{"id":"CLEANSTART-2026-SW34937","summary":"Security fixes for CVE-2025-64756, CVE-2025-69873, CVE-2026-1525, CVE-2026-1526, CVE-2026-1527, CVE-2026-1528, CVE-2026-2229, CVE-2026-2327, CVE-2026-23745, CVE-2026-2391, CVE-2026-24842, CVE-2026-25128, CVE-2026-25547, CVE-2026-2581, CVE-2026-25896, CVE-2026-26278, CVE-2026-26960, CVE-2026-27601, CVE-2026-27903, CVE-2026-27904, CVE-2026-27942, CVE-2026-28292, CVE-2026-29786, CVE-2026-31802, CVE-2026-32141, CVE-2026-33036, ghsa-23c5-xmqv-rm74, ghsa-25h7-pfq9-p65f, ghsa-2g4f-4pwh-qvx6, ghsa-2mjp-6q6p-2qxm, ghsa-34x7-hfp2-rc4v, ghsa-37qj-frw5-hhjh, ghsa-38c4-r59v-3vqw, ghsa-3ppc-4f35-3m26, ghsa-4992-7rv2-5pvq, ghsa-5j98-mcp5-4vw2, ghsa-73rr-hh4g-fpgx, ghsa-7h2j-956f-4vf2, ghsa-7r86-cg39-jmmj, ghsa-83g3-92jg-28cx, ghsa-8gc5-j5rx-235r, ghsa-8qq5-rm4j-mr97, ghsa-8wc6-vgrq-x6cf, ghsa-9ppj-qmqm-q256, ghsa-f269-vfmq-vjvj, ghsa-fj3w-jwp8-x2g3, ghsa-jmr7-xgp7-cmfj, ghsa-m7jm-9gc2-mpf2, ghsa-phc3-fgpg-7m6h, ghsa-qffp-2rhf-9h96, ghsa-qpx9-hpmf-5gmw, ghsa-r275-fr43-pm7q, ghsa-r6q2-hw4h-h46w, ghsa-v9p9-hfj2-hcw8, ghsa-vrm6-8vpv-qv8q, ghsa-w7fw-mjwx-w883 applied in versions: 43.4.4-r0","details":"Multiple security vulnerabilities affect the renovate package. These issues are resolved in later releases. See references for individual vulnerability details.","modified":"2026-05-18T18:45:20.296777Z","published":"2026-04-01T09:43:38.907490Z","upstream":["CVE-2025-64756","CVE-2025-69873","CVE-2026-1525","CVE-2026-1526","CVE-2026-1527","CVE-2026-1528","CVE-2026-2229","CVE-2026-2327","CVE-2026-23745","CVE-2026-2391","CVE-2026-24842","CVE-2026-25128","CVE-2026-25547","CVE-2026-2581","CVE-2026-25896","CVE-2026-26278","CVE-2026-26960","CVE-2026-27601","CVE-2026-27903","CVE-2026-27904","CVE-2026-27942","CVE-2026-28292","CVE-2026-29786","CVE-2026-31802","CVE-2026-32141","CVE-2026-33036","ghsa-23c5-xmqv-rm74","ghsa-25h7-pfq9-p65f","ghsa-2g4f-4pwh-qvx6","ghsa-2mjp-6q6p-2qxm","ghsa-34x7-hfp2-rc4v","ghsa-37qj-frw5-hhjh","ghsa-38c4-r59v-3vqw","ghsa-3ppc-4f35-3m26","ghsa-4992-7rv2-5pvq","ghsa-5j98-mcp5-4vw2","ghsa-73rr-hh4g-fpgx","ghsa-7h2j-956f-4vf2","ghsa-7r86-cg39-jmmj","ghsa-83g3-92jg-28cx","ghsa-8gc5-j5rx-235r","ghsa-8qq5-rm4j-mr97","ghsa-8wc6-vgrq-x6cf","ghsa-9ppj-qmqm-q256","ghsa-f269-vfmq-vjvj","ghsa-fj3w-jwp8-x2g3","ghsa-jmr7-xgp7-cmfj","ghsa-m7jm-9gc2-mpf2","ghsa-phc3-fgpg-7m6h","ghsa-qffp-2rhf-9h96","ghsa-qpx9-hpmf-5gmw","ghsa-r275-fr43-pm7q","ghsa-r6q2-hw4h-h46w","ghsa-v9p9-hfj2-hcw8","ghsa-vrm6-8vpv-qv8q","ghsa-w7fw-mjwx-w883"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SW34937.json"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2025-64756"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2025-69873"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-1525"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-1526"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-1527"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-1528"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-2229"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-2327"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-23745"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-2391"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-24842"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-25128"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-25547"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-2581"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-25896"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-26278"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-26960"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-27601"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-27903"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-27904"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-27942"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-28292"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-29786"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-31802"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-32141"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2026-33036"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-23c5-xmqv-rm74"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-25h7-pfq9-p65f"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-2g4f-4pwh-qvx6"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-2mjp-6q6p-2qxm"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-34x7-hfp2-rc4v"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-37qj-frw5-hhjh"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-38c4-r59v-3vqw"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-3ppc-4f35-3m26"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-4992-7rv2-5pvq"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-5j98-mcp5-4vw2"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-73rr-hh4g-fpgx"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-7h2j-956f-4vf2"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-7r86-cg39-jmmj"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-83g3-92jg-28cx"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-8gc5-j5rx-235r"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-8qq5-rm4j-mr97"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-8wc6-vgrq-x6cf"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-9ppj-qmqm-q256"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-f269-vfmq-vjvj"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-fj3w-jwp8-x2g3"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-jmr7-xgp7-cmfj"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-m7jm-9gc2-mpf2"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-phc3-fgpg-7m6h"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-qffp-2rhf-9h96"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-qpx9-hpmf-5gmw"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-r275-fr43-pm7q"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-r6q2-hw4h-h46w"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-v9p9-hfj2-hcw8"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-vrm6-8vpv-qv8q"},{"type":"WEB","url":"https://osv.dev/vulnerability/ghsa-w7fw-mjwx-w883"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-64756"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69873"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1525"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1526"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1527"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1528"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2229"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2327"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23745"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2391"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24842"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25128"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25547"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2581"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25896"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26278"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26960"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27601"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27903"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27904"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27942"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28292"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29786"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31802"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32141"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33036"}],"affected":[{"package":{"name":"renovate","ecosystem":"CleanStart"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"43.4.4-r0"}]}],"database_specific":{"source":"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-SW34937.json"}}],"schema_version":"1.7.5"}