Pulse · github/advisory-database · GitHub

June 7, 2025 – June 14, 2025

Overview

13 Active pull requests

1 Active issue
- 5 Merged pull requests
- 8 Open pull requests
- 1 Closed issue
- 0 New issues

Could not load contribution data

Please try again later

5 Pull requests merged by 5 people

[GHSA-2865-hh9g-w894] Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability
#5722 merged Jun 13, 2025
[GHSA-rf6q-vx79-mjxr] Undertow Uncontrolled Resource Consumption
#5715 merged Jun 12, 2025
[GHSA-v6h2-p8h4-qcjw] brace-expansion Regular Expression Denial of Service vulnerability
#5716 merged Jun 11, 2025
[GHSA-pfq8-rq6v-vf5m] kangax html-minifier REDoS vulnerability
#5695 merged Jun 11, 2025
[GHSA-cvx7-x8pj-x2gw] CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification
#5696 merged Jun 9, 2025

8 Pull requests opened by 7 people

[GHSA-9v35-4xcr-w9ph] NetBird uses a static initialization vector (IV)
#5714 opened Jun 11, 2025
[GHSA-4h8f-2wvx-gg5w] Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
#5717 opened Jun 12, 2025
[GHSA-h4j7-5rxr-p4wc] Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability
#5718 opened Jun 12, 2025
[GHSA-qvjc-g5vr-mfgr] Regular Expression Denial of Service in papaparse
#5719 opened Jun 13, 2025
[GHSA-6433-x5p4-8jc7] libxmljs vulnerable to type confusion when parsing specially crafted XML
#5720 opened Jun 13, 2025
Improve GHSA-274v-mgcv-cm8j
#5723 opened Jun 13, 2025
[GHSA-5rjg-fvgr-3xxf] setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write
#5724 opened Jun 14, 2025
[GHSA-mg49-jqgw-gcj6] libxmljs vulnerable to type confusion when parsing specially crafted XML
#5725 opened Jun 14, 2025

1 Issue closed by 1 person

Correction Required in GHSA-2pcj-76hj-xqhm Advisory
#5684 closed Jun 9, 2025

4 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

Advisory GHSA-g434-3q2j-hj4r lists incorrect fixed version
#5688 commented on Jun 11, 2025 • 0 new comments
[GHSA-6vhp-hp77-6w52] Trac HTML WikiProcessor cross-site scripting (XSS) vulnerability
#5636 commented on Jun 12, 2025 • 0 new comments
[GHSA-274v-mgcv-cm8j] Argo CD GitOps Engine does not scrub secret values from patch errors
#5689 commented on Jun 13, 2025 • 0 new comments
[GHSA-wrxf-x8rm-6ggg] Fluent Fluentd and Fluent-ui use default password
#5692 commented on Jun 10, 2025 • 0 new comments