Skip to content

Pull requests: github/advisory-database

New pull request New
23 Open 2,687 Closed
23 Open 2,687 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[GHSA-2mjp-6q6p-2qxm] Undici has an HTTP Request/Response Smuggling issue
#7514 opened Apr 28, 2026 by tijuks Loading…
2
[GHSA-x5gf-qvw8-r2rm] pm2 Regular Expression Denial of Service vulnerability
#7513 opened Apr 27, 2026 by corridormatt Loading…
Add GHSA-fhw2-h46x-v2mj: Arbitrary local file disclosure in @playwright/mcp
#7511 opened Apr 27, 2026 by mmzha2013 Loading…
1
[GHSA-jfwf-28xr-xw6q] RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution
#7510 opened Apr 27, 2026 by augustocesarperin Loading…
1
[GHSA-v92g-xgxw-vvmm] Mako: Path traversal via double-slash URI prefix in TemplateLookup
#7508 opened Apr 26, 2026 by augustocesarperin Loading…
1
[GHSA-rvhj-8chj-8v3c] Mflow: Command Injection when serving models with enable_mlserver=True
#7507 opened Apr 26, 2026 by rotemd-apiiro Loading…
[GHSA-qj8w-gfj5-8c6v] Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects
#7506 opened Apr 26, 2026 by sealonohana Loading…
1
[GHSA-mw35-8rx3-xf9r] Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization
#7504 opened Apr 25, 2026 by shakevsky Loading…
1
[GHSA-cw7v-45wm-mcf2] Kirby CMS has Persistent DoS via Malformed Image Upload
#7503 opened Apr 24, 2026 by lukasbestle Loading…
5
[GHSA-x4p7-7chp-64hq] Keycloak: Unauthorized authentication via disabled SAML Identity Provider
#7502 opened Apr 24, 2026 by sekveaja Loading…
fix: correct GHSA-pfr9-2p92-qrhq dbn fixed version 0.22.0 -> 0.22.1
#7483 opened Apr 21, 2026 by DEVSOG12 Loading…
3
fix: correct GHSA-4j5j-58j7-6c3w dulwich fixed version 0.9.9 -> 0.10.0
#7482 opened Apr 21, 2026 by DEVSOG12 Loading…
1
[GHSA-9hxg-w7qf-hh93] Use Go pseudo-version for fixed version
#7477 opened Apr 21, 2026 by cookesan Loading…
[GHSA-mwv9-gp5h-frr4] Sveltejs devalue's devalue.parse and devalue.unflatten emit objects with __proto__ own properties
#7464 opened Apr 20, 2026 by Wenxin-Jiang Loading…
7
[GHSA-hx9m-jf43-8ffr] seroval affected by Denial of Service via RegExp serialization
#7463 opened Apr 20, 2026 by Wenxin-Jiang Loading…
2
[GHSA-23f4-hfmq-94mj] Quick-Media Batik Codec FIX Package has Buffer Overflow Vulnerability in PNG Codec
#7438 opened Apr 19, 2026 by carlosame Loading…
2
[GHSA-jpcq-cgw6-v4j6] Potential XSS vulnerability in jQuery
#7435 opened Apr 19, 2026 by sealonohana Loading…
2
[GHSA-355h-qmc2-wpwf] Jetty has HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
#7421 opened Apr 17, 2026 by jhy Loading…
7
[GHSA-fvcv-3m26-pcqx] Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
#7419 opened Apr 17, 2026 by ylemkimon Loading…
8
[GHSA-f23m-r3pf-42rh] lodash vulnerable to Prototype Pollution via array path bypass in _.unset and _.omit Stale
#7320 opened Apr 8, 2026 by Kteamk Loading…
3
[GHSA-j3q9-mxjg-w52f] path-to-regexp vulnerable to Denial of Service via sequential optional groups Stale
#7282 opened Apr 1, 2026 by CodyCodeman Loading…
4
[GHSA-mf92-479x-3373] Spring Security HTTP Headers Are not Written Under Some Conditions Stale
#7275 opened Mar 31, 2026 by fritzdal Loading…
4
[GHSA-9848-v244-962p] Apache Struts XSS
#7270 opened Mar 31, 2026 by urielcos Loading…
3
ProTip! Exclude everything labeled bug with -label:bug.