16 Pull requests merged by 11 people

• [GHSA-x48g-hm9c-ww42] LlamaIndex SQL Injection vulnerability

  #5428 merged Apr 3, 2025

• [GHSA-62gw-3rmj-wmp2] High severity vulnerability that affects System.Management.Automation

  #5429 merged Apr 2, 2025

• [GHSA-h2rr-m97p-6jq9] Selenium Server (Grid) CSRF

  #5424 merged Apr 2, 2025

• [GHSA-4vmg-rw8f-92f9] PyTorch deserialization vulnerability

  #5426 merged Apr 2, 2025

• [GHSA-v2rr-fhv8-mx74] The wp-svg-upload WordPress plugin through 1.0.0 does not...

  #5423 merged Apr 1, 2025

• [GHSA-799q-f2px-wx8c] @alizeait/unflatto Prototype Pollution via exports.unflatto Method

  #5421 merged Apr 1, 2025

• [GHSA-j96r-xvjq-r9pg] activesupport vulnerable to Denial of Service via large XML document depth

  #5419 merged Mar 31, 2025

• [GHSA-46j2-xjgp-jrfm] Information disclosure issue in Active Resource

  #5418 merged Mar 31, 2025

• [GHSA-mhwp-qhpc-h3jm] SQL Injection in Active Record

  #5417 merged Mar 31, 2025

• [GHSA-8xww-x3g3-6jcv] ReDoS based DoS vulnerability in Action Dispatch

  #5415 merged Mar 31, 2025

• [GHSA-6phg-4wmq-h5h3] Frappe has possibility of SQL injection due to improper validations

  #5414 merged Mar 31, 2025

• [GHSA-g8m5-722r-8whq] Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

  #5408 merged Mar 28, 2025

• [GHSA-43mq-6xmg-29vm] Apache Struts file upload logic is flawed

  #5399 merged Mar 28, 2025

• [GHSA-xqgj-r6xv-9cw4] Dask Vulnerable to Command Injection

  #5412 merged Mar 28, 2025

• [GHSA-jr5f-v2jv-69x6] axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL

  #5411 merged Mar 28, 2025

• [GHSA-83qj-6fr2-vhqg] Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

  #5410 merged Mar 28, 2025

4 Pull requests opened by 4 people

• [GHSA-3hhc-qp5v-9p2j] Active Record RCE bug with Serialized Columns

  #5416 opened Mar 30, 2025

• [GHSA-mh63-6h87-95cp] jwt-go allows excessive memory allocation during header parsing

  #5427 opened Apr 2, 2025

• [GHSA-qq4x-c6h6-rfxh] aws-cdk-lib has Insertion of Sensitive Information into Log File vulnerability when using Cognito UserPoolClient Construct

  #5431 opened Apr 3, 2025

• [GHSA-hq92-6qrm-cxxj] The Appointment Booking Calendar — Simply Schedule...

  #5432 opened Apr 3, 2025

1 Issue closed by 1 person

• Revert PR #5064 and commit 6e7e76a42d0319eb4323c7e0e519d151ff5dccad

  #5413 closed Mar 31, 2025