From 65a76446ab04f963a9ba5a69662da015df52f832 Mon Sep 17 00:00:00 2001
From: Philippe Ombredanne <pombredanne@nexb.com>
Date: Fri, 9 Aug 2024 16:46:35 +0200
Subject: [PATCH 1/3] Add test for importer crash #1541

Reference: https://github.com/nexB/vulnerablecode/issues/1541
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
---
 vulnerabilities/tests/test_import_runner.py | 60 +++++++++++++++++++++
 1 file changed, 60 insertions(+)

diff --git a/vulnerabilities/tests/test_import_runner.py b/vulnerabilities/tests/test_import_runner.py
index 6aa28f810..123011266 100644
--- a/vulnerabilities/tests/test_import_runner.py
+++ b/vulnerabilities/tests/test_import_runner.py
@@ -107,6 +107,66 @@ def test_process_advisories_idempotency_with_different_importer_names():
     assert advisory_datas == ADVISORY_DATAS
 
 
+@pytest.mark.django_db(transaction=True)
+def test_process_advisories_can_import_advisories_with_severities_and_no_date():
+    # was failing with " django.core.exceptions.ValidationError: ['“None” value has an invalid format.
+    # It must be in YYYY-MM-DD HH:MM[:ss[.uuuuuu]][TZ] format.']"
+
+    advisory = {
+        "aliases": ["CVE-2024-31079"],
+        "summary": "Stack overflow and use-after-free in HTTP/3",
+        "affected_packages": [
+            {
+                "package": {
+                    "type": "nginx",
+                    "namespace": "",
+                    "name": "nginx",
+                    "version": "",
+                    "qualifiers": "",
+                    "subpath": "",
+                },
+                "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0",
+                "fixed_version": "1.27.0",
+            },
+            {
+                "package": {
+                    "type": "nginx",
+                    "namespace": "",
+                    "name": "nginx",
+                    "version": "",
+                    "qualifiers": "",
+                    "subpath": "",
+                },
+                "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0",
+                "fixed_version": "1.26.1",
+            },
+        ],
+        "references": [
+            {
+                "reference_id": "",
+                "reference_type": "",
+                "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html",
+                "severities": [
+                    {"system": "generic_textual", "value": "medium", "scoring_elements": ""}
+                ],
+            },
+            {
+                "reference_id": "CVE-2024-31079",
+                "reference_type": "",
+                "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31079",
+                "severities": [],
+            },
+        ],
+        "date_published": None,
+        "weaknesses": [],
+        "url": "https://nginx.org/en/security_advisories.html",
+    }
+    ad = AdvisoryData.from_dict(advisory)
+    ImportRunner(DummyImporter).process_advisories([ad], "test_importer_date")
+    advisory_aliases = list(models.Advisory.objects.all().values("aliases"))
+    assert advisory_aliases == [{"aliases": ["CVE-2024-31079"]}]
+
+
 def test_advisory_summary_clean_up():
     adv = AdvisoryData(
         summary="The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\x00' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority."

From da723ea1ee3b15022998a6159ac60faf377c5480 Mon Sep 17 00:00:00 2001
From: Philippe Ombredanne <pombredanne@nexb.com>
Date: Fri, 9 Aug 2024 16:52:27 +0200
Subject: [PATCH 2/3] Add test for nginx importer crash #1541

Use the latest date file from nginx

Reference: https://github.com/nexB/vulnerablecode/issues/1541
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
---
 ...ity_advisories-advisory_data-expected.json | 816 +++++++++++++-----
 ...security_advisories-importer-expected.json | 516 ++++++++++-
 .../test_data/nginx/security_advisories.html  | 102 ++-
 .../nginx/security_advisories.html.ABOUT      |   2 +
 4 files changed, 1151 insertions(+), 285 deletions(-)
 create mode 100644 vulnerabilities/tests/test_data/nginx/security_advisories.html.ABOUT

