13 Pull requests merged by 2 people

• [GHSA-7rxf-gvfg-47g4] Flask-CORS improper regex path matching vulnerability

  #5550 merged May 17, 2025

• [GHSA-43qf-4rqw-9q2g] Flask-CORS vulnerable to Improper Handling of Case Sensitivity

  #5549 merged May 17, 2025

• [GHSA-8vgw-p6qm-5gr7] Flask-CORS allows for inconsistent CORS matching

  #5548 merged May 17, 2025

• [GHSA-2qm5-r82g-5hcx] ThinkAdmin directory traversal vulnerability

  #5536 merged May 15, 2025

• [GHSA-r99q-hmqv-xw8w] Moodle Authenticated LFI risk in some misconfig…

  #5537 merged May 15, 2025

• [GHSA-8qwh-4vwv-7c5m] Moodle Cross-site Scripting (XSS)

  #5538 merged May 15, 2025

• [GHSA-68x5-4jg5-gjgg] Moodle CSRF risk in analytics management of models

  #5539 merged May 15, 2025

• [GHSA-xqhh-253w-4q5f] Moodle Cross-site Scripting (XSS)

  #5540 merged May 15, 2025

• [GHSA-gq9f-8rj4-w7jc] Moodle CSRF risk in admin preset tool management of presets

  #5541 merged May 15, 2025

• [GHSA-vvh5-7v3m-j3mj] Moodle Unsanitized HTML in site log for config_log_created

  #5542 merged May 15, 2025

• Update GHSA-9qgq-93c7-9hm4.json

  #5535 merged May 15, 2025

• [GHSA-4vp2-mj4m-69m4] ThinkAdmin insecure unserialize vulnerability

  #5534 merged May 15, 2025

• [GHSA-v47f-vp3p-5j6h] Cross-site scripting in ThinkAdmin

  #5533 merged May 15, 2025

1 Issue closed by 1 person

• [nitpick] Ensure that the modified timestamp update is intentional and aligns with the overall metadata consistency for the advisory.

  #5544 closed May 15, 2025

1 Issue opened by 1 person

• Learn more about Google Play services for Auto-Fill with Google

  #5555 opened May 18, 2025

1 Unresolved conversation

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [GHSA-c678-jfcj-6jmf] A vulnerability was found in PyTorch 2.6.0+cu124. It has...

  #5512 commented on May 18, 2025 • 0 new comments