18 Pull requests merged by 6 people

• [GHSA-7rxf-gvfg-47g4] Flask-CORS improper regex path matching vulnerability

  #5550 merged May 17, 2025

• [GHSA-43qf-4rqw-9q2g] Flask-CORS vulnerable to Improper Handling of Case Sensitivity

  #5549 merged May 17, 2025

• [GHSA-8vgw-p6qm-5gr7] Flask-CORS allows for inconsistent CORS matching

  #5548 merged May 17, 2025

• [GHSA-2qm5-r82g-5hcx] ThinkAdmin directory traversal vulnerability

  #5536 merged May 15, 2025

• [GHSA-r99q-hmqv-xw8w] Moodle Authenticated LFI risk in some misconfig…

  #5537 merged May 15, 2025

• [GHSA-8qwh-4vwv-7c5m] Moodle Cross-site Scripting (XSS)

  #5538 merged May 15, 2025

• [GHSA-68x5-4jg5-gjgg] Moodle CSRF risk in analytics management of models

  #5539 merged May 15, 2025

• [GHSA-xqhh-253w-4q5f] Moodle Cross-site Scripting (XSS)

  #5540 merged May 15, 2025

• [GHSA-gq9f-8rj4-w7jc] Moodle CSRF risk in admin preset tool management of presets

  #5541 merged May 15, 2025

• [GHSA-vvh5-7v3m-j3mj] Moodle Unsanitized HTML in site log for config_log_created

  #5542 merged May 15, 2025

• Update GHSA-9qgq-93c7-9hm4.json

  #5535 merged May 15, 2025

• [GHSA-4vp2-mj4m-69m4] ThinkAdmin insecure unserialize vulnerability

  #5534 merged May 15, 2025

• [GHSA-v47f-vp3p-5j6h] Cross-site scripting in ThinkAdmin

  #5533 merged May 15, 2025

• [GHSA-42mr-jpwh-m9rv] Linkerd resource exhaustion vulnerability

  #5527 merged May 15, 2025

• [GHSA-wq9g-9vfc-cfq9] Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

  #5546 merged May 15, 2025

• [GHSA-ff77-26x5-69cr] Apache Tomcat Rewrite rule bypass

  #5531 merged May 14, 2025

• [GHSA-ff77-26x5-69cr] Apache Tomcat Rewrite rule bypass

  #5530 merged May 14, 2025

• [GHSA-3p2h-wqq4-wf4h] Apache Tomcat Denial of Service via invalid HTTP priority header

  #5529 merged May 14, 2025

31 Pull requests opened by 6 people

• [GHSA-mrrh-fwg8-r2c3] tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.

  #5560 opened May 19, 2025

• [GHSA-fxpc-qmrh-7j2h] The tarteaucitron-wp WordPress plugin before 0.3.0 allows...

  #5561 opened May 19, 2025

• [GHSA-fvjp-r2gf-q2qc] The Frontend Dashboard plugin for WordPress is vulnerable...

  #5562 opened May 19, 2025

• [GHSA-pq67-2wwv-3xjx] tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File

  #5563 opened May 19, 2025

• Update GHSA-mcrp-whpw-jp68.json for a new patch link

  #5566 opened May 20, 2025

• Update GHSA-hf3r-vmrv-7w29.json

  #5567 opened May 20, 2025

• Update GHSA-6w4x-gcx3-8p7v.json for adding a new patch

  #5568 opened May 20, 2025

• Update GHSA-qcgg-j2x8-h9g8.json with 3 new patch commits

  #5569 opened May 20, 2025

• Update GHSA-5chr-fjjv-38qv.json with two new patches

  #5570 opened May 20, 2025

• Update GHSA-cjfr-9f5r-3q93.json

  #5571 opened May 20, 2025

• Update GHSA-x88g-h956-m5xg.json with two new patches

  #5572 opened May 20, 2025

• Update GHSA-4mjq-hx99-8pp5.json to add two new patches for the same vulnerability

  #5573 opened May 20, 2025

• Update GHSA-4hv5-rh3v-rr4g.json with a new supplementary fix

  #5574 opened May 20, 2025

• Update GHSA-j8c8-67vp-6mx7.json with a new supplementary fix patch

  #5575 opened May 20, 2025

• Update GHSA-4g9f-63rx-5cw4.json with a new supplementary fix patch

  #5576 opened May 20, 2025

• Update GHSA-qh32-6jjc-qprm.json with three new supplementary fix patches

  #5577 opened May 20, 2025

• Update GHSA-c9f3-9wfr-wgh7.json with a new supplementary fix patch

  #5578 opened May 20, 2025

• Update GHSA-hph9-9vcq-f7gp.json with a new supplementary fix patch

  #5579 opened May 20, 2025

• Update GHSA-c5x2-p679-95wc.json with two new supplementary fix patches

  #5580 opened May 20, 2025

• Update GHSA-cpf4-wx82-gxp6.json with a new supplementary fix patch

  #5581 opened May 20, 2025

• Update GHSA-pxrw-j2fv-hx3h.json with a new supplementary fix patch

  #5582 opened May 20, 2025

• Update GHSA-9p77-mmrw-69c7.json with three new supplementary fix patches

  #5583 opened May 20, 2025

• Update GHSA-75f6-78jr-4656.json with five new supplementary fix patches

  #5584 opened May 20, 2025

• Update GHSA-wp3c-xw9g-gpcg.json with three new supplementary fix patches

  #5585 opened May 20, 2025

• Update GHSA-3w67-q784-6w7c.json with a new supplementary fix patch

  #5586 opened May 20, 2025

• Update GHSA-rhrq-64mq-hf9h.json with a new supplementary fix patch

  #5587 opened May 20, 2025

• Update GHSA-mg66-qvc5-rm93.json with a new supplementary fix patch

  #5588 opened May 20, 2025

• Update GHSA-2r2f-g8mw-9gvr.json with a new supplementary fix patch

  #5589 opened May 20, 2025

• Update GHSA-97p7-w86h-vcf9.json with two new supplementary fix patches

  #5590 opened May 20, 2025

• Update GHSA-x989-q2pq-4q5x.json with a new supplementary fix patch

  #5591 opened May 20, 2025

• Update GHSA-2cpx-427x-q2c6.json with a new supplementary fix patch

  #5592 opened May 20, 2025

3 Issues closed by 2 people

• Learn more about Google Play services for Auto-Fill with Google

  #5555 closed May 20, 2025

• Ip address

  #5559 closed May 20, 2025

• [nitpick] Ensure that the modified timestamp update is intentional and aligns with the overall metadata consistency for the advisory.

  #5544 closed May 15, 2025

1 Unresolved conversation

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [GHSA-c678-jfcj-6jmf] A vulnerability was found in PyTorch 2.6.0+cu124. It has...

  #5512 commented on May 18, 2025 • 0 new comments