diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index f202dc01a5e7..31f64ee98d38 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,178 +1,217 @@
+  <vuln vid="3445e4b6-d2b8-11ef-9ff3-43c2b5d6c4c8">
+    <topic>git -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>git</name>
+	<name>git-cvs</name>
+	<name>git-gui</name>
+	<name>git-p4</name>
+	<name>git-svn</name>
+	<range><lt>2.48.1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Git development team reports:</p>
+	<blockquote cite="https://lore.kernel.org/git/xmqq5xmh46oc.fsf@gitster.g/">
+	  <p>CVE-2024-50349: Printing unsanitized URLs when asking for credentials made the
+	  user susceptible to crafted URLs (e.g. in recursive clones) that
+	  mislead the user into typing in passwords for trusted sites that
+	  would then be sent to untrusted sites instead.</p>
+	  <p>CVE-2024-52006: Git may pass on Carriage Returns via the credential protocol to
+	  credential helpers which use line-reading functions that
+	  interpret said Carriage Returns as line endings, even though Git
+	  did not intend that.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2024-50349</cvename>
+      <url>https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr</url>
+      <cvename>CVE-2024-52006</cvename>
+      <url>https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp</url>
+    </references>
+    <dates>
+      <discovery>2024-10-29</discovery>
+      <entry>2025-01-14</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="7d7a28cd-7f5a-450a-852f-c49aaab3fa7e">
     <topic>keycloak -- Multiple security fixes</topic>
     <affects>
       <package>
         <name>keycloak</name>
         <range><lt>26.0.8</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>Keycloak reports:</p>
         <blockquote cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
           <p>This update includes 2 security fixes:</p>
           <ul>
             <li>CVE-2024-11734: Unrestricted admin use of system and environment variables</li>
             <li>CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers</li>
           </ul>
         </blockquote>
       </body>
     </description>
     <references>
       <cvename>CVE-2024-11734</cvename>
       <cvename>CVE-2024-11736</cvename>
     </references>
     <dates>
       <discovery>2025-01-13</discovery>
       <entry>2025-01-13</entry>
      </dates>
   </vuln>
 
   <vuln vid="7624c151-d116-11ef-b232-b42e991fc52e">
     <topic>asterisk - path traversal</topic>
     <affects>
       <package>
 	<name>asterisk18</name>
 	<range><lt>18.26.20</lt></range>
       </package>
       <package>
 	<name>asterisk20</name>
 	<range><lt>20.11.0</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>cve@mitre.org reports:</p>
 	<blockquote cite="https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616">
 	  <p>An issue in the action_listcategories() function of Sangoma Asterisk
 	v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to
 	execute a path traversal.</p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-53566</cvename>
       <url>https://nvd.nist.gov/vuln/detail/CVE-2024-53566</url>
     </references>
     <dates>
       <discovery>2024-12-02</discovery>
       <entry>2025-01-12</entry>
     </dates>
   </vuln>
 
   <vuln vid="4d79fd1a-cc93-11ef-abed-08002784c58d">
     <topic>redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors</topic>
     <affects>
       <package>
 	<name>redis</name>
 	<range><ge>7.0.0</ge><lt>7.4.2</lt></range>
       </package>
       <package>
 	<name>redis72</name>
 	<range><lt>7.2.7</lt></range>
       </package>
       <package>
 	<name>valkey</name>
 	<range><lt>8.0.2</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Redis core team reports:</p>
 	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9">
 	  <p>
 	    An authenticated with sufficient privileges may create a
 	    malformed ACL selector which, when accessed, triggers a
 	    server panic and subsequent denial of service.The problem
 	    exists in Redis 7.0.0 or newer.
 	  </p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-51741</cvename>
       <url>https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9</url>
     </references>
     <dates>
       <discovery>2025-01-06</discovery>
       <entry>2025-01-10</entry>
     </dates>
   </vuln>
 
   <vuln vid="5f19ac58-cc90-11ef-abed-08002784c58d">
     <topic>redis,valkey -- Remote code execution valnerability</topic>
     <affects>
       <package>
 	<name>redis</name>
 	<range><lt>7.4.2</lt></range>
       </package>
       <package>
 	<name>redis72</name>
 	<range><lt>7.2.7</lt></range>
       </package>
       <package>
 	<name>redis62</name>
 	<range><lt>6.2.17</lt></range>
       </package>
       <package>
 	<name>valkey</name>
 	<range><lt>8.0.2</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Redis core team reports:</p>
 	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c">
 	  <p>
 	    An authenticated user may use a specially crafted Lua
 	    script to manipulate the garbage collector and potentially
 	    lead to remote code execution. The problem exists in all
 	    versions of Redis with Lua scripting.
 	  </p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-46981</cvename>
       <url>https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c</url>
     </references>
     <dates>
       <discovery>2025-01-06</discovery>
       <entry>2025-01-10</entry>
     </dates>
   </vuln>
 
   <vuln vid="2bfde261-cdf2-11ef-b6b2-2cf05da270f3">
     <topic>Gitlab -- Vulnerabilities</topic>
     <affects>
       <package>
 	<name>gitlab-ce</name>
 	<name>gitlab-ee</name>
 	<range><ge>17.7.0</ge><lt>17.7.1</lt></range>
 	<range><ge>17.6.0</ge><lt>17.6.3</lt></range>
 	<range><ge>11.0.0</ge><lt>17.5.5</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Gitlab reports:</p>
 	<blockquote cite="https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/">
 	  <p>Possible access token exposure in GitLab logs</p>
 	  <p>Cyclic reference of epics leads resource exhaustion</p>
 	  <p>Unauthorized user can manipulate status of issues in public projects</p>
 	  <p>Instance SAML does not respect external_provider configuration</p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2025-0194</cvename>
       <cvename>CVE-2024-6324</cvename>
       <cvename>CVE-2024-12431</cvename>
       <cvename>CVE-2024-13041</cvename>
       <url>https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/</url>
     </references>
     <dates>
       <discovery>2025-01-08</discovery>
       <entry>2025-01-08</entry>
     </dates>
   </vuln>