9 Pull requests merged by 9 people

• [GHSA-5m48-vr54-vmh3] jersey: XXE via parameter entities not disabled by the...

  #5735 merged Jun 19, 2025

• [GHSA-qvhf-3567-pc4v] Sandbox bypass vulnerability in Script Security Plugin

  #5732 merged Jun 19, 2025

• [GHSA-2hcm-q3f4-fjgw] Arbitrary file write as the OSV-SCALIBR user on the host...

  #5729 merged Jun 18, 2025

• [GHSA-wgc6-9f6w-h8hx] microlight allows a denial of service

  #5730 merged Jun 18, 2025

• [GHSA-887c-mr87-cxwp] PyTorch Improper Resource Shutdown or Release vulnerability

  #5728 merged Jun 17, 2025

• Improve GHSA-274v-mgcv-cm8j

  #5723 merged Jun 17, 2025

• [GHSA-274v-mgcv-cm8j] Argo CD GitOps Engine does not scrub secret values from patch errors

  #5689 merged Jun 17, 2025

• [GHSA-qvjc-g5vr-mfgr] Regular Expression Denial of Service in papaparse

  #5719 merged Jun 16, 2025

• [GHSA-h4j7-5rxr-p4wc] Microsoft.Build.Tasks.Core .NET Spoofing Vulnerability

  #5718 merged Jun 16, 2025

2 Issues closed by 2 people

• false-positive on multiple packages

  #5736 closed Jun 19, 2025

• Advisory GHSA-g434-3q2j-hj4r lists incorrect fixed version

  #5688 closed Jun 17, 2025

2 Issues opened by 2 people

• question: how handle `affected[].ranges[].events` + `affectedversions-field`

  #5734 opened Jun 19, 2025

• Include Mend.io database

  #5727 opened Jun 16, 2025

3 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [GHSA-jrwv-mv4h-7rrq] A vulnerability was found in OpenSSH when the...

  #5308 commented on Jun 17, 2025 • 0 new comments

• [GHSA-9v35-4xcr-w9ph] NetBird uses a static initialization vector (IV)

  #5714 commented on Jun 17, 2025 • 0 new comments

• [GHSA-4h8f-2wvx-gg5w] Bouncy Castle Java Cryptography API vulnerable to DNS poisoning

  #5717 commented on Jun 14, 2025 • 0 new comments