diff --git a/vulnerabilities/tests/test_data/nginx/security_advisories-advisory_data-expected.json b/vulnerabilities/tests/test_data/nginx/security_advisories-advisory_data-expected.json
index 5b592e367..cf5d8f26d 100644
--- a/vulnerabilities/tests/test_data/nginx/security_advisories-advisory_data-expected.json
+++ b/vulnerabilities/tests/test_data/nginx/security_advisories-advisory_data-expected.json
@@ -1,4 +1,432 @@
 [
+  {
+    "aliases": [
+      "CVE-2024-32760"
+    ],
+    "summary": "Buffer overwrite in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0",
+        "fixed_version": "1.27.0"
+      },
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0",
+        "fixed_version": "1.26.1"
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "CVE-2024-32760",
+        "reference_type": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32760",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": [],
+    "url": "https://nginx.org/en/security_advisories.html"
+  },
+  {
+    "aliases": [
+      "CVE-2024-31079"
+    ],
+    "summary": "Stack overflow and use-after-free in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0",
+        "fixed_version": "1.27.0"
+      },
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0",
+        "fixed_version": "1.26.1"
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "CVE-2024-31079",
+        "reference_type": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31079",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": [],
+    "url": "https://nginx.org/en/security_advisories.html"
+  },
+  {
+    "aliases": [
+      "CVE-2024-35200"
+    ],
+    "summary": "NULL pointer dereference in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0",
+        "fixed_version": "1.27.0"
+      },
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0",
+        "fixed_version": "1.26.1"
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "CVE-2024-35200",
+        "reference_type": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35200",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": [],
+    "url": "https://nginx.org/en/security_advisories.html"
+  },
+  {
+    "aliases": [
+      "CVE-2024-34161"
+    ],
+    "summary": "Memory disclosure in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0",
+        "fixed_version": "1.27.0"
+      },
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0",
+        "fixed_version": "1.26.1"
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "CVE-2024-34161",
+        "reference_type": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34161",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": [],
+    "url": "https://nginx.org/en/security_advisories.html"
+  },
+  {
+    "aliases": [
+      "CVE-2024-24989"
+    ],
+    "summary": "NULL pointer dereference in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/1.25.3",
+        "fixed_version": "1.25.4"
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2024-24989",
+        "reference_type": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24989",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": [],
+    "url": "https://nginx.org/en/security_advisories.html"
+  },
+  {
+    "aliases": [
+      "CVE-2024-24990"
+    ],
+    "summary": "Use-after-free in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.3",
+        "fixed_version": "1.25.4"
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html",
+        "severities": []
+      },
+      {
+        "reference_id": "CVE-2024-24990",
+        "reference_type": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24990",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": [],
+    "url": "https://nginx.org/en/security_advisories.html"
+  },
+  {
+    "aliases": [
+      "CVE-2022-41741"
+    ],
+    "summary": "Memory corruption in the ngx_http_mp4_module",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.0.7|<=1.0.15|>=1.1.3|<=1.23.1",
+        "fixed_version": "1.23.2"
+      },
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.0.7|<=1.0.15|>=1.1.3|<=1.23.1",
+        "fixed_version": "1.22.1"
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "CVE-2022-41741",
+        "reference_type": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41741",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://nginx.org/download/patch.2022.mp4.txt",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://nginx.org/download/patch.2022.mp4.txt.asc",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": [],
+    "url": "https://nginx.org/en/security_advisories.html"
+  },
+  {
+    "aliases": [
+      "CVE-2022-41742"
+    ],
+    "summary": "Memory disclosure in the ngx_http_mp4_module",
+    "affected_packages": [
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.0.7|<=1.0.15|>=1.1.3|<=1.23.1",
+        "fixed_version": "1.23.2"
+      },
+      {
+        "package": {
+          "type": "nginx",
+          "namespace": "",
+          "name": "nginx",
+          "version": "",
+          "qualifiers": "",
+          "subpath": ""
+        },
+        "affected_version_range": "vers:nginx/>=1.0.7|<=1.0.15|>=1.1.3|<=1.23.1",
+        "fixed_version": "1.22.1"
+      }
+    ],
+    "references": [
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html",
+        "severities": [
+          {
+            "system": "generic_textual",
+            "value": "medium",
+            "scoring_elements": ""
+          }
+        ]
+      },
+      {
+        "reference_id": "CVE-2022-41742",
+        "reference_type": "",
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41742",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://nginx.org/download/patch.2022.mp4.txt",
+        "severities": []
+      },
+      {
+        "reference_id": "",
+        "reference_type": "",
+        "url": "https://nginx.org/download/patch.2022.mp4.txt.asc",
+        "severities": []
+      }
+    ],
+    "date_published": null,
+    "weaknesses": [],
+    "url": "https://nginx.org/en/security_advisories.html"
+  },
   {
     "aliases": [
       "CVE-2021-23017"
@@ -33,33 +461,33 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2021-23017",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2021.resolver.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2021.resolver.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -100,21 +528,21 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2019-9511",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -155,21 +583,21 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "low",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2019-9513",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -210,21 +638,21 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "low",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2019-9516",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -265,21 +693,21 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "low",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2018-16843",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16843",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -320,21 +748,21 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "low",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2018-16844",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16844",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -375,33 +803,33 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2018-16845",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16845",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2018.mp4.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2018.mp4.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -442,33 +870,33 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2017-7529",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2017.ranges.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2017.ranges.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -509,45 +937,45 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2016-4450",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4450",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2016.write.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2016.write.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2016.write2.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2016.write2.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -588,21 +1016,21 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2016-0742",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0742",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -643,21 +1071,21 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2016-0746",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0746",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -698,21 +1126,21 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2016-0747",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0747",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -753,21 +1181,21 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2014-3616",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3616",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -808,33 +1236,33 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2014-3556",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3556",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2014.starttls.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2014.starttls.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -875,27 +1303,27 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html",
-        "severities": [],
-        "reference_type": ""
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html",
+        "severities": []
       },
       {
         "reference_id": "CVE-2014-0133",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0133",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2014.spdy2.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2014.spdy2.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -924,27 +1352,27 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html",
-        "severities": [],
-        "reference_type": ""
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html",
+        "severities": []
       },
       {
         "reference_id": "CVE-2014-0088",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0088",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2014.spdy.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2014.spdy.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -985,33 +1413,33 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2013-4547",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4547",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2013.space.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2013.space.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1064,45 +1492,45 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2013-2070",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2070",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2013.chunked.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2013.chunked.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2013.proxy.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2013.proxy.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1143,27 +1571,27 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html",
-        "severities": [],
-        "reference_type": ""
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html",
+        "severities": []
       },
       {
         "reference_id": "CVE-2013-2028",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2028",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2013.chunked.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2013.chunked.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1204,21 +1632,21 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html",
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html",
         "severities": [
           {
             "system": "generic_textual",
             "value": "medium",
             "scoring_elements": ""
           }
-        ],
-        "reference_type": ""
+        ]
       },
       {
         "reference_id": "CVE-2011-4963",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4963",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1259,27 +1687,27 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html",
-        "severities": [],
-        "reference_type": ""
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html",
+        "severities": []
       },
       {
         "reference_id": "CVE-2012-2089",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2089",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2012.mp4.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2012.mp4.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1320,27 +1748,27 @@
     "references": [
       {
         "reference_id": "",
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html",
-        "severities": [],
-        "reference_type": ""
+        "reference_type": "",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html",
+        "severities": []
       },
       {
         "reference_id": "CVE-2012-1180",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1180",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2012.memory.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.2012.memory.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1381,9 +1809,9 @@
