19 Pull requests merged by 7 people

• [GHSA-7rxf-gvfg-47g4] Flask-CORS improper regex path matching vulnerability

  #5550 merged May 17, 2025

• [GHSA-43qf-4rqw-9q2g] Flask-CORS vulnerable to Improper Handling of Case Sensitivity

  #5549 merged May 17, 2025

• [GHSA-8vgw-p6qm-5gr7] Flask-CORS allows for inconsistent CORS matching

  #5548 merged May 17, 2025

• [GHSA-2qm5-r82g-5hcx] ThinkAdmin directory traversal vulnerability

  #5536 merged May 15, 2025

• [GHSA-r99q-hmqv-xw8w] Moodle Authenticated LFI risk in some misconfig…

  #5537 merged May 15, 2025

• [GHSA-8qwh-4vwv-7c5m] Moodle Cross-site Scripting (XSS)

  #5538 merged May 15, 2025

• [GHSA-68x5-4jg5-gjgg] Moodle CSRF risk in analytics management of models

  #5539 merged May 15, 2025

• [GHSA-xqhh-253w-4q5f] Moodle Cross-site Scripting (XSS)

  #5540 merged May 15, 2025

• [GHSA-gq9f-8rj4-w7jc] Moodle CSRF risk in admin preset tool management of presets

  #5541 merged May 15, 2025

• [GHSA-vvh5-7v3m-j3mj] Moodle Unsanitized HTML in site log for config_log_created

  #5542 merged May 15, 2025

• Update GHSA-9qgq-93c7-9hm4.json

  #5535 merged May 15, 2025

• [GHSA-4vp2-mj4m-69m4] ThinkAdmin insecure unserialize vulnerability

  #5534 merged May 15, 2025

• [GHSA-v47f-vp3p-5j6h] Cross-site scripting in ThinkAdmin

  #5533 merged May 15, 2025

• [GHSA-42mr-jpwh-m9rv] Linkerd resource exhaustion vulnerability

  #5527 merged May 15, 2025

• [GHSA-wq9g-9vfc-cfq9] Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

  #5546 merged May 15, 2025

• [GHSA-ff77-26x5-69cr] Apache Tomcat Rewrite rule bypass

  #5531 merged May 14, 2025

• [GHSA-ff77-26x5-69cr] Apache Tomcat Rewrite rule bypass

  #5530 merged May 14, 2025

• [GHSA-3p2h-wqq4-wf4h] Apache Tomcat Denial of Service via invalid HTTP priority header

  #5529 merged May 14, 2025

• [GHSA-hw58-3793-42gg] Keycloak hostname verification

  #5495 merged May 13, 2025

4 Pull requests opened by 4 people

• Update GHSA-f432-537h-hwj6 with a new patch

  #5557 opened May 19, 2025

• [GHSA-7cx3-6m66-7c5m] Tornado vulnerable to excessive logging caused by malformed multipart form data

  #5558 opened May 19, 2025

• [GHSA-mrrh-fwg8-r2c3] tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.

  #5560 opened May 19, 2025

• [GHSA-fxpc-qmrh-7j2h] The tarteaucitron-wp WordPress plugin before 0.3.0 allows...

  #5561 opened May 19, 2025

1 Issue closed by 1 person

• [nitpick] Ensure that the modified timestamp update is intentional and aligns with the overall metadata consistency for the advisory.

  #5544 closed May 15, 2025

2 Issues opened by 1 person

• Ip address

  #5559 opened May 19, 2025

• Learn more about Google Play services for Auto-Fill with Google

  #5555 opened May 18, 2025

1 Unresolved conversation

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [GHSA-c678-jfcj-6jmf] A vulnerability was found in PyTorch 2.6.0+cu124. It has...

  #5512 commented on May 18, 2025 • 0 new comments