[automatic] Publish 5 advisories for 4 packages

[jlsec-bot]

This action searched recent NVD/EUVD changes/publications, checking 311 (+2) advisories from NVD and 246 (+212) from EUVD for advisories that pertain here. It identified 5 advisories as being related to the Julia package(s): OpenCV_jll, iperf_jll, libssh_jll, and Expat_jll.

1 advisories failed to parse the source version range

These advisories seem to apply to a Julia package but had trouble identifying exactly how and at which versions.

• CVE-2025-5318 for packages: libssh_jll
  • libssh_jll computed ["*"]. Its latest version (0.11.1+0) has components: {libssh = "0.11.1"}
    • libssh:libssh at `` failed to parse

3 advisories apply to all registered versions of a package

These advisories had no obvious failures but computed a range without bounds.

• CVE-2025-54349 for packages: iperf_jll
  • iperf_jll computed ["*"]. Its latest version (3.7.0+0) has components: {iperf3 = "3.7"}
    • es:iperf3 at >= 3.2, < 3.19.1 includes all versions
• CVE-2025-54350 for packages: iperf_jll
  • iperf_jll computed ["*"]. Its latest version (3.7.0+0) has components: {iperf3 = "3.7"}
    • es:iperf3 at >= 3.2, < 3.19.1 includes all versions
• CVE-2025-59375 for packages: Expat_jll
  • Expat_jll computed ["*"]. Its latest version (2.7.1+0) has components: {expat = "2.7.1"}
    • libexpat_project:libexpat at < 2.7.2 includes all versions

1 advisories apply to the latest version of a package and do not have a patch

• CVE-2025-53644 for packages: OpenCV_jll
  • OpenCV_jll computed [">= 4.10.0+0"]. Its latest version (4.10.0+0) has components: {opencv = "4.10.0"}
    • opencv:opencv at >= 4.10.0, < 4.12.0 mapped to [>= 4.10.0+0], includes the latest version`