diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 6a27a246869e..ad0fba1ec554 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,255 +1,284 @@
+  <vuln vid="47bc292a-d472-11ef-aaab-7d43732cb6f5">
+    <topic>openvpn -- too long a username or password from a client can confuse openvpn servers</topic>
+    <affects>
+      <package>
+	<name>openvpn</name>
+	<range><lt>2.6.13</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Frank Lichtenheld reports:</p>
+	<blockquote cite="https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13">
+	  <p>[OpenVPN v2.6.13 ...] improve server-side handling of clients sending
+	    usernames or passwords longer than USER_PASS_LEN - this would not
+	    result in a crash, buffer overflow or other security issues, but the
+	    server would then misparse incoming IV variables and produce misleading
+	    error messages.</p>
+	</blockquote>
+       </body>
+    </description>
+    <references>
+      <url>https://github.com/OpenVPN/openvpn/releases/tag/v2.6.13</url>
+    </references>
+    <dates>
+      <discovery>2024-10-28</discovery>
+      <entry>2025-01-17</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="163edccf-d2ba-11ef-b10e-589cfc10a551">
     <topic>rsync -- Multiple security fixes</topic>
     <affects>
       <package>
 	<name>rsync</name>
 	<range><lt>3.4.0</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>rsync reports:</p>
 	<blockquote cite="https://kb.cert.org/vuls/id/952657">
 	  <p>This update includes multiple security fixes:</p>
 	  <ul>
 	    <li>CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing</li>
 	    <li>CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR</li>
 	    <li>CVE-2024-12086: Server leaks arbitrary client files</li>
 	    <li>CVE-2024-12087: Server can make client write files outside of destination directory using symbolic links</li>
 	    <li>CVE-2024-12088: --safe-links Bypass</li>
 	    <li>CVE-2024-12747: symlink race condition</li>
 	  </ul>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-12084</cvename>
       <cvename>CVE-2024-12085</cvename>
       <cvename>CVE-2024-12086</cvename>
       <cvename>CVE-2024-12087</cvename>
       <cvename>CVE-2024-12088</cvename>
       <cvename>CVE-2024-12747</cvename>
     </references>
     <dates>
       <discovery>2025-01-14</discovery>
       <entry>2025-01-14</entry>
     </dates>
   </vuln>
 
   <vuln vid="3445e4b6-d2b8-11ef-9ff3-43c2b5d6c4c8">
     <topic>git -- multiple vulnerabilities</topic>
     <affects>
       <package>
 	<name>git</name>
 	<name>git-cvs</name>
 	<name>git-gui</name>
 	<name>git-p4</name>
 	<name>git-svn</name>
 	<range><lt>2.48.1</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Git development team reports:</p>
 	<blockquote cite="https://lore.kernel.org/git/xmqq5xmh46oc.fsf@gitster.g/">
 	  <p>CVE-2024-50349: Printing unsanitized URLs when asking for credentials made the
 	  user susceptible to crafted URLs (e.g. in recursive clones) that
 	  mislead the user into typing in passwords for trusted sites that
 	  would then be sent to untrusted sites instead.</p>
 	  <p>CVE-2024-52006: Git may pass on Carriage Returns via the credential protocol to
 	  credential helpers which use line-reading functions that
 	  interpret said Carriage Returns as line endings, even though Git
 	  did not intend that.</p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-50349</cvename>
       <url>https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr</url>
       <cvename>CVE-2024-52006</cvename>
       <url>https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp</url>
     </references>
     <dates>
       <discovery>2024-10-29</discovery>
       <entry>2025-01-14</entry>
     </dates>
   </vuln>
 
   <vuln vid="5e2bd238-d2bb-11ef-bc0e-1c697a616631">
     <topic>keycloak -- Multiple security fixes</topic>
     <affects>
       <package>
 	<name>keycloak</name>
 	<range><lt>26.0.8</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Keycloak reports:</p>
 	<blockquote cite="https://www.keycloak.org/2024/11/keycloak-2606-released.html">
 	  <p>This update includes 2 security fixes:</p>
 	  <ul>
 	    <li>CVE-2024-11734: Unrestricted admin use of system and environment variables</li>
 	    <li>CVE-2024-11736: Denial of Service in Keycloak Server via Security Headers</li>
 	  </ul>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-11734</cvename>
       <cvename>CVE-2024-11736</cvename>
     </references>
     <dates>
       <discovery>2025-01-13</discovery>
       <entry>2025-01-13</entry>
      </dates>
   </vuln>
 