     "references": [
       {
         "reference_id": "CVE-2011-4315",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4315",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1424,9 +1852,9 @@
     "references": [
       {
         "reference_id": "CVE-2010-2266",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2266",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1467,9 +1895,9 @@
     "references": [
       {
         "reference_id": "CVE-2010-2263",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2263",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1534,9 +1962,9 @@
     "references": [
       {
         "reference_id": "CVE-2009-4487",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4487",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1578,21 +2006,21 @@
     "references": [
       {
         "reference_id": "CVE-2009-3555",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.cve-2009-3555.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.cve-2009-3555.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1633,9 +2061,9 @@
     "references": [
       {
         "reference_id": "CVE-2009-3898",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3898",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1701,21 +2129,21 @@
     "references": [
       {
         "reference_id": "CVE-2009-2629",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2629",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.180065.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.180065.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
@@ -1780,21 +2208,21 @@
     "references": [
       {
         "reference_id": "CVE-2009-3896",
+        "reference_type": "",
         "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3896",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.null.pointer.txt",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       },
       {
         "reference_id": "",
+        "reference_type": "",
         "url": "https://nginx.org/download/patch.null.pointer.txt.asc",
-        "severities": [],
-        "reference_type": ""
+        "severities": []
       }
     ],
     "date_published": null,
diff --git a/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json b/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json
index cefc0d266..938e77249 100644
--- a/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json
+++ b/vulnerabilities/tests/test_data/nginx/security_advisories-importer-expected.json
@@ -318,7 +318,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "8fef80748adc9276c73aec8916182cdd",
+    "unique_content_id": "96c2ffdeacca4901942abd83d54f33f5",
     "aliases": [
       "CVE-2011-4963"
     ],
@@ -351,7 +351,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html",
         "severities": [
           {
             "value": "medium",
@@ -373,7 +373,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "1b3ebcc9873e1bc72a86efe7be53ad25",
+    "unique_content_id": "ca72fb146fcd014ee284ef66f7fc1c08",
     "aliases": [
       "CVE-2012-1180"
     ],
@@ -406,7 +406,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html",
         "severities": [],
         "reference_id": "",
         "reference_type": ""
@@ -434,7 +434,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "2440f03249f740ee88cce42fad807a10",
+    "unique_content_id": "901e1dc04473ff40c6e503baec5e9bf6",
     "aliases": [
       "CVE-2012-2089"
     ],
@@ -467,7 +467,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html",
         "severities": [],
         "reference_id": "",
         "reference_type": ""
@@ -495,7 +495,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e49dab60f3ebf0ae2ca04b90ae9d473d",
+    "unique_content_id": "e74396e2dc204fb095c802fe54d4d176",
     "aliases": [
       "CVE-2013-2028"
     ],
@@ -528,7 +528,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html",
         "severities": [],
         "reference_id": "",
         "reference_type": ""
@@ -556,7 +556,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "a78b435767821a42ad40300350817343",
+    "unique_content_id": "13592aaee15657bff9afca8c98edf8bf",
     "aliases": [
       "CVE-2013-2070"
     ],
@@ -601,7 +601,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html",
         "severities": [
           {
             "value": "medium",
@@ -647,7 +647,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "e3caf987cd87a3d7cd579c5a206d9512",
+    "unique_content_id": "0f21f4e3d88f4af06f0c46d096e90320",
     "aliases": [
       "CVE-2013-4547"
     ],
@@ -680,7 +680,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html",
         "severities": [
           {
             "value": "medium",
@@ -714,7 +714,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ae636c3c50d081afc1bbd6eee2e96f00",
+    "unique_content_id": "3430956de63de2b1188c3d1e50c3b0cd",
     "aliases": [
       "CVE-2014-0088"
     ],
@@ -735,7 +735,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html",
         "severities": [],
         "reference_id": "",
         "reference_type": ""
@@ -763,7 +763,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "8132c0fa1ae9aeef40071413ff5633c5",
+    "unique_content_id": "db01da77157a7a773285dc98169416ec",
     "aliases": [
       "CVE-2014-0133"
     ],
@@ -796,7 +796,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html",
         "severities": [],
         "reference_id": "",
         "reference_type": ""
@@ -824,7 +824,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "209fb59818245e7c0fcf395cff7f0254",
+    "unique_content_id": "83d5fba07f12acd2e4947e68d233fbe5",
     "aliases": [
       "CVE-2014-3556"
     ],
@@ -857,7 +857,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html",
         "severities": [
           {
             "value": "medium",
@@ -891,7 +891,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "6a382d1724440ac8c24636ade786defc",
+    "unique_content_id": "ce87032bced3f187b1c0fbacc52b8c16",
     "aliases": [
       "CVE-2014-3616"
     ],
@@ -924,7 +924,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html",
         "severities": [
           {
             "value": "medium",
@@ -946,7 +946,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "b417c94407c32b280b8280a744775603",
+    "unique_content_id": "71c918b8f82b4de8cfa23fc96fa0d7a7",
     "aliases": [
       "CVE-2016-0742"
     ],
@@ -979,7 +979,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
         "severities": [
           {
             "value": "medium",
@@ -1001,7 +1001,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c9e12a63600902ae1e2892b712c2a616",
+    "unique_content_id": "2ec9de991e2cb7a5a0ba79bed8556a41",
     "aliases": [
       "CVE-2016-0746"
     ],
@@ -1034,7 +1034,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
         "severities": [
           {
             "value": "medium",
@@ -1056,7 +1056,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "20a3433420bc5d55c8562cce6f546ade",
+    "unique_content_id": "925abc90d30273fe8cb404b7f3c8dfd3",
     "aliases": [
       "CVE-2016-0747"
     ],
@@ -1089,7 +1089,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html",
         "severities": [
           {
             "value": "medium",
@@ -1111,7 +1111,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "4b3d2f57488206608cd2a6ca4bc98a80",
+    "unique_content_id": "04f5bc12ff49a95a29c459222379abe4",
     "aliases": [
       "CVE-2016-4450"
     ],
@@ -1144,7 +1144,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html",
         "severities": [
           {
             "value": "medium",
@@ -1190,7 +1190,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "c537e37104bd72e217b875f30575f7ed",
+    "unique_content_id": "b3192a372fdac00b2cdf462b562cf73b",
     "aliases": [
       "CVE-2017-7529"
     ],
@@ -1223,7 +1223,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html",
         "severities": [
           {
             "value": "medium",
@@ -1257,7 +1257,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "faf0114d0b1af4e6774935adfb0d035d",
+    "unique_content_id": "cb70875e6e02b2d41dd8876b4729bf84",
     "aliases": [
       "CVE-2018-16843"
     ],
@@ -1290,7 +1290,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html",
         "severities": [
           {
             "value": "low",
@@ -1312,7 +1312,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "53423756041338b1125146455a0f95c0",
+    "unique_content_id": "cf47abf58659080601c4cd87a119a769",
     "aliases": [
       "CVE-2018-16844"
     ],
@@ -1345,7 +1345,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html",
         "severities": [
           {
             "value": "low",
@@ -1367,7 +1367,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "f6060c258e1ef0b8ca8fe187e4b64eeb",
+    "unique_content_id": "33d08a513ea5fef861e924f2601f7ac6",
     "aliases": [
       "CVE-2018-16845"
     ],
@@ -1400,7 +1400,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html",
         "severities": [
           {
             "value": "medium",
@@ -1434,7 +1434,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "ede767e15cc1b8849f27a5f4e2f18916",
+    "unique_content_id": "8ca47577347bd9f2027e09e32bc74866",
     "aliases": [
       "CVE-2019-9511"
     ],
@@ -1467,7 +1467,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
         "severities": [
           {
             "value": "medium",
@@ -1489,7 +1489,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "de2189c7ff2eb37873c56ad378848b68",
+    "unique_content_id": "74ec3c647d544d6e6935492b7dceb572",
     "aliases": [
       "CVE-2019-9513"
     ],
@@ -1522,7 +1522,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
         "severities": [
           {
             "value": "low",
@@ -1544,7 +1544,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "69f562cddb1ea962baefd2cf5d7fbf25",
+    "unique_content_id": "2537fa6a9e8e84a3c06bb122fcbf468d",
     "aliases": [
       "CVE-2019-9516"
     ],
@@ -1577,7 +1577,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html",
         "severities": [
           {
             "value": "low",
@@ -1599,7 +1599,7 @@
     "weaknesses": []
   },
   {
-    "unique_content_id": "d0164a56e85c1947f8dc4b2795e35eb6",
+    "unique_content_id": "27612bc7cab82114b1549552f5ad48ff",
     "aliases": [
       "CVE-2021-23017"
     ],
@@ -1632,7 +1632,7 @@
     ],
     "references": [
       {
-        "url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html",
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html",
         "severities": [
           {
             "value": "medium",
@@ -1665,6 +1665,434 @@
     "date_published": null,
     "weaknesses": []
   },
+  {
+    "unique_content_id": "dad2ebc242641f6a276b00769ef57efa",
+    "aliases": [
+      "CVE-2022-41741"
+    ],
+    "summary": "Memory corruption in the ngx_http_mp4_module",
+    "affected_packages": [
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.23.2",
+        "affected_version_range": "vers:nginx/>=1.0.7|<=1.0.15|>=1.1.3|<=1.23.1"
+      },
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.22.1",
+        "affected_version_range": "vers:nginx/>=1.0.7|<=1.0.15|>=1.1.3|<=1.23.1"
+      }
+    ],
+    "references": [
+      {
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html",
+        "severities": [
+          {
+            "value": "medium",
+            "system": "generic_textual",
+            "scoring_elements": ""
+          }
+        ],
+        "reference_id": "",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41741",
+        "severities": [],
+        "reference_id": "CVE-2022-41741",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nginx.org/download/patch.2022.mp4.txt",
+        "severities": [],
+        "reference_id": "",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nginx.org/download/patch.2022.mp4.txt.asc",
+        "severities": [],
+        "reference_id": "",
+        "reference_type": ""
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "unique_content_id": "e17dde538a78c978602298541bcd29f0",
+    "aliases": [
+      "CVE-2022-41742"
+    ],
+    "summary": "Memory disclosure in the ngx_http_mp4_module",
+    "affected_packages": [
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.23.2",
+        "affected_version_range": "vers:nginx/>=1.0.7|<=1.0.15|>=1.1.3|<=1.23.1"
+      },
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.22.1",
+        "affected_version_range": "vers:nginx/>=1.0.7|<=1.0.15|>=1.1.3|<=1.23.1"
+      }
+    ],
+    "references": [
+      {
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html",
+        "severities": [
+          {
+            "value": "medium",
+            "system": "generic_textual",
+            "scoring_elements": ""
+          }
+        ],
+        "reference_id": "",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41742",
+        "severities": [],
+        "reference_id": "CVE-2022-41742",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nginx.org/download/patch.2022.mp4.txt",
+        "severities": [],
+        "reference_id": "",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nginx.org/download/patch.2022.mp4.txt.asc",
+        "severities": [],
+        "reference_id": "",
+        "reference_type": ""
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "unique_content_id": "e4c6a0358264fb7523f6ee40f844854f",
