1 Pull request merged by 1 person

• [GHSA-2865-hh9g-w894] Microsoft Security Advisory CVE-2025-24070: .NET Elevation of Privilege Vulnerability

  #5722 merged Jun 13, 2025

5 Pull requests opened by 4 people

• [GHSA-qvjc-g5vr-mfgr] Regular Expression Denial of Service in papaparse

  #5719 opened Jun 13, 2025

• [GHSA-6433-x5p4-8jc7] libxmljs vulnerable to type confusion when parsing specially crafted XML

  #5720 opened Jun 13, 2025

• Improve GHSA-274v-mgcv-cm8j

  #5723 opened Jun 13, 2025

• [GHSA-5rjg-fvgr-3xxf] setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write

  #5724 opened Jun 14, 2025

• [GHSA-mg49-jqgw-gcj6] libxmljs vulnerable to type confusion when parsing specially crafted XML

  #5725 opened Jun 14, 2025

3 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [GHSA-274v-mgcv-cm8j] Argo CD GitOps Engine does not scrub secret values from patch errors

  #5689 commented on Jun 13, 2025 • 0 new comments

• [GHSA-9v35-4xcr-w9ph] NetBird uses a static initialization vector (IV)

  #5714 commented on Jun 14, 2025 • 0 new comments

• [GHSA-4h8f-2wvx-gg5w] Bouncy Castle Java Cryptography API vulnerable to DNS poisoning

  #5717 commented on Jun 14, 2025 • 0 new comments