From b69b60bc4b08f5099351c96931bef03a6af692e9 Mon Sep 17 00:00:00 2001
From: Kelby Ludwig <kelbyludwig@gmail.com>
Date: Fri, 13 Mar 2026 15:33:34 -0500
Subject: [PATCH 1/4] Update PYSEC-2025-70

From the fix:
https://github.com/langchain-ai/langchain/pull/18697/changes

It does appear that the fix was to change RequestsToolkit initialization
to require an explicit opt-into "dangerous" behavior so I've scoped the
import there.
---
 vulns/langchain-community/PYSEC-2025-70.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/vulns/langchain-community/PYSEC-2025-70.yaml b/vulns/langchain-community/PYSEC-2025-70.yaml
index 8bb55519..6c57b062 100644
--- a/vulns/langchain-community/PYSEC-2025-70.yaml
+++ b/vulns/langchain-community/PYSEC-2025-70.yaml
@@ -26,6 +26,11 @@ affected:
     events:
     - introduced: "0"
     - fixed: 0.0.28
+  ecosystem_specific:
+    imports:
+      - attribute: RequestsToolkit
+        modules:
+          - langchain_community.agent_toolkits.openapi.toolkit
   versions:
   - 0.0.1
   - 0.0.10

From e5eac3cb6de84872a1c4733def1ba4a630bab5a5 Mon Sep 17 00:00:00 2001
From: Kelby Ludwig <kelbyludwig@gmail.com>
Date: Fri, 13 Mar 2026 15:46:17 -0500
Subject: [PATCH 2/4] Update PYSEC-2025-65

The linked fix:

https://github.com/run-llama/llama_index/commit/cdeaab91a204d1c3527f177dac37390327aef274#diff-36053ee3f29c57f74fbd3d7bf920633fadb93f8eff85251d95dd707bb4d929b9

The additional validation is done in intialization of ImageDocument.
---
 vulns/llama-index/PYSEC-2025-65.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/vulns/llama-index/PYSEC-2025-65.yaml b/vulns/llama-index/PYSEC-2025-65.yaml
index f3cb14f8..580652d5 100644
--- a/vulns/llama-index/PYSEC-2025-65.yaml
+++ b/vulns/llama-index/PYSEC-2025-65.yaml
@@ -25,6 +25,11 @@ affected:
     events:
     - introduced: 0.12.27
     - fixed: 0.12.41
+  ecosystem_specific:
+    imports:
+      - attribute: ImageDocument
+        modules:
+          - llama_index.core.schema
   versions:
   - 0.12.27
   - 0.12.28

From 24ef31fc1e68ac09c77a104387fcb728cf61a68e Mon Sep 17 00:00:00 2001
From: Kelby Ludwig <kelbyludwig@gmail.com>
Date: Fri, 13 Mar 2026 15:56:26 -0500
Subject: [PATCH 3/4] Update PYSEC-2025-61.yaml

The fix commit:

https://github.com/python-pillow/Pillow/pull/9041/changes

The advisory mentions this affects "users who save untrusted data". I
believe the test `test_save_large_file` is aiming to exercise the
vulnerable codepath. It does so by calling `.save` on a PIL.Image.Image
object (Generated by the `hopper` helper:

https://github.com/radarhere/Pillow/blob/8cd86b63626259d70b50545fabb554924ed3bd8a/Tests/helper.py#L254
)
---
 vulns/pillow/PYSEC-2025-61.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/vulns/pillow/PYSEC-2025-61.yaml b/vulns/pillow/PYSEC-2025-61.yaml
index ecaf89e9..a16c1b32 100644
--- a/vulns/pillow/PYSEC-2025-61.yaml
+++ b/vulns/pillow/PYSEC-2025-61.yaml
@@ -17,6 +17,11 @@ affected:
   versions:
   - 11.2.0
   - 11.2.1
+  ecosystem_specific:
+    imports:
+      - attribute: save
+        modules:
+          - PIL.Image
 aliases:
 - CVE-2025-48379
 - GHSA-xg8h-j46f-w952

From 2d729e014bac517da58dfc4770a2ed77500853d7 Mon Sep 17 00:00:00 2001
From: Kelby Ludwig <kelbyludwig@gmail.com>
Date: Fri, 13 Mar 2026 16:10:33 -0500
Subject: [PATCH 4/4] Add additional schema validation

---
 .github/ecosystem-specific-schema.json | 51 ++++++++++++++++++++++++++
 .pre-commit-config.yaml                |  4 ++
 2 files changed, 55 insertions(+)
 create mode 100644 .github/ecosystem-specific-schema.json

diff --git a/.github/ecosystem-specific-schema.json b/.github/ecosystem-specific-schema.json
new file mode 100644
index 00000000..8e11f607
--- /dev/null
+++ b/.github/ecosystem-specific-schema.json
@@ -0,0 +1,51 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "title": "ecosystem_specific schema validation",
+  "description": "Validates the ecosystem_specific field in PYSEC advisory entries",
+  "type": "object",
+  "properties": {
+    "affected": {
+      "type": "array",
+      "items": {
+        "type": "object",
+        "properties": {
+          "ecosystem_specific": {
+            "$ref": "#/$defs/ecosystem_specific"
+          }
+        }
+      }
+    }
+  },
+  "$defs": {
+    "ecosystem_specific": {
+      "type": "object",
+      "required": ["imports"],
+      "additionalProperties": false,
+      "properties": {
+        "imports": {
+          "type": "array",
+          "minItems": 1,
+          "items": {
+            "type": "object",
+            "required": ["attribute", "modules"],
+            "additionalProperties": false,
+            "properties": {
+              "attribute": {
+                "type": "string",
+                "minLength": 1
+              },
+              "modules": {
+                "type": "array",
+                "minItems": 1,
+                "items": {
+                  "type": "string",
+                  "minLength": 1
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 5368cde0..727aff35 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -5,6 +5,10 @@ repos:
   - id: check-jsonschema
     files: "^vulns/[a-z0-9_-]+/.+\\.yaml"
     args: [--schemafile, "https://raw.githubusercontent.com/ossf/osv-schema/refs/tags/v1.6.7/validation/schema.json", --no-cache]
+  - id: check-jsonschema
+    name: validate ecosystem_specific
+    files: "^vulns/[a-z0-9_-]+/.+\\.yaml"
+    args: [--schemafile, ".github/ecosystem-specific-schema.json"]
 - repo: https://github.com/jackdewinter/pymarkdown
   rev: v0.9.25
   hooks: