[Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 29 21:05:41 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ea3244e by Salvatore Bonaccorso at 2026-05-29T22:05:26+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -199,11 +199,11 @@ CVE-2026-45555 (Roslyn CodeLens MCP Server is a Roslyn-based MCP server providin
CVE-2026-45551 (Group-Office is an enterprise customer relationship management and gro ...)
NOT-FOR-US: Group-Office
CVE-2026-45312 (RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. ...)
- TODO: check
+ NOT-FOR-US: RAGFlow
CVE-2026-45043 (RustFS is a distributed object storage system built in Rust. Prior to ...)
- TODO: check
+ NOT-FOR-US: RustFS
CVE-2026-44962 (Plesk contains an XPath injection vulnerability in the APS Application ...)
- TODO: check
+ NOT-FOR-US: Plesk
CVE-2026-44698 (Home Assistant is open source home automation software that puts local ...)
TODO: check
CVE-2026-44697 (Klever-Go is the Go implementation of the Klever blockchain protocol. ...)
@@ -961,9 +961,9 @@ CVE-2026-45410 (TREK is a collaborative travel planner. Prior to 3.0.18, early r
CVE-2026-45403 (AnythingLLM is an application that turns pieces of content into contex ...)
NOT-FOR-US: AnythingLLM
CVE-2026-45366 (typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2 ...)
- TODO: check
+ NOT-FOR-US: typescript-utcp
CVE-2026-45364 (Better Auth is an authentication and authorization library for TypeScr ...)
- TODO: check
+ NOT-FOR-US: Better Auth
CVE-2026-45344 (LinkAce is a self-hosted archive to collect website links. Prior to 2. ...)
NOT-FOR-US: LinkAce
CVE-2026-45343 (LinkAce is a self-hosted archive to collect website links. Prior to 2. ...)
@@ -1366,7 +1366,7 @@ CVE-2026-45297 (OpenReplay is a self-hosted session replay suite. Prior to 1.26.
CVE-2026-45296 (OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, Ope ...)
NOT-FOR-US: OpenReplay
CVE-2026-45292 (opentelemetry-java is the Java implementation of the OpenTelemetry API ...)
- TODO: check
+ NOT-FOR-US: opentelemetry-java
CVE-2026-45261 (GitButler is a modern Git-based version control interface for AI-power ...)
NOT-FOR-US: GitButler
CVE-2026-45078 (Synapse is an open source Matrix homeserver implementation. Prior to 1 ...)
@@ -1390,7 +1390,7 @@ CVE-2026-45039 (RustFS is a distributed object storage system built in Rust. Pri
CVE-2026-45021 (Kuma is a modern Envoy-based service mesh that can run on every cloud ...)
NOT-FOR-US: Kuma
CVE-2026-45017 (Python Liquid is a Python engine for the Liquid template language. Pri ...)
- TODO: check
+ NOT-FOR-US: Python Liquid
CVE-2026-44798 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
TODO: check
CVE-2026-44797 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
@@ -2244,7 +2244,7 @@ CVE-2026-46402 (Microsoft UFO open-source framework for intelligent automation a
CVE-2026-45322 (Microsoft UFO open-source framework for intelligent automation across ...)
NOT-FOR-US: Microsoft UFO
CVE-2026-45152 (uniget is a universal installer and updater for (container) tools. Pri ...)
- TODO: check
+ NOT-FOR-US: uniget
CVE-2026-45136 (claude-code-cache-fix is a cache optimization proxy for Claude Code. F ...)
NOT-FOR-US: claude-code-cache-fix
CVE-2026-45134 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...)
@@ -2256,13 +2256,13 @@ CVE-2026-45104 (MapServer is a system for developing web-based GIS applications.
CVE-2026-45102 (OneUptime is an open-source monitoring and observability platform. Pri ...)
NOT-FOR-US: OneUptime
CVE-2026-45083 (The Goobi viewer is a web application that allows digitised material t ...)
- TODO: check
+ NOT-FOR-US: Goobi viewer
CVE-2026-44888 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...)
- TODO: check
+ NOT-FOR-US: Pi.Alert
CVE-2026-44887 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...)
- TODO: check
+ NOT-FOR-US: Pi.Alert
CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...)
- TODO: check
+ NOT-FOR-US: Pi.Alert
CVE-2026-44724 (systeminformation is a System and OS information library for node.js. ...)
TODO: check
CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and assessment pl ...)
@@ -2574,9 +2574,9 @@ CVE-2026-45081 (Frappe HR is an open-source human resources management solution
CVE-2026-45061 (Budibase is an open-source low-code platform. Prior to 3.35.10, the Pl ...)
NOT-FOR-US: Budibase
CVE-2026-45047 (bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandl ...)
- TODO: check
+ NOT-FOR-US: bird-lg-go
CVE-2026-45046 (Gryph provides a security layer for AI coding agents. Prior to 0.7.0, ...)
- TODO: check
+ NOT-FOR-US: Gryph
CVE-2026-45027 (WeGIA is a web manager for charitable institutions. In versions prior ...)
NOT-FOR-US: WeGIA
CVE-2026-45022 (go-git is an extensible git implementation library written in pure Go. ...)
@@ -2591,7 +2591,7 @@ CVE-2026-44972 (GuardDog is a CLI tool to identify malicious PyPI packages. From
CVE-2026-44971 (GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 ...)
NOT-FOR-US: GuardDog
CVE-2026-44902 (opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.21 ...)
- TODO: check
+ NOT-FOR-US: opentelemetry-js
CVE-2026-44839 (RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1 ...)
TODO: check
CVE-2026-44838 (RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2 ...)
@@ -4665,7 +4665,7 @@ CVE-2026-44985 (Dozzle is a realtime log viewer for docker containers. Prior to
CVE-2026-44983 (smallbitvec is a growable bit-vector for Rust, optimized for size. Fro ...)
TODO: check
CVE-2026-44966 (Velocity.js is a JavaScript implementation of the Apache Velocity temp ...)
- TODO: check
+ NOT-FOR-US: Velocity.js
CVE-2026-44905 (Vanetza is an open-source implementation of the ETSI C-ITS protocol su ...)
NOT-FOR-US: Vanetza
CVE-2026-44903 (Prometheus is an open-source monitoring system and time series databas ...)
@@ -4681,13 +4681,13 @@ CVE-2026-44897 (Mistune is a Python Markdown parser with renderers and plugins.
CVE-2026-44896 (Mistune is a Python Markdown parser with renderers and plugins. In 3.2 ...)
TODO: check
CVE-2026-44895 (GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0 ...)
- TODO: check
+ NOT-FOR-US: GitLab MCP Server
CVE-2026-44847 (MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, M ...)
NOT-FOR-US: MaxKB
CVE-2026-44844 (eml_parser serves as a python module for parsing eml files and returni ...)
- TODO: check
+ NOT-FOR-US: eml_parser Python module
CVE-2026-44843 (LangChain is a framework for building agents and LLM-powered applicati ...)
- TODO: check
+ NOT-FOR-US: LangChain
CVE-2026-44837 (view_component is a framework for building reusable, testable, and enc ...)
TODO: check
CVE-2026-44836 (view_component is a framework for building reusable, testable, and enc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea3244e212feafcdb8b249d6dc23acec6ee3ad9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea3244e212feafcdb8b249d6dc23acec6ee3ad9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/e4c0f6cb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list