+    "aliases": [
+      "CVE-2024-24989"
+    ],
+    "summary": "NULL pointer dereference in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.25.4",
+        "affected_version_range": "vers:nginx/1.25.3"
+      }
+    ],
+    "references": [
+      {
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html",
+        "severities": [],
+        "reference_id": "",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24989",
+        "severities": [],
+        "reference_id": "CVE-2024-24989",
+        "reference_type": ""
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "unique_content_id": "f87492771be35866bf4dce017ea54dc8",
+    "aliases": [
+      "CVE-2024-24990"
+    ],
+    "summary": "Use-after-free in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.25.4",
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.3"
+      }
+    ],
+    "references": [
+      {
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html",
+        "severities": [],
+        "reference_id": "",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24990",
+        "severities": [],
+        "reference_id": "CVE-2024-24990",
+        "reference_type": ""
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "unique_content_id": "79d9b38e6e89e3f3fc5ca4b2e64d0faa",
+    "aliases": [
+      "CVE-2024-31079"
+    ],
+    "summary": "Stack overflow and use-after-free in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.27.0",
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0"
+      },
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.26.1",
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0"
+      }
+    ],
+    "references": [
+      {
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html",
+        "severities": [
+          {
+            "value": "medium",
+            "system": "generic_textual",
+            "scoring_elements": ""
+          }
+        ],
+        "reference_id": "",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31079",
+        "severities": [],
+        "reference_id": "CVE-2024-31079",
+        "reference_type": ""
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "unique_content_id": "b3d7627b206f561242cdd2eae0e3bbeb",
+    "aliases": [
+      "CVE-2024-32760"
+    ],
+    "summary": "Buffer overwrite in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.27.0",
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0"
+      },
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.26.1",
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0"
+      }
+    ],
+    "references": [
+      {
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html",
+        "severities": [
+          {
+            "value": "medium",
+            "system": "generic_textual",
+            "scoring_elements": ""
+          }
+        ],
+        "reference_id": "",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32760",
+        "severities": [],
+        "reference_id": "CVE-2024-32760",
+        "reference_type": ""
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "unique_content_id": "43c2f41bb851164d3495f3c204a57f20",
+    "aliases": [
+      "CVE-2024-34161"
+    ],
+    "summary": "Memory disclosure in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.27.0",
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0"
+      },
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.26.1",
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0"
+      }
+    ],
+    "references": [
+      {
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html",
+        "severities": [
+          {
+            "value": "medium",
+            "system": "generic_textual",
+            "scoring_elements": ""
+          }
+        ],
+        "reference_id": "",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34161",
+        "severities": [],
+        "reference_id": "CVE-2024-34161",
+        "reference_type": ""
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
+  {
+    "unique_content_id": "b72c609cd1be7c77f4432e1bc8c365f3",
+    "aliases": [
+      "CVE-2024-35200"
+    ],
+    "summary": "NULL pointer dereference in HTTP/3",
+    "affected_packages": [
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.27.0",
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0"
+      },
+      {
+        "package": {
+          "name": "nginx",
+          "type": "nginx",
+          "subpath": "",
+          "version": "",
+          "namespace": "",
+          "qualifiers": ""
+        },
+        "fixed_version": "1.26.1",
+        "affected_version_range": "vers:nginx/>=1.25.0|<=1.25.5|1.26.0"
+      }
+    ],
+    "references": [
+      {
+        "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html",
+        "severities": [
+          {
+            "value": "medium",
+            "system": "generic_textual",
+            "scoring_elements": ""
+          }
+        ],
+        "reference_id": "",
+        "reference_type": ""
+      },
+      {
+        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35200",
+        "severities": [],
+        "reference_id": "CVE-2024-35200",
+        "reference_type": ""
+      }
+    ],
+    "date_published": null,
+    "weaknesses": []
+  },
   {
     "unique_content_id": "686399b9012be40d39b5366ec1695768",
     "aliases": [
diff --git a/vulnerabilities/tests/test_data/nginx/security_advisories.html b/vulnerabilities/tests/test_data/nginx/security_advisories.html
index db3556eba..6c4585438 100644
--- a/vulnerabilities/tests/test_data/nginx/security_advisories.html
+++ b/vulnerabilities/tests/test_data/nginx/security_advisories.html
@@ -1,21 +1,13 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>nginx security advisories</title><style type="text/css">body { background: white; color: black; font-family: sans-serif; line-height: 1.4em; text-align: center; margin: 0; padding: 0; } #banner { background: black; color: #F2F2F2; line-height: 1.2em; padding: .3em 0; box-shadow: 0 5px 10px black; } #banner a { color: #00B140; } #main { text-align: left; margin: 0 auto; min-width: 32em; max-width: 64em; } #menu { float: right; width: 11em; padding: 0 .5em 1em .5em; border-left: 2px solid #DDD; } #content { margin-right: 13.5em; padding: 0 .2em 0 1.5em; } h1 { display: block; font-size: 3em; text-align: left; height: .7em; margin: 0; margin-bottom: .5em; } h1 img { width: 100%; } h2 { text-align: center; } p { text-align: justify; } table.news p { margin-top: 0; } table.news td { vertical-align: baseline; } table.news .date { text-align: right; padding-right: 0.5em; white-space: nowrap; } table.donors td { vertical-align: baseline; } table.donors li { text-align: left; } div.directive { background: #F2F2F2; line-height: 1em; margin: 1em 0 1em -1em; padding: .7em .7em .7em 1em; border-top: 2px solid #DDD; } div.directive th { padding-left: 0; padding-right: .5em; vertical-align: baseline; text-align: left; font-weight: normal; } div.directive td { vertical-align: baseline; } div.directive pre { padding: 0; margin: 0; } div.directive p { margin: .5em 0 0 .1em; font-size: .8em; } a.notrans { color: gray; text-decoration:none; } span.initial { font-size: 200%; float: left; padding-right: 10pt;} ul, ol { margin: .5em 0 1em 1em; padding: 0 .5em; } ol { list-style-position: inside; } li { text-align: justify; padding: .5em 0 0 1px; } .compact li { padding-top: 0; } dl { margin: .5em 0 1em 0; } dt { margin: .5em 0; } .compact dt { margin-bottom: .2em; } dd { margin-left: 1.5em; padding-left: 1px; text-align: justify; } td.list { background: #F2F2F2; } blockquote { margin: 1em 0 1em 1em; padding: .5em; } li blockquote, dd blockquote { margin: .7em 0; } blockquote.note { border: 1px dotted #999; line-height: 1.2em; text-align: justify; } blockquote.example { line-height: 1em; border-left: 1px solid #BBB; } blockquote.example pre { padding: 0; margin: 0; } sup { font-size: 50%; } .video { position: relative; padding-bottom: 56.25%; overflow: hidden; } .video iframe, .video object, .video embed { position: absolute; top:0; left:0; width:100%; height:100%; }</style><script>
-        (function(w, d, s, l, i) {
-            w[l] = w[l] || [];
-            w[l].push({
-                'gtm.start': new Date().getTime(),
-                event: 'gtm.js'
-            });
-            var f = d.getElementsByTagName(s)[0],
-                j = d.createElement(s),
-                dl = l != 'dataLayer' ? '&l=' + l : '';
-            j.async = true;
-            j.src = '//www.googletagmanager.com/gtm.js?id=' + i + dl;
-            f.parentNode.insertBefore(j, f);
-        })(window, document, 'script', 'dataLayer', 'GTM-TPSP33');
-    </script></head><body><div id="banner">
-        Registration is now open for the free Microservices March Kubernetes event.<br><a href="https://www.nginx.com/c/microservices-march-2022-kubernetes-networking/">Click here</a> to enroll.
-    </div><div id="main"><div id="menu"><h1><a href="/"><img src="/nginx.png" alt="nginx"></a></h1><div>english<br><a class="notrans">русский</a><br><br><a href="../">news</a><br><a href="./">about</a><br><a href="download.html">download</a><br>security<br><a href="docs/">documentation</a><br><a href="docs/faq.html">faq</a><br><a href="books.html">books</a><br><a href="support.html">support</a><br><br><a href="http://trac.nginx.org/nginx">trac</a><br><a href="http://twitter.com/nginxorg">twitter</a><br><a href="https://www.nginx.com/blog/">blog</a><br><br><a href="https://unit.nginx.org/">unit</a><br><a href="docs/njs/">njs</a><br></div></div><div id="content"><h2>nginx security advisories</h2><p>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title>nginx security advisories</title><style type="text/css">body { background: white; color: black; font-family: sans-serif; line-height: 1.4em; text-align: center; margin: 0; padding: 0; } #banner { background: black; color: #F2F2F2; line-height: 1.2em; padding: .3em 0; box-shadow: 0 5px 10px black; } #banner a { color: #00B140; } #main { text-align: left; margin: 0 auto; min-width: 32em; max-width: 64em; } #menu { float: right; width: 11em; padding: 0 .5em 1em .5em; border-left: 2px solid #DDD; } #content { margin-right: 13.5em; padding: 0 .2em 0 1.5em; } h1 { display: block; font-size: 3em; text-align: left; height: .7em; margin: 0; margin-bottom: .5em; } h1 img { width: 100%; } h2 { text-align: center; } p { text-align: justify; } table.news p { margin-top: 0; } table.news td { vertical-align: baseline; } table.news .date { text-align: right; padding-right: 0.5em; white-space: nowrap; } table.donors td { vertical-align: baseline; } table.donors li { text-align: left; } div.directive { background: #F2F2F2; line-height: 1em; margin: 1em 0 1em -1em; padding: .7em .7em .7em 1em; border-top: 2px solid #DDD; } div.directive th { padding-left: 0; padding-right: .5em; vertical-align: baseline; text-align: left; font-weight: normal; } div.directive td { vertical-align: baseline; } div.directive pre { padding: 0; margin: 0; } div.directive p { margin: .5em 0 0 .1em; font-size: .8em; } a.notrans { color: gray; text-decoration:none; } span.initial { font-size: 200%; float: left; padding-right: 10pt;} ul, ol { margin: .5em 0 1em 1em; padding: 0 .5em; } ol { list-style-position: inside; } li { text-align: justify; padding: .5em 0 0 1px; } .compact li { padding-top: 0; } dl { margin: .5em 0 1em 0; } dt { margin: .5em 0; } .compact dt { margin-bottom: .2em; } dd { margin-left: 1.5em; padding-left: 1px; text-align: justify; } td.list { background: #F2F2F2; } blockquote { margin: 1em 0 1em 1em; padding: .5em; } li blockquote, dd blockquote { margin: .7em 0; } blockquote.note { border: 1px dotted #999; line-height: 1.2em; text-align: justify; } blockquote.example { line-height: 1em; border-left: 1px solid #BBB; } blockquote.example pre { padding: 0; margin: 0; } sup { font-size: 50%; } .video { position: relative; padding-bottom: 56.25%; overflow: hidden; } .video iframe, .video object, .video embed { position: absolute; top:0; left:0; width:100%; height:100%; }</style></head><body><div id="banner"><div id="banner-content">
+
+Have you heard?
+<a href="https://nginx.org/en/docs/njs/">njs</a> has moved to
+<a href="https://github.com/nginx/njs/">GitHub</a>.
+<a href="https://mailman.nginx.org/pipermail/nginx/2024-June/WBTVAEMFIOQDL3VEBP7Z65Q4E56T73L6.html">
+Read more</a>.
+
+</div></div><div id="main"><div id="menu"><input class="side-menu" type="checkbox" id="side-menu"><label class="hamb" for="side-menu"><span class="hamb-line"></span></label><nav class="nav"><h1><a href="/"><img src="/nginx.png" alt="nginx"></a></h1><div><ul class="mobilemenu">english<br><a class="notrans">русский</a><br><br><a href="../">news</a><br><a href="./">about</a><br><a href="download.html">download</a><br>security<br><a href="docs/">documentation</a><br><a href="docs/faq.html">faq</a><br><a href="books.html">books</a><br><a href="community.html">community</a><br><br><a href="http://trac.nginx.org/nginx">trac</a><br><a href="http://twitter.com/nginxorg">twitter</a><br><a href="https://blog.nginx.org/">blog</a><br><br><a href="https://unit.nginx.org/">unit</a><br><a href="docs/njs/">njs</a><br></ul></div></nav></div><div id="content"><h2>nginx security advisories</h2><p>
 All nginx security issues should be reported to
 <a href="mailto:security-alert@nginx.org">security-alert@nginx.org</a>.
 </p><p>
@@ -23,66 +15,82 @@
 <a href="pgp_keys.html">PGP public keys</a>.
 </p><ul>
 
