Skip to content

Pull requests: github/advisory-database

New pull request New
196 Open 6,749 Closed
196 Open 6,749 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[GHSA-5xrq-8626-4rwp] When Vitest UI server is listening, arbitrary file can be read and executed
#7881 opened Jun 2, 2026 by qispark Loading…
1
[GHSA-799x-qp47-8qwq] Apache Airflow's EmailOperator and the underlying ...
#7879 opened Jun 2, 2026 by francisbergin Loading…
2
[GHSA-gxr4-xjj5-5px2] Potential XSS vulnerability in jQuery
#7877 opened Jun 2, 2026 by Athlon1600 Loading…
1
[GHSA-mx76-r943-rf8g] Bouncy Castle has a vulnerability in program files gcm128w, gcm512w
#7874 opened Jun 1, 2026 by discerningdev Loading…
[GHSA-q8mj-m7cp-5q26] qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set
#7873 opened Jun 1, 2026 by Lokeninfinitypoint Loading…
3
chore: introduced version in GHSA advisory
#7872 opened Jun 1, 2026 by jasonsaayman Loading…
1
[GHSA-xfvg-8v67-j7wp] TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload
#7871 opened Jun 1, 2026 by sdebacker Loading…
3
[GHSA-qhqw-rrw9-25rm] asyncmy is vulnerable to SQL injection via crafted dict keys
#7869 opened Jun 1, 2026 by JulianBriggs Loading…
[GHSA-rcjc-c4pj-xxrp] Apache Derby: LDAP injection vulnerability in authenticator
#7868 opened Jun 1, 2026 by theinfosecguy Loading…
[GHSA-rprw-h62v-c2w7] PyYAML insecurely deserializes YAML strings leading to arbitrary code execution
#7867 opened Jun 1, 2026 by theinfosecguy Loading…
[GHSA-6r7r-jj8h-pq6v] Deserialization of Untrusted Data in Jython
#7866 opened Jun 1, 2026 by theinfosecguy Loading…
[GHSA-9cp7-j3f8-p5jx] Daptin has Unauthenticated Path Traversal and Zip Slip
#7864 opened May 31, 2026 by cerquedai628-blip Loading…
1
[GHSA-5843-p793-ghmm] Spring Framework DoS with Multipart Temp Files in WebFlux
#7863 opened May 31, 2026 by yuki-matsuhashi Loading…
[GHSA-wg35-8jpf-2xv3] Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.
#7862 opened May 31, 2026 by yuki-matsuhashi Loading…
[GHSA-28qq-5f47-r5x2] gemini-mcp-tool execAsync Command Injection Remote Code...
#7859 opened May 30, 2026 by jamubc Loading…
1
[GHSA-5cv4-jp36-h3mw] Parsing arbitrary HTML can consume excessive CPU time,...
#7855 opened May 29, 2026 by joepurdy Loading…
[GHSA-29pf-2h5f-8g72] A critical remote code execution vulnerability exists in...
#7853 opened May 29, 2026 by aaronmaxlevy Loading…
Use Go +incompatible fixed version for GHSA-379P-37XC-Q963
#7852 opened May 29, 2026 by cookesan Loading…
Use Go +incompatible fixed version for GHSA-2J9C-76PP-XC5Q
#7851 opened May 29, 2026 by cookesan Loading…
Use Go pseudo-version for GHSA-WMWP-PGGC-H4MJ
#7850 opened May 29, 2026 by cookesan Loading…
Use Go pseudo-version for GHSA-VC3X-GX6C-G99F
#7849 opened May 29, 2026 by cookesan Loading…
Use Go pseudo-version for GHSA-RM8V-MXJ3-5RMQ
#7848 opened May 29, 2026 by cookesan Loading…
Use Go pseudo-version for GHSA-RJJM-X32P-M3F7
#7847 opened May 29, 2026 by cookesan Loading…
Use Go pseudo-version for GHSA-P55X-7X9V-Q8M4
#7846 opened May 29, 2026 by cookesan Loading…
Use Go pseudo-version for GHSA-J453-HM5X-C46W
#7845 opened May 29, 2026 by cookesan Loading…
ProTip! Follow long discussions with comments:>50.