-
Notifications
You must be signed in to change notification settings - Fork 373
Insights: github/advisory-database
Overview
Could not load contribution data
Please try again later
41 Pull requests merged by 37 people
-
[GHSA-qq5c-677p-737q] Symfony vulnerable to command execution hijack on Windows with Process class
#5343 merged
Mar 7, 2025 -
[GHSA-22h5-pq3x-2gf2] URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+
#5341 merged
Mar 4, 2025 -
[GHSA-phg3-gv66-q38x] Quarkus REST Endpoint Request Parameter Leakage Due to Shared Instance
#5317 merged
Feb 28, 2025 -
[GHSA-mr75-899x-qcxq] Revising CVSS 3.x Confidentiality (C) Rating from High (H) to Low (L)
#5203 merged
Feb 25, 2025 -
[GHSA-wcx3-63mm-h8x6] MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability
#5310 merged
Feb 25, 2025 -
[GHSA-9442-gm4v-r222] Undertow's url-encoded request path information can be broken on ajp-listener
#5311 merged
Feb 24, 2025 -
[GHSA-jpxc-vmjf-9fcj] Ansible vulnerable to Insertion of Sensitive Information into Log File
#5307 merged
Feb 24, 2025 -
[GHSA-qf6m-6m4g-rmrc] Mautic has insufficient authentication in upgrade flow
#5305 merged
Feb 21, 2025 -
[GHSA-76p7-773f-r4q5] Cross-site Scripting (XSS) in serialize-javascript
#5306 merged
Feb 21, 2025 -
[GHSA-pc47-g7gv-4gpw] @rpldy/uploader prototype pollution
#5304 merged
Feb 21, 2025 -
[GHSA-2rmj-mq67-h97g] Spring Framework DoS via conditional HTTP request
#5303 merged
Feb 21, 2025 -
[GHSA-ggv3-vmgw-xv2q] @tanstack/form-core prototype pollution
#5301 merged
Feb 20, 2025 -
[GHSA-vq52-99r9-h5pw] Server-side Request Forgery (SSRF) in hackney
#5300 merged
Feb 20, 2025 -
[GHSA-32h7-7j94-8fc2] Mattermost vulnerable to denial of service via large number of emoji reactions
#5296 merged
Feb 19, 2025 -
[GHSA-389x-839f-4rhx] Denial of Service attack on windows app using Netty
#5297 merged
Feb 19, 2025 -
[GHSA-389x-839f-4rhx] Denial of Service attack on windows app using Netty
#5295 merged
Feb 19, 2025 -
[GHSA-389x-839f-4rhx] Denial of Service attack on windows app using Netty
#5287 merged
Feb 19, 2025 -
[GHSA-7r32-vfj5-c2jv] Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
#5281 merged
Feb 18, 2025 -
Update GHSA-xq3w-v528-46rv.json
#5285 merged
Feb 18, 2025 -
[GHSA-7g2v-jj9q-g3rg] Possible Log Injection in Rack::CommonLogger
#5290 merged
Feb 18, 2025 -
[GHSA-7g2v-jj9q-g3rg] Possible Log Injection in Rack::CommonLogger
#5289 merged
Feb 18, 2025 -
[GHSA-7g2v-jj9q-g3rg] Possible Log Injection in Rack::CommonLogger
#5288 merged
Feb 18, 2025 -
[GHSA-7g2v-jj9q-g3rg] Possible Log Injection in Rack::CommonLogger
#5278 merged
Feb 18, 2025 -
[GHSA-389x-839f-4rhx] Denial of Service attack on windows app using Netty
#5276 merged
Feb 14, 2025 -
[GHSA-wrfc-pvp9-mr9g] Deserialization of Untrusted Data in Hugging Face Transformers
#5275 merged
Feb 13, 2025 -
[GHSA-qxrp-vhvm-j765] Deserialization of Untrusted Data in Hugging Face Transformers
#5274 merged
Feb 13, 2025 -
[GHSA-hxxf-235m-72v3] Deserialization of Untrusted Data in Hugging Face Transformers
#5273 merged
Feb 13, 2025 -
[GHSA-572q-86rr-5vgq] Umbraco Rich Text Display allows Cross-Site Scripting
#5270 merged
Feb 13, 2025 -
[GHSA-fppq-f2m6-xv5c] Improper Authorization vulnerability in Magento and Adobe Commerce
#5271 merged
Feb 13, 2025 -
[GHSA-58fx-7v9q-3g56] ArgoCD Namespace Isolation Break
#5269 merged
Feb 13, 2025 -
[GHSA-fppq-f2m6-xv5c] Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8,...
#5267 merged
Feb 12, 2025 -
[GHSA-pq2g-wx69-c263] Netplex Json-smart Uncontrolled Recursion vulnerability
#5257 merged
Feb 12, 2025 -
[GHSA-crg9-44h2-xw35] Apache ActiveMQ is vulnerable to Remote Code Execution
#5266 merged
Feb 12, 2025 -
[GHSA-248v-346w-9cwc] Certifi removes GLOBALTRUST root certificate
#5261 merged
Feb 11, 2025 -
[GHSA-pmf4-v838-29hg] Directus allows privilege escalation using Share feature
#5264 merged
Feb 11, 2025 -
[GHSA-cpfx-964w-4jvp] The SAP Approuter Node.js package version v16.7.1 and...
#5258 merged
Feb 11, 2025 -
[GHSA-2363-cqg2-863c] XML External Entity (XXE) Injection in JDOM
#5256 merged
Feb 10, 2025
3 Pull requests opened by 3 people
-
[GHSA-5357-c2jx-v7qh] Authlib has algorithm confusion with asymmetric public keys
#5262 opened
Feb 11, 2025 -
[GHSA-9w7j-q3xw-p9vh] Hyperledger Fabric subject to Denial of Service via non-validated request
#5272 opened
Feb 13, 2025 -
Update GHSA-4x9r-j582-cgr8.json fixed versions
#5277 opened
Feb 14, 2025
10 Issues closed by 2 people
-
Remove GHSA-9cf5-3q4m-6qh3 as we believe it was created in error
#5342 closed
Mar 6, 2025 -
Transfer status 1 {i} OWNER CHRISTOPHER CRAIG BANKS
#5340 closed
Mar 4, 2025 -
Bug 🐛
#5282 closed
Mar 3, 2025 -
Formula tag
#5265 closed
Mar 3, 2025 -
Project Google play ▶️
#5280 closed
Mar 3, 2025 -
Strange references in GHSA-wg9m-gw3h-hg83 and GHSA-jmrx-5g74-6v2f
#5316 closed
Mar 3, 2025 -
I NEED FUKN HELP NOWAW
#5326 closed
Mar 3, 2025 -
GHSA-32vw-r77c-gm67 doesn't have "summary" field
#5312 closed
Feb 26, 2025 -
Incorrect metadata on GHSA-688c-gxc8-6xqp
#5248 closed
Feb 12, 2025 -
Magento vulnerabilities should cover the `magento/project-community-edition` package as well
#5245 closed
Feb 10, 2025
1 Issue opened by 1 person
-
Screenshot (Mar 8, 2025 4:38:43 PM)
#5345 opened
Mar 8, 2025
3 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
Request to review GHSA-gwr8-m965-83p4
#4336 commented on
Feb 23, 2025 • 0 new comments -
Add support for purl
#10 commented on
Feb 27, 2025 • 0 new comments -
GHSA-9cxr-76pm-j3wf: more accurate version ranges
#5234 commented on
Feb 13, 2025 • 0 new comments