-<li><p>1-byte memory overwrite in resolver<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017">CVE-2021-23017</a><br>Not vulnerable: 1.21.0+, 1.20.1+<br>Vulnerable: 0.6.18-1.20.0<br><a href="/download/patch.2021.resolver.txt">The patch</a>  <a href="/download/patch.2021.resolver.txt.asc">pgp</a></p></li>
+<li><p>Buffer overwrite in HTTP/3<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2024-32760">CVE-2024-32760</a><br>Not vulnerable: 1.27.0+, 1.26.1+<br>Vulnerable: 1.25.0-1.25.5, 1.26.0</p></li>
+
+<li><p>Stack overflow and use-after-free in HTTP/3<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2024-31079">CVE-2024-31079</a><br>Not vulnerable: 1.27.0+, 1.26.1+<br>Vulnerable: 1.25.0-1.25.5, 1.26.0</p></li>
+
+<li><p>NULL pointer dereference in HTTP/3<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2024-35200">CVE-2024-35200</a><br>Not vulnerable: 1.27.0+, 1.26.1+<br>Vulnerable: 1.25.0-1.25.5, 1.26.0</p></li>
+
+<li><p>Memory disclosure in HTTP/3<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2024-34161">CVE-2024-34161</a><br>Not vulnerable: 1.27.0+, 1.26.1+<br>Vulnerable: 1.25.0-1.25.5, 1.26.0</p></li>
+
+<li><p>NULL pointer dereference in HTTP/3<br>Severity: <b>major</b><br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2024-24989">CVE-2024-24989</a><br>Not vulnerable: 1.25.4+<br>Vulnerable: 1.25.3</p></li>
+
+<li><p>Use-after-free in HTTP/3<br>Severity: <b>major</b><br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2024-24990">CVE-2024-24990</a><br>Not vulnerable: 1.25.4+<br>Vulnerable: 1.25.0-1.25.3</p></li>
+
+<li><p>Memory corruption in the ngx_http_mp4_module<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2022-41741">CVE-2022-41741</a><br>Not vulnerable: 1.23.2+, 1.22.1+<br>Vulnerable: 1.1.3-1.23.1, 1.0.7-1.0.15<br><a href="/download/patch.2022.mp4.txt">The patch</a>  <a href="/download/patch.2022.mp4.txt.asc">pgp</a></p></li>
+
+<li><p>Memory disclosure in the ngx_http_mp4_module<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2022-41742">CVE-2022-41742</a><br>Not vulnerable: 1.23.2+, 1.22.1+<br>Vulnerable: 1.1.3-1.23.1, 1.0.7-1.0.15<br><a href="/download/patch.2022.mp4.txt">The patch</a>  <a href="/download/patch.2022.mp4.txt.asc">pgp</a></p></li>
+
+<li><p>1-byte memory overwrite in resolver<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2021-23017">CVE-2021-23017</a><br>Not vulnerable: 1.21.0+, 1.20.1+<br>Vulnerable: 0.6.18-1.20.0<br><a href="/download/patch.2021.resolver.txt">The patch</a>  <a href="/download/patch.2021.resolver.txt.asc">pgp</a></p></li>
 