   <vuln vid="7624c151-d116-11ef-b232-b42e991fc52e">
     <topic>asterisk - path traversal</topic>
     <affects>
       <package>
 	<name>asterisk18</name>
 	<range><lt>18.26.20</lt></range>
       </package>
       <package>
 	<name>asterisk20</name>
 	<range><lt>20.11.0</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>cve@mitre.org reports:</p>
 	<blockquote cite="https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616">
 	  <p>An issue in the action_listcategories() function of Sangoma Asterisk
 	v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to
 	execute a path traversal.</p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-53566</cvename>
       <url>https://nvd.nist.gov/vuln/detail/CVE-2024-53566</url>
     </references>
     <dates>
       <discovery>2024-12-02</discovery>
       <entry>2025-01-12</entry>
     </dates>
   </vuln>
 
   <vuln vid="4d79fd1a-cc93-11ef-abed-08002784c58d">
     <topic>redis,valkey -- Denial-of-service valnerability due to malformed ACL selectors</topic>
     <affects>
       <package>
 	<name>redis</name>
 	<range><ge>7.0.0</ge><lt>7.4.2</lt></range>
       </package>
       <package>
 	<name>redis72</name>
 	<range><lt>7.2.7</lt></range>
       </package>
       <package>
 	<name>valkey</name>
 	<range><lt>8.0.2</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Redis core team reports:</p>
 	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9">
 	  <p>
 	    An authenticated with sufficient privileges may create a
 	    malformed ACL selector which, when accessed, triggers a
 	    server panic and subsequent denial of service.The problem
 	    exists in Redis 7.0.0 or newer.
 	  </p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-51741</cvename>
       <url>https://github.com/redis/redis/security/advisories/GHSA-prpq-rh5h-46g9</url>
     </references>
     <dates>
       <discovery>2025-01-06</discovery>
       <entry>2025-01-10</entry>
     </dates>
   </vuln>
 
   <vuln vid="5f19ac58-cc90-11ef-abed-08002784c58d">
     <topic>redis,valkey -- Remote code execution valnerability</topic>
     <affects>
       <package>
 	<name>redis</name>
 	<range><lt>7.4.2</lt></range>
       </package>
       <package>
 	<name>redis72</name>
 	<range><lt>7.2.7</lt></range>
       </package>
       <package>
 	<name>redis62</name>
 	<range><lt>6.2.17</lt></range>
       </package>
       <package>
 	<name>valkey</name>
 	<range><lt>8.0.2</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Redis core team reports:</p>
 	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c">
 	  <p>
 	    An authenticated user may use a specially crafted Lua
 	    script to manipulate the garbage collector and potentially
 	    lead to remote code execution. The problem exists in all
 	    versions of Redis with Lua scripting.
 	  </p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2024-46981</cvename>
       <url>https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c</url>
     </references>
     <dates>
       <discovery>2025-01-06</discovery>
       <entry>2025-01-10</entry>
     </dates>
   </vuln>
 
   <vuln vid="2bfde261-cdf2-11ef-b6b2-2cf05da270f3">
     <topic>Gitlab -- Vulnerabilities</topic>
     <affects>
       <package>
 	<name>gitlab-ce</name>
 	<name>gitlab-ee</name>
 	<range><ge>17.7.0</ge><lt>17.7.1</lt></range>
 	<range><ge>17.6.0</ge><lt>17.6.3</lt></range>
 	<range><ge>11.0.0</ge><lt>17.5.5</lt></range>
       </package>
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Gitlab reports:</p>
 	<blockquote cite="https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/">
 	  <p>Possible access token exposure in GitLab logs</p>
 	  <p>Cyclic reference of epics leads resource exhaustion</p>
 	  <p>Unauthorized user can manipulate status of issues in public projects</p>
 	  <p>Instance SAML does not respect external_provider configuration</p>
 	</blockquote>
 	</body>
     </description>
     <references>
       <cvename>CVE-2025-0194</cvename>
       <cvename>CVE-2024-6324</cvename>
       <cvename>CVE-2024-12431</cvename>
       <cvename>CVE-2024-13041</cvename>
       <url>https://about.gitlab.com/releases/2025/01/08/patch-release-gitlab-17-7-1-released/</url>
     </references>
     <dates>
       <discovery>2025-01-08</discovery>
       <entry>2025-01-08</entry>
     </dates>
   </vuln>