Publish Advisories

GHSA-36m7-49vh-x3qh
GHSA-39xw-9qh5-7xj4
GHSA-gxx6-2vwg-3gc3
GHSA-296w-48hc-3xvf
GHSA-2hpj-h2fj-2jg5
GHSA-6gcc-j9m6-4752
GHSA-75qg-6cmg-3h9p
GHSA-8w5g-hw8f-fqqg
GHSA-c3wc-2h7r-75f9
GHSA-cqhw-vpw6-ww5x
GHSA-cxjw-p2qh-7hv8
GHSA-f762-3chp-r6jr
GHSA-g28f-6ppf-f23m
GHSA-gqmf-q62p-q4q6
GHSA-j2qh-793j-f8hc
GHSA-jv4p-cjwp-g497
GHSA-mr52-49cx-qrr8
GHSA-qx93-pqj3-crqc
GHSA-v5fp-5xmq-m2x6
GHSA-vxmw-hcjw-h6q2
GHSA-wxxf-gjw8-32x8
GHSA-xj8w-vw8m-px5f

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-36m7-49vh-x3qh/GHSA-36m7-49vh-x3qh.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-36m7-49vh-x3qh",
-  "modified": "2026-03-27T18:31:25Z",
+  "modified": "2026-05-12T03:31:26Z",
   "published": "2026-03-27T15:30:25Z",
   "aliases": [
     "CVE-2026-32859"

advisories/unreviewed/2026/03/GHSA-39xw-9qh5-7xj4/GHSA-39xw-9qh5-7xj4.json

@@ -37,7 +37,9 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-552"
+    ],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,

advisories/unreviewed/2026/04/GHSA-gxx6-2vwg-3gc3/GHSA-gxx6-2vwg-3gc3.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gxx6-2vwg-3gc3",
-  "modified": "2026-04-02T21:32:52Z",
+  "modified": "2026-05-12T03:31:26Z",
   "published": "2026-04-01T15:31:15Z",
   "aliases": [
     "CVE-2026-34430"

advisories/unreviewed/2026/05/GHSA-296w-48hc-3xvf/GHSA-296w-48hc-3xvf.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-296w-48hc-3xvf",
+  "modified": "2026-05-12T03:31:27Z",
+  "published": "2026-05-12T03:31:27Z",
+  "aliases": [
+    "CVE-2026-40136"
+  ],
+  "details": "SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity of the data",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40136"
+    },
+    {
+      "type": "WEB",
+      "url": "https://me.sap.com/notes/3713521"
+    },
+    {
+      "type": "WEB",
+      "url": "https://url.sap/sapsecuritypatchday"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-404"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-12T03:16:12Z"
+  }
+}

advisories/unreviewed/2026/05/GHSA-2hpj-h2fj-2jg5/GHSA-2hpj-h2fj-2jg5.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2hpj-h2fj-2jg5",
+  "modified": "2026-05-12T03:31:26Z",
+  "published": "2026-05-12T03:31:26Z",
+  "aliases": [
+    "CVE-2026-45393"
+  ],
+  "details": "Reserved. Details will be published at disclosure.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45393"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.cribl.io/edge/release-notes/release-v4171#security-fixes"
+    },
+    {
+      "type": "WEB",
+      "url": "https://trust.cribl.io/notifications"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-12T02:16:13Z"
+  }
+}

advisories/unreviewed/2026/05/GHSA-6gcc-j9m6-4752/GHSA-6gcc-j9m6-4752.json

@@ -0,0 +1,33 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6gcc-j9m6-4752",
+  "modified": "2026-05-12T03:31:26Z",
+  "published": "2026-05-12T03:31:26Z",
+  "aliases": [
+    "CVE-2026-45392"
+  ],
+  "details": "Reserved. Details will be published at disclosure.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45392"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.cribl.io/stream/release-notes/release-v4171#security-fixes"
+    },
+    {
+      "type": "WEB",
+      "url": "https://trust.cribl.io/notifications"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-12T02:16:13Z"
+  }
+}

advisories/unreviewed/2026/05/GHSA-75qg-6cmg-3h9p/GHSA-75qg-6cmg-3h9p.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-75qg-6cmg-3h9p",
+  "modified": "2026-05-12T03:31:27Z",
+  "published": "2026-05-12T03:31:27Z",
+  "aliases": [
+    "CVE-2026-40131"
+  ],
+  "details": "SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting confidentiality and availability of the application. There is no impact on integrity.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40131"
+    },
+    {
+      "type": "WEB",
+      "url": "https://me.sap.com/notes/3726962"
+    },
+    {
+      "type": "WEB",
+      "url": "https://url.sap/sapsecuritypatchday"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-12T03:16:11Z"
+  }
+}

advisories/unreviewed/2026/05/GHSA-8w5g-hw8f-fqqg/GHSA-8w5g-hw8f-fqqg.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8w5g-hw8f-fqqg",
+  "modified": "2026-05-12T03:31:27Z",
+  "published": "2026-05-12T03:31:27Z",
+  "aliases": [
+    "CVE-2026-40135"
+  ],
+  "details": "An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This allows the execution of unintended OS commands without detection, potentially impacting the integrity and availability of the application, with no impact on confidentiality.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40135"
+    },
+    {
+      "type": "WEB",
+      "url": "https://me.sap.com/notes/3730019"
+    },
+    {
+      "type": "WEB",
+      "url": "https://url.sap/sapsecuritypatchday"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-12T03:16:12Z"
+  }
+}

advisories/unreviewed/2026/05/GHSA-c3wc-2h7r-75f9/GHSA-c3wc-2h7r-75f9.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c3wc-2h7r-75f9",
+  "modified": "2026-05-12T03:31:26Z",
+  "published": "2026-05-12T03:31:26Z",
+  "aliases": [
+    "CVE-2026-0502"
+  ],
+  "details": "Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiality of the data.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0502"
+    },
+    {
+      "type": "WEB",
+      "url": "https://me.sap.com/notes/3667593"
+    },
+    {
+      "type": "WEB",
+      "url": "https://url.sap/sapsecuritypatchday"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-352"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-12T03:16:10Z"
+  }
+}

advisories/unreviewed/2026/05/GHSA-cqhw-vpw6-ww5x/GHSA-cqhw-vpw6-ww5x.json

@@ -0,0 +1,40 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cqhw-vpw6-ww5x",
+  "modified": "2026-05-12T03:31:26Z",
+  "published": "2026-05-12T03:31:26Z",
+  "aliases": [
+    "CVE-2026-34259"
+  ],
+  "details": "Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modify any system data or shut down the system, resulting in a complete compromise of confidentiality, integrity, and availability.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34259"
+    },
+    {
+      "type": "WEB",
+      "url": "https://me.sap.com/notes/3732471"
+    },
+    {
+      "type": "WEB",
+      "url": "https://url.sap/sapsecuritypatchday"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-77"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-05-12T03:16:11Z"
+  }
+}