-<li><p>Excessive CPU usage in HTTP/2 with small window updates<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511">CVE-2019-9511</a><br>Not vulnerable: 1.17.3+, 1.16.1+<br>Vulnerable: 1.9.5-1.17.2</p></li>
+<li><p>Excessive CPU usage in HTTP/2 with small window updates<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2019-9511">CVE-2019-9511</a><br>Not vulnerable: 1.17.3+, 1.16.1+<br>Vulnerable: 1.9.5-1.17.2</p></li>
 
-<li><p>Excessive CPU usage in HTTP/2 with priority changes<br>Severity: low<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513">CVE-2019-9513</a><br>Not vulnerable: 1.17.3+, 1.16.1+<br>Vulnerable: 1.9.5-1.17.2</p></li>
+<li><p>Excessive CPU usage in HTTP/2 with priority changes<br>Severity: low<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2019-9513">CVE-2019-9513</a><br>Not vulnerable: 1.17.3+, 1.16.1+<br>Vulnerable: 1.9.5-1.17.2</p></li>
 
-<li><p>Excessive memory usage in HTTP/2 with zero length headers<br>Severity: low<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516">CVE-2019-9516</a><br>Not vulnerable: 1.17.3+, 1.16.1+<br>Vulnerable: 1.9.5-1.17.2</p></li>
+<li><p>Excessive memory usage in HTTP/2 with zero length headers<br>Severity: low<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2019-9516">CVE-2019-9516</a><br>Not vulnerable: 1.17.3+, 1.16.1+<br>Vulnerable: 1.9.5-1.17.2</p></li>
 
-<li><p>Excessive memory usage in HTTP/2<br>Severity: low<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843">CVE-2018-16843</a><br>Not vulnerable: 1.15.6+, 1.14.1+<br>Vulnerable: 1.9.5-1.15.5</p></li>
+<li><p>Excessive memory usage in HTTP/2<br>Severity: low<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2018-16843">CVE-2018-16843</a><br>Not vulnerable: 1.15.6+, 1.14.1+<br>Vulnerable: 1.9.5-1.15.5</p></li>
 
-<li><p>Excessive CPU usage in HTTP/2<br>Severity: low<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844">CVE-2018-16844</a><br>Not vulnerable: 1.15.6+, 1.14.1+<br>Vulnerable: 1.9.5-1.15.5</p></li>
+<li><p>Excessive CPU usage in HTTP/2<br>Severity: low<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2018-16844">CVE-2018-16844</a><br>Not vulnerable: 1.15.6+, 1.14.1+<br>Vulnerable: 1.9.5-1.15.5</p></li>
 
-<li><p>Memory disclosure in the ngx_http_mp4_module<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845">CVE-2018-16845</a><br>Not vulnerable: 1.15.6+, 1.14.1+<br>Vulnerable: 1.1.3-1.15.5, 1.0.7-1.0.15<br><a href="/download/patch.2018.mp4.txt">The patch</a>  <a href="/download/patch.2018.mp4.txt.asc">pgp</a></p></li>
+<li><p>Memory disclosure in the ngx_http_mp4_module<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2018-16845">CVE-2018-16845</a><br>Not vulnerable: 1.15.6+, 1.14.1+<br>Vulnerable: 1.1.3-1.15.5, 1.0.7-1.0.15<br><a href="/download/patch.2018.mp4.txt">The patch</a>  <a href="/download/patch.2018.mp4.txt.asc">pgp</a></p></li>
 
-<li><p>Integer overflow in the range filter<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529">CVE-2017-7529</a><br>Not vulnerable: 1.13.3+, 1.12.1+<br>Vulnerable: 0.5.6-1.13.2<br><a href="/download/patch.2017.ranges.txt">The patch</a>  <a href="/download/patch.2017.ranges.txt.asc">pgp</a></p></li>
+<li><p>Integer overflow in the range filter<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2017-7529">CVE-2017-7529</a><br>Not vulnerable: 1.13.3+, 1.12.1+<br>Vulnerable: 0.5.6-1.13.2<br><a href="/download/patch.2017.ranges.txt">The patch</a>  <a href="/download/patch.2017.ranges.txt.asc">pgp</a></p></li>
 
-<li><p>NULL pointer dereference while writing client request body<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450">CVE-2016-4450</a><br>Not vulnerable: 1.11.1+, 1.10.1+<br>Vulnerable: 1.3.9-1.11.0<br><a href="/download/patch.2016.write.txt">The patch</a>  <a href="/download/patch.2016.write.txt.asc">pgp</a>  (for 1.9.13-1.11.0)<br><a href="/download/patch.2016.write2.txt">The patch</a>  <a href="/download/patch.2016.write2.txt.asc">pgp</a>  (for 1.3.9-1.9.12)</p></li>
+<li><p>NULL pointer dereference while writing client request body<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2016-4450">CVE-2016-4450</a><br>Not vulnerable: 1.11.1+, 1.10.1+<br>Vulnerable: 1.3.9-1.11.0<br><a href="/download/patch.2016.write.txt">The patch</a>  <a href="/download/patch.2016.write.txt.asc">pgp</a>  (for 1.9.13-1.11.0)<br><a href="/download/patch.2016.write2.txt">The patch</a>  <a href="/download/patch.2016.write2.txt.asc">pgp</a>  (for 1.3.9-1.9.12)</p></li>
 
-<li><p>Invalid pointer dereference in resolver<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742">CVE-2016-0742</a><br>Not vulnerable: 1.9.10+, 1.8.1+<br>Vulnerable: 0.6.18-1.9.9</p></li>
+<li><p>Invalid pointer dereference in resolver<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2016-0742">CVE-2016-0742</a><br>Not vulnerable: 1.9.10+, 1.8.1+<br>Vulnerable: 0.6.18-1.9.9</p></li>
 
-<li><p>Use-after-free during CNAME response processing in resolver<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746">CVE-2016-0746</a><br>Not vulnerable: 1.9.10+, 1.8.1+<br>Vulnerable: 0.6.18-1.9.9</p></li>
+<li><p>Use-after-free during CNAME response processing in resolver<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2016-0746">CVE-2016-0746</a><br>Not vulnerable: 1.9.10+, 1.8.1+<br>Vulnerable: 0.6.18-1.9.9</p></li>
 
-<li><p>Insufficient limits of CNAME resolution in resolver<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747">CVE-2016-0747</a><br>Not vulnerable: 1.9.10+, 1.8.1+<br>Vulnerable: 0.6.18-1.9.9</p></li>
+<li><p>Insufficient limits of CNAME resolution in resolver<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2016-0747">CVE-2016-0747</a><br>Not vulnerable: 1.9.10+, 1.8.1+<br>Vulnerable: 0.6.18-1.9.9</p></li>
 
-<li><p>SSL session reuse vulnerability<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616">CVE-2014-3616</a><br>Not vulnerable: 1.7.5+, 1.6.2+<br>Vulnerable: 0.5.6-1.7.4</p></li>
+<li><p>SSL session reuse vulnerability<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2014-3616">CVE-2014-3616</a><br>Not vulnerable: 1.7.5+, 1.6.2+<br>Vulnerable: 0.5.6-1.7.4</p></li>
 
-<li><p>STARTTLS command injection<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3556">CVE-2014-3556</a><br>Not vulnerable: 1.7.4+, 1.6.1+<br>Vulnerable: 1.5.6-1.7.3<br><a href="/download/patch.2014.starttls.txt">The patch</a>  <a href="/download/patch.2014.starttls.txt.asc">pgp</a></p></li>
+<li><p>STARTTLS command injection<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2014-3556">CVE-2014-3556</a><br>Not vulnerable: 1.7.4+, 1.6.1+<br>Vulnerable: 1.5.6-1.7.3<br><a href="/download/patch.2014.starttls.txt">The patch</a>  <a href="/download/patch.2014.starttls.txt.asc">pgp</a></p></li>
 
-<li><p>SPDY heap buffer overflow<br>Severity: <b>major</b><br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133">CVE-2014-0133</a><br>Not vulnerable: 1.5.12+, 1.4.7+<br>Vulnerable: 1.3.15-1.5.11<br><a href="/download/patch.2014.spdy2.txt">The patch</a>  <a href="/download/patch.2014.spdy2.txt.asc">pgp</a></p></li>
+<li><p>SPDY heap buffer overflow<br>Severity: <b>major</b><br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2014-0133">CVE-2014-0133</a><br>Not vulnerable: 1.5.12+, 1.4.7+<br>Vulnerable: 1.3.15-1.5.11<br><a href="/download/patch.2014.spdy2.txt">The patch</a>  <a href="/download/patch.2014.spdy2.txt.asc">pgp</a></p></li>
 
