Skip to content

Commit 1baee1d

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-hfrj-3w3g-jv32 GHSA-ph2w-cx28-vhrq
1 parent 71f5136 commit 1baee1d

File tree

2 files changed

+60
-10
lines changed

2 files changed

+60
-10
lines changed

advisories/unreviewed/2025/09/GHSA-hfrj-3w3g-jv32/GHSA-hfrj-3w3g-jv32.json renamed to advisories/github-reviewed/2025/09/GHSA-hfrj-3w3g-jv32/GHSA-hfrj-3w3g-jv32.json

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-hfrj-3w3g-jv32",
4-
"modified": "2025-09-05T06:30:29Z",
4+
"modified": "2025-09-05T21:08:04Z",
55
"published": "2025-09-05T06:30:29Z",
66
"aliases": [
77
"CVE-2025-55037"
88
],
9+
"summary": "TkEasyGUI Vulnerable to OS Command Injection",
910
"details": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.",
1011
"severity": [
1112
{
@@ -14,15 +15,39 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "PyPI",
25+
"name": "TkEasyGUI"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"fixed": "1.0.22"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
2445
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55037"
2546
},
47+
{
48+
"type": "PACKAGE",
49+
"url": "https://github.com/kujirahand/tkeasygui-python"
50+
},
2651
{
2752
"type": "WEB",
2853
"url": "https://github.com/kujirahand/tkeasygui-python/releases/tag/v1.0.22"
@@ -37,8 +62,8 @@
3762
"CWE-78"
3863
],
3964
"severity": "CRITICAL",
40-
"github_reviewed": false,
41-
"github_reviewed_at": null,
65+
"github_reviewed": true,
66+
"github_reviewed_at": "2025-09-05T21:08:04Z",
4267
"nvd_published_at": "2025-09-05T06:15:32Z"
4368
}
4469
}

advisories/unreviewed/2025/09/GHSA-ph2w-cx28-vhrq/GHSA-ph2w-cx28-vhrq.json renamed to advisories/github-reviewed/2025/09/GHSA-ph2w-cx28-vhrq/GHSA-ph2w-cx28-vhrq.json

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-ph2w-cx28-vhrq",
4-
"modified": "2025-09-05T06:30:29Z",
4+
"modified": "2025-09-05T21:08:48Z",
55
"published": "2025-09-05T06:30:29Z",
66
"aliases": [
77
"CVE-2025-55671"
88
],
9+
"summary": "TkEasyGUI Affected by Uncontrolled Search Path Element Issue",
910
"details": "Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program.",
1011
"severity": [
1112
{
@@ -14,15 +15,39 @@
1415
},
1516
{
1617
"type": "CVSS_V4",
17-
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "PyPI",
25+
"name": "TkEasyGUI"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"fixed": "1.0.22"
36+
}
37+
]
38+
}
39+
]
1840
}
1941
],
20-
"affected": [],
2142
"references": [
2243
{
2344
"type": "ADVISORY",
2445
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55671"
2546
},
47+
{
48+
"type": "PACKAGE",
49+
"url": "https://github.com/kujirahand/tkeasygui-python"
50+
},
2651
{
2752
"type": "WEB",
2853
"url": "https://github.com/kujirahand/tkeasygui-python/releases/tag/v1.0.22"
@@ -37,8 +62,8 @@
3762
"CWE-427"
3863
],
3964
"severity": "HIGH",
40-
"github_reviewed": false,
41-
"github_reviewed_at": null,
65+
"github_reviewed": true,
66+
"github_reviewed_at": "2025-09-05T21:08:48Z",
4267
"nvd_published_at": "2025-09-05T06:15:32Z"
4368
}
4469
}

0 commit comments

Comments
 (0)