[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 30 Oct 2025 13:25:13 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
11e9cb50 by Salvatore Bonaccorso at 2025-10-30T21:24:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-8850 (In danny-avila/librechat version 0.7.9, there is an insecure 
API desig ...)
-       TODO: check
+       NOT-FOR-US: danny-avila/librechat
 CVE-2025-64118 (node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) 
with { s ...)
        - node-tar <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/isaacs/node-tar/security/advisories/GHSA-29xp-372q-xqph
@@ -7,25 +7,25 @@ CVE-2025-64118 (node-tar is a Tar for Node.js. In 7.5.1, 
using .t (aka .list) wi
        NOTE: Introduced with: 
https://github.com/isaacs/node-tar/commit/5330eb04bc43014f216e5c271b40d5c00d45224d
 (v7.5.1)
        NOTE: Fixed by: 
https://github.com/isaacs/node-tar/commit/5e1a8e638600d3c3a2969b4de6a6ec44fa8d74c9
 (v7.5.2)
 CVE-2025-64116 (Movary is a web application to track, rate and explore your 
movie watc ...)
-       TODO: check
+       NOT-FOR-US: Movary
 CVE-2025-64115 (Movary is a web application to track, rate and explore your 
movie watc ...)
-       TODO: check
+       NOT-FOR-US: Movary
 CVE-2025-64112 (Statmatic is a Laravel and Git powered content management 
system (CMS) ...)
-       TODO: check
+       NOT-FOR-US: Statmatic CMS
 CVE-2025-64096 (CryptoLib provides a software-only solution using the CCSDS 
Space Data ...)
-       TODO: check
+       NOT-FOR-US: NASA CryptoLib
 CVE-2025-63885 (A stored cross-site scripting (XSS) vulnerability in AIxBlock 
commit 0 ...)
-       TODO: check
+       NOT-FOR-US: AIxBlock
 CVE-2025-63608 (A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the 
Form Bu ...)
-       TODO: check
+       NOT-FOR-US: CSZ-CMS
 CVE-2025-63423 (Each Italy Wireless Mini Router WIRELESS-N 300M 
v28K.MiniRouter.201902 ...)
-       TODO: check
+       NOT-FOR-US: Each Italy Wireless Mini Router WIRELESS-N 300M
 CVE-2025-63422 (Incorrect access control in the Web management interface in 
Each Italy ...)
-       TODO: check
+       NOT-FOR-US: Each Italy Wireless Mini Router WIRELESS-N 300M
 CVE-2025-63298 (A path traversal vulnerability was identified in 
SourceCodester Pet Gr ...)
        NOT-FOR-US: SourceCodester
 CVE-2025-62795 (JumpServer is an open source bastion host and an operation and 
mainten ...)
-       TODO: check
+       NOT-FOR-US: JumpServer
 CVE-2025-62726 (n8n is an open source workflow automation platform. Prior to 
1.113.0,  ...)
        TODO: check
 CVE-2025-62712 (JumpServer is an open source bastion host and an operation and 
mainten ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11e9cb50b248b64955871b84c4bb3da1293774eb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11e9cb50b248b64955871b84c4bb3da1293774eb
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to