT-FOR-US: Spree
 CVE-2026-22584 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: Salesforce
 CVE-2026-22030 (React Router is a router for React. In @remix-run/server-runtime versi ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2026-22029 (React Router is a router for React. In @remix-run/router version prior ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2026-22027 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2026-22026 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2026-22025 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2026-22024 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2026-22023 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2026-21900 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2026-21899 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2026-21898 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2026-21897 (CryptoLib provides a software-only solution using the CCSDS Space Data ...)
-	TODO: check
+	NOT-FOR-US: NASA CryptoLib
 CVE-2026-21884 (React Router is a router for React. In @remix-run/react version prior  ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2026-0830 (Processing specially crafted workspace folder names could allow for ar ...)
 	NOT-FOR-US: Amazon
 CVE-2025-68470 (React Router is a router for React. In versions 6.0.0 through 6.30.1 a ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2025-65091 (XWiki Full Calendar Macro displays objects from the wiki on the calend ...)
 	NOT-FOR-US: XWiki
 CVE-2025-65090 (XWiki Full Calendar Macro displays objects from the wiki on the calend ...)
@@ -126,17 +126,17 @@ CVE-2025-65090 (XWiki Full Calendar Macro displays objects from the wiki on the
 CVE-2025-62487 (### Details On October 1, 2025, Palantir discovered that images upload ...)
 	NOT-FOR-US: Palantir
 CVE-2025-61686 (React Router is a router for React. In @react-router/node versions 7.0 ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2025-61676 (October is a Content Management System (CMS) and web platform. Prior t ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2025-61674 (October is a Content Management System (CMS) and web platform. Prior t ...)
-	TODO: check
+	NOT-FOR-US: October CMS
 CVE-2025-60538 (A lack of rate limiting in the login page of shiori v1.7.4 and below a ...)
-	TODO: check
+	NOT-FOR-US: shiori
 CVE-2025-59057 (React Router is a router for React. In @remix-run/react versions 1.15. ...)
-	TODO: check
+	NOT-FOR-US: React Router
 CVE-2025-51626 (SQL injection vulnerability in pss.sale.com 1.0 via the id parameter t ...)
-	TODO: check
+	NOT-FOR-US: pss.sale.com
 CVE-2025-46299 (A memory initialization issue was addressed with improved memory handl ...)
 	NOT-FOR-US: Apple
 CVE-2025-46298 (The issue was addressed with improved memory handling. This issue is f ...)
@@ -146,13 +146,13 @@ CVE-2025-46297 (A permissions issue was addressed with additional restrictions.
 CVE-2025-46286 (A logic issue was addressed with improved validation. This issue is fi ...)
 	NOT-FOR-US: Apple
 CVE-2025-15502 (A vulnerability was identified in Sangfor Operation and Maintenance Ma ...)
-	TODO: check
+	NOT-FOR-US: Sangfor Operation and Maintenance Management System
 CVE-2025-15501 (A vulnerability was determined in Sangfor Operation and Maintenance Ma ...)
-	TODO: check
+	NOT-FOR-US: Sangfor Operation and Maintenance Management System
 CVE-2025-15500 (A vulnerability was found in Sangfor Operation and Maintenance Managem ...)
-	TODO: check
+	NOT-FOR-US: Sangfor Operation and Maintenance Management System
 CVE-2025-15499 (A vulnerability has been found in Sangfor Operation and Maintenance Ma ...)
-	TODO: check
+	NOT-FOR-US: Sangfor Operation and Maintenance Management System
 CVE-2025-14948 (The miniOrange OTP Verification and SMS Notification for WooCommerce p ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-14943 (The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPre ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d3098785fdf1dd638358210eb868df301bfb9b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d3098785fdf1dd638358210eb868df301bfb9b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260110/871fea61/attachment.htm>

More information about the debian-security-tracker-commits mailing list