From 62043fc9751648ef3387a025601cfaadf410dd9a Mon Sep 17 00:00:00 2001
From: Julian Ladisch <julianladisch@users.noreply.github.com>
Date: Thu, 30 Apr 2026 13:39:42 +0200
Subject: [PATCH] Improve GHSA-qmq6-f8pr-cx5x

---
 .../2026/04/GHSA-qmq6-f8pr-cx5x/GHSA-qmq6-f8pr-cx5x.json | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/advisories/unreviewed/2026/04/GHSA-qmq6-f8pr-cx5x/GHSA-qmq6-f8pr-cx5x.json b/advisories/unreviewed/2026/04/GHSA-qmq6-f8pr-cx5x/GHSA-qmq6-f8pr-cx5x.json
index 793c0476c0c81..69e580f402511 100644
--- a/advisories/unreviewed/2026/04/GHSA-qmq6-f8pr-cx5x/GHSA-qmq6-f8pr-cx5x.json
+++ b/advisories/unreviewed/2026/04/GHSA-qmq6-f8pr-cx5x/GHSA-qmq6-f8pr-cx5x.json
@@ -2,11 +2,12 @@
   "schema_version": "1.4.0",
   "id": "GHSA-qmq6-f8pr-cx5x",
   "modified": "2026-04-23T06:30:22Z",
-  "published": "2026-04-23T06:30:22Z",
+  "published": "2026-04-23T06:30:23Z",
   "aliases": [
+    "CVE-2026-41907",
     "CVE-2026-41988"
   ],
-  "details": "uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.",
+  "details": "CVE-2026-41988 and GHSA-qmq6-f8pr-cx5x are duplicates. Use CVE-2026-41907 and GHSA-w5hq-g745-h8pq instead.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -19,6 +20,10 @@
       "type": "WEB",
       "url": "https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq"
     },
+    {
+      "type": "ADVISORY",
+      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41907"
+    },
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41988"