6 Pull requests merged by 5 people

• [GHSA-mrw8-5368-phm3] Contao allows admin an account to upload SVG file containing malicious JavaScript

  #5476 merged Apr 22, 2025

• [GHSA-6rqh-8465-2xcw] Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm

  #5473 merged Apr 21, 2025

• [GHSA-h4rr-f37j-4hh7] Mattermost Incorrect Authorization vulnerability

  #5472 merged Apr 21, 2025

• [GHSA-8qhq-rq4j-8prj] Elasticsearch Logstash allows remote attackers to execute arbitrary commands

  #5465 merged Apr 16, 2025

• [GHSA-8qhq-rq4j-8prj] Elasticsearch Logstash allows remote attackers to execute arbitrary commands

  #5464 merged Apr 16, 2025

• [GHSA-968p-4wvh-cqc8] Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups

  #5463 merged Apr 16, 2025

2 Pull requests opened by 2 people

• [GHSA-gc2p-g4fg-29vh] In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest...

  #5471 opened Apr 17, 2025

• [GHSA-gvwq-6fmx-28xm] node-opcua-alarm-condition prototype pollution vulnerability

  #5474 opened Apr 21, 2025

1 Issue closed by 1 person

• Possible false positive on logstash-event ruby gem for CVE-2014-4326 GHSA-8qhq-rq4j-8prj

  #5468 closed Apr 17, 2025

2 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [GHSA-3hhc-qp5v-9p2j] Active Record RCE bug with Serialized Columns

  #5416 commented on Apr 16, 2025 • 0 new comments

• [GHSA-g73c-fw68-pwx3] pgAdmin 4 Vulnerable to Remote Code Execution

  #5439 commented on Apr 21, 2025 • 0 new comments