From 80d16141c88e9ffffbadd7d0fd470d14f507beee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=F0=9F=8E=96=EF=B8=8FDigital=20Warrior=F0=9F=8E=96?=
 =?UTF-8?q?=EF=B8=8F?= <236178676+asrar-mared@users.noreply.github.com>
Date: Wed, 11 Feb 2026 08:26:31 +0400
Subject: [PATCH 1/2] Improve GHSA-m7xq-9374-9rvx

---
 .../2024/12/GHSA-m7xq-9374-9rvx/GHSA-m7xq-9374-9rvx.json    | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/advisories/github-reviewed/2024/12/GHSA-m7xq-9374-9rvx/GHSA-m7xq-9374-9rvx.json b/advisories/github-reviewed/2024/12/GHSA-m7xq-9374-9rvx/GHSA-m7xq-9374-9rvx.json
index df342fd18cdbe..bf982e49686a2 100644
--- a/advisories/github-reviewed/2024/12/GHSA-m7xq-9374-9rvx/GHSA-m7xq-9374-9rvx.json
+++ b/advisories/github-reviewed/2024/12/GHSA-m7xq-9374-9rvx/GHSA-m7xq-9374-9rvx.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-m7xq-9374-9rvx",
-  "modified": "2026-02-04T22:47:45Z",
+  "modified": "2026-02-04T22:47:46Z",
   "published": "2024-12-02T21:31:20Z",
   "aliases": [
     "CVE-2024-53900"
@@ -9,10 +9,6 @@
   "summary": "Mongoose search injection vulnerability",
   "details": "Mongoose versions prior to 8.8.3, 7.8.3, 6.13.5, and 5.13.23 are vulnerable to improper use of the $where operator. This vulnerability arises from the ability of the $where clause to execute arbitrary JavaScript code in MongoDB queries, potentially leading to code injection attacks and unauthorized access or manipulation of database data.",
   "severity": [
-    {
-      "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
-    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"

From 09d943a00386ba8c007201d45d6eb46bc02900df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=F0=9F=8E=96=EF=B8=8FDigital=20Warrior=F0=9F=8E=96?=
 =?UTF-8?q?=EF=B8=8F?= <236178676+asrar-mared@users.noreply.github.com>
Date: Wed, 11 Feb 2026 08:32:34 +0400
Subject: [PATCH 2/2] Improve GHSA-m7xq-9374-9rvx