19 Pull requests merged by 7 people

• [GHSA-7rxf-gvfg-47g4] Flask-CORS improper regex path matching vulnerability

  #5550 merged May 17, 2025

• [GHSA-43qf-4rqw-9q2g] Flask-CORS vulnerable to Improper Handling of Case Sensitivity

  #5549 merged May 17, 2025

• [GHSA-8vgw-p6qm-5gr7] Flask-CORS allows for inconsistent CORS matching

  #5548 merged May 17, 2025

• [GHSA-2qm5-r82g-5hcx] ThinkAdmin directory traversal vulnerability

  #5536 merged May 15, 2025

• [GHSA-r99q-hmqv-xw8w] Moodle Authenticated LFI risk in some misconfig…

  #5537 merged May 15, 2025

• [GHSA-8qwh-4vwv-7c5m] Moodle Cross-site Scripting (XSS)

  #5538 merged May 15, 2025

• [GHSA-68x5-4jg5-gjgg] Moodle CSRF risk in analytics management of models

  #5539 merged May 15, 2025

• [GHSA-xqhh-253w-4q5f] Moodle Cross-site Scripting (XSS)

  #5540 merged May 15, 2025

• [GHSA-gq9f-8rj4-w7jc] Moodle CSRF risk in admin preset tool management of presets

  #5541 merged May 15, 2025

• [GHSA-vvh5-7v3m-j3mj] Moodle Unsanitized HTML in site log for config_log_created

  #5542 merged May 15, 2025

• Update GHSA-9qgq-93c7-9hm4.json

  #5535 merged May 15, 2025

• [GHSA-4vp2-mj4m-69m4] ThinkAdmin insecure unserialize vulnerability

  #5534 merged May 15, 2025

• [GHSA-v47f-vp3p-5j6h] Cross-site scripting in ThinkAdmin

  #5533 merged May 15, 2025

• [GHSA-42mr-jpwh-m9rv] Linkerd resource exhaustion vulnerability

  #5527 merged May 15, 2025

• [GHSA-wq9g-9vfc-cfq9] Improper Handling of Highly Compressed Data (Data Amplification) in github.com/getkin/kin-openapi/openapi3filter

  #5546 merged May 15, 2025

• [GHSA-ff77-26x5-69cr] Apache Tomcat Rewrite rule bypass

  #5531 merged May 14, 2025

• [GHSA-ff77-26x5-69cr] Apache Tomcat Rewrite rule bypass

  #5530 merged May 14, 2025

• [GHSA-3p2h-wqq4-wf4h] Apache Tomcat Denial of Service via invalid HTTP priority header

  #5529 merged May 14, 2025

• [GHSA-hw58-3793-42gg] Keycloak hostname verification

  #5495 merged May 13, 2025

1 Issue closed by 1 person

• [nitpick] Ensure that the modified timestamp update is intentional and aligns with the overall metadata consistency for the advisory.

  #5544 closed May 15, 2025

2 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [GHSA-2c2h-2855-mf97] Apache Camel: Camel Message Header Injection via Improper Filtering

  #5477 commented on May 12, 2025 • 0 new comments

• [GHSA-c678-jfcj-6jmf] A vulnerability was found in PyTorch 2.6.0+cu124. It has...

  #5512 commented on May 12, 2025 • 0 new comments