17 Pull requests merged by 15 people

• [GHSA-3mcp-9wr4-cjqf] Remote Code Execution (RCE) vulnerability in dropwizard-validation

  #5785 merged Jul 3, 2025

• [GHSA-xjrf-8x4f-43h4] Improper Neutralization of Input During Web Page Generation in Spring Framework

  #5786 merged Jul 3, 2025

• [GHSA-fj44-h6xw-896g] react-native-keys 0.7.11 is vulnerable to sensitive...

  #5788 merged Jul 2, 2025

• [GHSA-cqqj-4p63-rrmm] HTTP Request Smuggling in Netty

  #5784 merged Jul 2, 2025

• [GHSA-5h6x-m52p-23ph] Improper Certificate Validation in Apache Qpid Proton

  #5780 merged Jul 1, 2025

• [GHSA-gpqc-4pp7-5954] Authentication Bypass by CSRF Weakness

  #5783 merged Jul 1, 2025

• [GHSA-v6w3-2prq-h95f] Improper Input Validation in Jakarta Expression Language

  #5782 merged Jul 1, 2025

• [GHSA-m964-fjrh-xxq2] Deserialization of Untrusted Data vulnerability in Apache...

  #5772 merged Jun 30, 2025

• [GHSA-vv7r-c36w-3prj] Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

  #5764 merged Jun 30, 2025

• [GHSA-jc9r-qcgw-fxq9] A vulnerability was found in sparklemotion nokogiri up to...

  #5778 merged Jun 30, 2025

• [GHSA-48p4-8xcf-vxj5] urllib3 does not control redirects in browsers and Node.js

  #5776 merged Jun 30, 2025

• [GHSA-g93m-8x6h-g5gv] When using IPAuthenticationProvider in ZooKeeper Admin...

  #5775 merged Jun 30, 2025

• [GHSA-rvqx-wpfh-mfx7] Langflow Unauth RCE

  #5773 merged Jun 30, 2025

• [GHSA-vhxf-7vqr-mrjg] DOMPurify allows Cross-site Scripting (XSS)

  #5763 merged Jun 30, 2025

• [GHSA-fc9h-whq2-v747] Valid ECDSA signatures erroneously rejected in Elliptic

  #5442 merged Jun 27, 2025

• [GHSA-h6gj-6jjq-h8g9] jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

  #5757 merged Jun 27, 2025

• [GHSA-rx97-6c62-55mf] Hashicorp Nomad Incorrect Privilege Assignment vulnerability

  #5759 merged Jun 27, 2025

1 Pull request opened by 1 person

• [GHSA-9fq2-x9r6-wfmf] Numpy Deserialization of Untrusted Data

  #5777 opened Jun 30, 2025

7 Issues closed by 2 people

• Clarification on Overlap Between GHSA-gpqc-4pp7-5954 and GHSA-26xx-m4q2-xhq8

  #5756 closed Jul 2, 2025

• Possible Inaccuracy in XXE Vulnerability: Advisory-[GHSA-jffq-528j-mp6c]

  #5767 closed Jul 2, 2025

• Incorrect Package Attribution in GHSA-7rvp-xqj7-rxf2

  #5787 closed Jul 2, 2025

• Maven advisories missing scala SBT suffixes in package names

  #5781 closed Jul 2, 2025

• Check out this app!

  #5771 closed Jun 30, 2025

• Review requested:

  #5770 closed Jun 30, 2025

• Data

  #5769 closed Jun 30, 2025

1 Issue opened by 1 person

• Go: Supported ecosystem

  #5762 opened Jun 27, 2025

2 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• julia ecosystem support

  #1689 commented on Jul 1, 2025 • 0 new comments

• [GHSA-9pp5-9c7g-4r83] Spring Security authorization bypass for method security annotations on private methods

  #5747 commented on Jul 2, 2025 • 0 new comments