From f1c5bbde63c6a334eeda1a9924ba57e196c1cc34 Mon Sep 17 00:00:00 2001
From: tockn <tockn.jp@gmail.com>
Date: Thu, 4 Dec 2025 17:59:36 +0900
Subject: [PATCH 1/2] add alias CVE-2025-55182 to GHSA-9qr9-h5gf-34mp

---
 .../2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json     | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json b/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json
index 0818c5ee6b17b..ca028041bad03 100644
--- a/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json
+++ b/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json
@@ -1,10 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9qr9-h5gf-34mp",
-  "modified": "2025-12-03T19:07:11Z",
+  "modified": "2025-12-04T08:53:18Z",
   "published": "2025-12-03T19:07:11Z",
   "aliases": [
-    "CVE-2025-66478"
+    "CVE-2025-66478",
+    "CVE-2025-55182"
   ],
   "summary": "Next.js is vulnerable to RCE in React flight protocol",
   "details": "A vulnerability affects certain React packages<sup>1</sup> for versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 and frameworks that use the affected packages, including Next.js 15.x and 16.x using the App Router. The issue is tracked upstream as [CVE-2025-55182](https://www.cve.org/CVERecord?id=CVE-2025-55182). \n\nFixed in:\nReact: 19.0.1, 19.1.2, 19.2.1\nNext.js: 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, 16.0.7\n\nThe vulnerability also affects experimental canary releases starting with 14.3.0-canary.77. Users on any of the 14.3 canary builds should either downgrade to a 14.x stable release or 14.3.0-canary.76.\n\nAll users of stable 15.x or 16.x Next.js versions should upgrade to a patched, stable version immediately.\n\n<sup>1</sup> The affected React packages are:\n- react-server-dom-parcel\n- react-server-dom-turbopack\n- react-server-dom-webpack",

From 3658efac5fd36782a2c5e09caf336ec0d67f449e Mon Sep 17 00:00:00 2001
From: tockn <tockn.jp@gmail.com>
Date: Mon, 8 Dec 2025 19:38:32 +0900
Subject: [PATCH 2/2] :white_check_mark: revert modified at

---
 .../2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json b/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json
index ca028041bad03..a3c44c14f03ce 100644
--- a/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json
+++ b/advisories/github-reviewed/2025/12/GHSA-9qr9-h5gf-34mp/GHSA-9qr9-h5gf-34mp.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9qr9-h5gf-34mp",
-  "modified": "2025-12-04T08:53:18Z",
+  "modified": "2025-12-03T19:07:11Z",
   "published": "2025-12-03T19:07:11Z",
   "aliases": [
     "CVE-2025-66478",