diff --git a/advisories/github-reviewed/2026/03/GHSA-8gc5-j5rx-235r/GHSA-8gc5-j5rx-235r.json b/advisories/github-reviewed/2026/03/GHSA-8gc5-j5rx-235r/GHSA-8gc5-j5rx-235r.json index eac1d921928cf..419126d3fa85c 100644 --- a/advisories/github-reviewed/2026/03/GHSA-8gc5-j5rx-235r/GHSA-8gc5-j5rx-235r.json +++ b/advisories/github-reviewed/2026/03/GHSA-8gc5-j5rx-235r/GHSA-8gc5-j5rx-235r.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-8gc5-j5rx-235r", - "modified": "2026-03-20T21:22:15Z", + "modified": "2026-03-20T21:22:16Z", "published": "2026-03-17T19:45:41Z", "aliases": [ "CVE-2026-33036" @@ -25,7 +25,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "4.0.0-beta.3" + "introduced": "5.0.0" }, { "fixed": "5.5.6" @@ -36,6 +36,28 @@ "database_specific": { "last_known_affected_version_range": "<= 5.5.5" } + }, + { + "package": { + "ecosystem": "npm", + "name": "fast-xml-parser" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.0.0-beta.3" + }, + { + "fixed": "4.5.5" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 4.5.4" + } } ], "references": [ @@ -47,6 +69,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33036" }, + { + "type": "WEB", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/issues/807" + }, { "type": "WEB", "url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/bd26122c838e6a55e7d7ac49b4ccc01a49999a01" @@ -55,6 +81,10 @@ "type": "PACKAGE", "url": "https://github.com/NaturalIntelligence/fast-xml-parser" }, + { + "type": "WEB", + "url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v4.5.5" + }, { "type": "WEB", "url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.5.6"