-<li><p>SPDY memory corruption<br>Severity: <b>major</b><br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0088">CVE-2014-0088</a><br>Not vulnerable: 1.5.11+<br>Vulnerable: 1.5.10<br><a href="/download/patch.2014.spdy.txt">The patch</a>  <a href="/download/patch.2014.spdy.txt.asc">pgp</a></p></li>
+<li><p>SPDY memory corruption<br>Severity: <b>major</b><br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2014-0088">CVE-2014-0088</a><br>Not vulnerable: 1.5.11+<br>Vulnerable: 1.5.10<br><a href="/download/patch.2014.spdy.txt">The patch</a>  <a href="/download/patch.2014.spdy.txt.asc">pgp</a></p></li>
 
-<li><p>Request line parsing vulnerability<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547">CVE-2013-4547</a><br>Not vulnerable: 1.5.7+, 1.4.4+<br>Vulnerable: 0.8.41-1.5.6<br><a href="/download/patch.2013.space.txt">The patch</a>  <a href="/download/patch.2013.space.txt.asc">pgp</a></p></li>
+<li><p>Request line parsing vulnerability<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2013-4547">CVE-2013-4547</a><br>Not vulnerable: 1.5.7+, 1.4.4+<br>Vulnerable: 0.8.41-1.5.6<br><a href="/download/patch.2013.space.txt">The patch</a>  <a href="/download/patch.2013.space.txt.asc">pgp</a></p></li>
 
-<li><p>Memory disclosure with specially crafted HTTP backend responses<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070">CVE-2013-2070</a><br>Not vulnerable: 1.5.0+, 1.4.1+, 1.2.9+<br>Vulnerable: 1.1.4-1.2.8, 1.3.9-1.4.0<br><a href="/download/patch.2013.chunked.txt">The patch</a>  <a href="/download/patch.2013.chunked.txt.asc">pgp</a>  (for 1.3.9-1.4.0)<br><a href="/download/patch.2013.proxy.txt">The patch</a>  <a href="/download/patch.2013.proxy.txt.asc">pgp</a>  (for 1.1.4-1.2.8)</p></li>
+<li><p>Memory disclosure with specially crafted HTTP backend responses<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2013-2070">CVE-2013-2070</a><br>Not vulnerable: 1.5.0+, 1.4.1+, 1.2.9+<br>Vulnerable: 1.1.4-1.2.8, 1.3.9-1.4.0<br><a href="/download/patch.2013.chunked.txt">The patch</a>  <a href="/download/patch.2013.chunked.txt.asc">pgp</a>  (for 1.3.9-1.4.0)<br><a href="/download/patch.2013.proxy.txt">The patch</a>  <a href="/download/patch.2013.proxy.txt.asc">pgp</a>  (for 1.1.4-1.2.8)</p></li>
 
-<li><p>Stack-based buffer overflow with specially crafted request<br>Severity: <b>major</b><br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028">CVE-2013-2028</a><br>Not vulnerable: 1.5.0+, 1.4.1+<br>Vulnerable: 1.3.9-1.4.0<br><a href="/download/patch.2013.chunked.txt">The patch</a>  <a href="/download/patch.2013.chunked.txt.asc">pgp</a></p></li>
+<li><p>Stack-based buffer overflow with specially crafted request<br>Severity: <b>major</b><br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2013-2028">CVE-2013-2028</a><br>Not vulnerable: 1.5.0+, 1.4.1+<br>Vulnerable: 1.3.9-1.4.0<br><a href="/download/patch.2013.chunked.txt">The patch</a>  <a href="/download/patch.2013.chunked.txt.asc">pgp</a></p></li>
 
-<li><p>Vulnerabilities with Windows directory aliases<br>Severity: medium<br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4963">CVE-2011-4963</a><br>Not vulnerable: 1.3.1+, 1.2.1+<br>Vulnerable: nginx/Windows 0.7.52-1.3.0</p></li>
+<li><p>Vulnerabilities with Windows directory aliases<br>Severity: medium<br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2011-4963">CVE-2011-4963</a><br>Not vulnerable: 1.3.1+, 1.2.1+<br>Vulnerable: nginx/Windows 0.7.52-1.3.0</p></li>
 
-<li><p>Buffer overflow in the ngx_http_mp4_module<br>Severity: <b>major</b><br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2089">CVE-2012-2089</a><br>Not vulnerable: 1.1.19+, 1.0.15+<br>Vulnerable: 1.1.3-1.1.18, 1.0.7-1.0.14<br><a href="/download/patch.2012.mp4.txt">The patch</a>  <a href="/download/patch.2012.mp4.txt.asc">pgp</a></p></li>
+<li><p>Buffer overflow in the ngx_http_mp4_module<br>Severity: <b>major</b><br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2012-2089">CVE-2012-2089</a><br>Not vulnerable: 1.1.19+, 1.0.15+<br>Vulnerable: 1.1.3-1.1.18, 1.0.7-1.0.14<br><a href="/download/patch.2012.mp4.txt">The patch</a>  <a href="/download/patch.2012.mp4.txt.asc">pgp</a></p></li>
 
-<li><p>Memory disclosure with specially crafted backend responses<br>Severity: <b>major</b><br><a href="http://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html">Advisory</a><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180">CVE-2012-1180</a><br>Not vulnerable: 1.1.17+, 1.0.14+<br>Vulnerable: 0.1.0-1.1.16<br><a href="/download/patch.2012.memory.txt">The patch</a>  <a href="/download/patch.2012.memory.txt.asc">pgp</a></p></li>
+<li><p>Memory disclosure with specially crafted backend responses<br>Severity: <b>major</b><br><a href="https://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html">Advisory</a><br><a href="https://www.cve.org/CVERecord?id=CVE-2012-1180">CVE-2012-1180</a><br>Not vulnerable: 1.1.17+, 1.0.14+<br>Vulnerable: 0.1.0-1.1.16<br><a href="/download/patch.2012.memory.txt">The patch</a>  <a href="/download/patch.2012.memory.txt.asc">pgp</a></p></li>
 
-<li><p>Buffer overflow in resolver<br>Severity: medium<br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4315">CVE-2011-4315</a><br>Not vulnerable: 1.1.8+, 1.0.10+<br>Vulnerable: 0.6.18-1.1.7</p></li>
+<li><p>Buffer overflow in resolver<br>Severity: medium<br><a href="https://www.cve.org/CVERecord?id=CVE-2011-4315">CVE-2011-4315</a><br>Not vulnerable: 1.1.8+, 1.0.10+<br>Vulnerable: 0.6.18-1.1.7</p></li>
 
-<li><p>Vulnerabilities with invalid UTF-8 sequence on Windows<br>Severity: <b>major</b><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2266">CVE-2010-2266</a><br>Not vulnerable: 0.8.41+, 0.7.67+<br>Vulnerable: nginx/Windows 0.7.52-0.8.40</p></li>
+<li><p>Vulnerabilities with invalid UTF-8 sequence on Windows<br>Severity: <b>major</b><br><a href="https://www.cve.org/CVERecord?id=CVE-2010-2266">CVE-2010-2266</a><br>Not vulnerable: 0.8.41+, 0.7.67+<br>Vulnerable: nginx/Windows 0.7.52-0.8.40</p></li>
 
-<li><p>Vulnerabilities with Windows file default stream<br>Severity: <b>major</b><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2263">CVE-2010-2263</a><br>Not vulnerable: 0.8.40+, 0.7.66+<br>Vulnerable: nginx/Windows 0.7.52-0.8.39</p></li>
+<li><p>Vulnerabilities with Windows file default stream<br>Severity: <b>major</b><br><a href="https://www.cve.org/CVERecord?id=CVE-2010-2263">CVE-2010-2263</a><br>Not vulnerable: 0.8.40+, 0.7.66+<br>Vulnerable: nginx/Windows 0.7.52-0.8.39</p></li>
 
