8 Pull requests merged by 7 people

• [GHSA-9rw2-jf8x-cgwm] Flair allows arbitrary code execution

  #5498 merged May 2, 2025

• [GHSA-fjfg-q662-gm6j] Moderate severity vulnerability that affects rails

  #5497 merged May 1, 2025

• [GHSA-75v8-2h7p-7m2m] Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

  #5493 merged Apr 30, 2025

• [GHSA-j3g3-5qv5-52mj] net-imap rubygem vulnerable to possible DoS by memory exhaustion

  #5494 merged Apr 30, 2025

• [GHSA-733v-p3h5-qpq7] GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation

  #5490 merged Apr 29, 2025

• [GHSA-9gqv-wp59-fq42] http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed

  #5487 merged Apr 28, 2025

• [GHSA-4www-5p9h-95mh] http-proxy-middleware can call writeBody twice because "else if" is not used

  #5486 merged Apr 28, 2025

• [GHSA-3965-hpx2-q597] Pug allows JavaScript code execution if an application accepts untrusted input

  #5485 merged Apr 28, 2025

1 Pull request opened by 1 person

• [GHSA-hw58-3793-42gg] Keycloak hostname verification

  #5495 opened Apr 30, 2025

3 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [GHSA-fc9h-whq2-v747] Valid ECDSA signatures erroneously rejected in Elliptic

  #5442 commented on Apr 28, 2025 • 0 new comments

• [GHSA-gp8f-8m3g-qvj9] Next.js Cache Poisoning

  #5459 commented on Apr 30, 2025 • 0 new comments

• [GHSA-qjp7-gvrw-vxmf] An attacker authenticated as an administrator can use an...

  #5462 commented on May 1, 2025 • 0 new comments