 <li><p>Vulnerabilities with Windows 8.3 filename pseudonyms<br>Severity: <b>major</b><br><a href="http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities">CORE-2010-0121</a><br>Not vulnerable: 0.8.33+, 0.7.65+<br>Vulnerable: nginx/Windows 0.7.52-0.8.32</p></li>
 
-<li><p>An error log data are not sanitized<br>Severity: none<br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4487">CVE-2009-4487</a><br>Not vulnerable: none<br>Vulnerable: all</p></li>
+<li><p>An error log data are not sanitized<br>Severity: none<br><a href="https://www.cve.org/CVERecord?id=CVE-2009-4487">CVE-2009-4487</a><br>Not vulnerable: none<br>Vulnerable: all</p></li>
 
-<li><p>The renegotiation vulnerability in SSL protocol<br>Severity: <b>major</b><br><a href="http://www.kb.cert.org/vuls/id/120541">VU#120541</a>  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">CVE-2009-3555</a><br>Not vulnerable: 0.8.23+, 0.7.64+<br>Vulnerable: 0.1.0-0.8.22<br><a href="/download/patch.cve-2009-3555.txt">The patch</a>  <a href="/download/patch.cve-2009-3555.txt.asc">pgp</a></p></li>
+<li><p>The renegotiation vulnerability in SSL protocol<br>Severity: <b>major</b><br><a href="http://www.kb.cert.org/vuls/id/120541">VU#120541</a>  <a href="https://www.cve.org/CVERecord?id=CVE-2009-3555">CVE-2009-3555</a><br>Not vulnerable: 0.8.23+, 0.7.64+<br>Vulnerable: 0.1.0-0.8.22<br><a href="/download/patch.cve-2009-3555.txt">The patch</a>  <a href="/download/patch.cve-2009-3555.txt.asc">pgp</a></p></li>
 
-<li><p>Directory traversal vulnerability<br>Severity: minor<br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3898">CVE-2009-3898</a><br>Not vulnerable: 0.8.17+, 0.7.63+<br>Vulnerable: 0.1.0-0.8.16</p></li>
+<li><p>Directory traversal vulnerability<br>Severity: minor<br><a href="https://www.cve.org/CVERecord?id=CVE-2009-3898">CVE-2009-3898</a><br>Not vulnerable: 0.8.17+, 0.7.63+<br>Vulnerable: 0.1.0-0.8.16</p></li>
 
-<li><p>Buffer underflow vulnerability<br>Severity: <b>major</b><br><a href="http://www.kb.cert.org/vuls/id/180065">VU#180065</a>  <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629">CVE-2009-2629</a><br>Not vulnerable: 0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+<br>Vulnerable: 0.1.0-0.8.14<br><a href="/download/patch.180065.txt">The patch</a>  <a href="/download/patch.180065.txt.asc">pgp</a></p></li>
+<li><p>Buffer underflow vulnerability<br>Severity: <b>major</b><br><a href="http://www.kb.cert.org/vuls/id/180065">VU#180065</a>  <a href="https://www.cve.org/CVERecord?id=CVE-2009-2629">CVE-2009-2629</a><br>Not vulnerable: 0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+<br>Vulnerable: 0.1.0-0.8.14<br><a href="/download/patch.180065.txt">The patch</a>  <a href="/download/patch.180065.txt.asc">pgp</a></p></li>
 
-<li><p>Null pointer dereference vulnerability<br>Severity: <b>major</b><br><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3896">CVE-2009-3896</a><br>Not vulnerable: 0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+<br>Vulnerable: 0.1.0-0.8.13<br><a href="/download/patch.null.pointer.txt">The patch</a>  <a href="/download/patch.null.pointer.txt.asc">pgp</a></p></li>
+<li><p>Null pointer dereference vulnerability<br>Severity: <b>major</b><br><a href="https://www.cve.org/CVERecord?id=CVE-2009-3896">CVE-2009-3896</a><br>Not vulnerable: 0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+<br>Vulnerable: 0.1.0-0.8.13<br><a href="/download/patch.null.pointer.txt">The patch</a>  <a href="/download/patch.null.pointer.txt.asc">pgp</a></p></li>
 
 </ul></div></div></body></html>
diff --git a/vulnerabilities/tests/test_data/nginx/security_advisories.html.ABOUT b/vulnerabilities/tests/test_data/nginx/security_advisories.html.ABOUT
new file mode 100644
index 000000000..af2a44406
--- /dev/null
+++ b/vulnerabilities/tests/test_data/nginx/security_advisories.html.ABOUT
@@ -0,0 +1,2 @@
+date: 2024-08-09
+download_url: https://nginx.org/en/security_advisories.html

From be28af3c5f00aa321ee9f575a15bdd65de6a2196 Mon Sep 17 00:00:00 2001
From: Philippe Ombredanne <pombredanne@nexb.com>
Date: Fri, 9 Aug 2024 16:55:25 +0200
Subject: [PATCH 3/3] Check empty published_at before using  #1541

Otherwise the VulnerabilitySeverity.published_at data will be an invalid
"None" string.

Reference: https://github.com/nexB/vulnerablecode/issues/1541
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
---
 vulnerabilities/import_runner.py | 42 ++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 15 deletions(-)

diff --git a/vulnerabilities/import_runner.py b/vulnerabilities/import_runner.py
index d8f3f5102..4c8e26889 100644
--- a/vulnerabilities/import_runner.py
+++ b/vulnerabilities/import_runner.py
@@ -70,17 +70,23 @@ def do_import(self, advisories) -> None:
             if advisory.date_imported:
                 continue
             logger.info(f"Processing advisory: {advisory!r}")
+            advisory_data = None
+            inferences = None
             try:
-                inferences = advisory_importer.get_inferences(
-                    advisory_data=advisory.to_advisory_data()
-                )
+                advisory_data = advisory.to_advisory_data()
+                inferences = advisory_importer.get_inferences(advisory_data=advisory_data)
                 process_inferences(
                     inferences=inferences,
                     advisory=advisory,
                     improver_name=importer_name,
                 )
-            except Exception as e:
-                logger.info(f"Failed to process advisory: {advisory!r} with error {e!r}")
+            except Exception:
+                from pprint import pformat
+
+                logger.warning(
+                    f"Failed to process advisory:\n{pformat(advisory_data.to_dict())}\n\n"
+                    f"with error:\n{traceback_format_exc()}\n\n"
+                )
         logger.info("Finished importing using %s.", advisory_importer.__class__.qualified_name)
 
     def process_advisories(
@@ -181,17 +187,23 @@ def process_inferences(inferences: List[Inference], advisory: Advisory, improver
                 reference=reference,
                 vulnerability=vulnerability,
             )
-
+            updated = False
             for severity in ref.severities:
-                _vs, updated = VulnerabilitySeverity.objects.update_or_create(
-                    scoring_system=severity.system.identifier,
-                    reference=reference,
-                    defaults={
-                        "value": str(severity.value),
-                        "scoring_elements": str(severity.scoring_elements),
-                        "published_at": str(severity.published_at),
-                    },
-                )
+                try:
+                    published_at = str(severity.published_at) if severity.published_at else None
+                    _vs, updated = VulnerabilitySeverity.objects.update_or_create(
+                        scoring_system=severity.system.identifier,
+                        reference=reference,
+                        defaults={
+                            "value": str(severity.value),
+                            "scoring_elements": str(severity.scoring_elements),
+                            "published_at": published_at,
+                        },
+                    )
+                except:
+                    logger.error(
+                        f"Failed to create VulnerabilitySeverity for: {severity} with error:\n{traceback_format_exc()}"
+                    )
                 if updated:
                     logger.info(
                         f"Severity updated for reference {ref!r} to value: {severity.value!r} "