Skip to content

Pull requests: github/advisory-database

New pull request New
26 Open 6,492 Closed
26 Open 6,492 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[GHSA-hwqh-2684-54fc] Spring Cloud Gateway's SSL bundle configuration silently bypassed
#7391 opened Apr 14, 2026 by scottfrederick Loading…
Improve GHSA-jm43-hrq7-r7w6
#7390 opened Apr 14, 2026 by manuelleduc Loading…
[GHSA-rqvm-6hhw-247j] XML Injection vulnerability in xmltodict allows Input...
#7389 opened Apr 14, 2026 by paagaard-t Loading…
[GHSA-gp8f-8m3g-qvj9] Next.js Cache Poisoning
#7388 opened Apr 14, 2026 by ElyonOrtiz Loading…
1
[GHSA-fgmx-xfp3-w28p] aws-mcp-server AWS CLI Command Injection Remote Code...
#7387 opened Apr 14, 2026 by arnewouters Loading…
[GHSA-h27x-g6w4-24gq] Add missing CVSS 3.1 score from NVD assessment
#7386 opened Apr 13, 2026 by PiniShv Loading…
[GHSA-ggv3-7p47-pfv8] Add missing CVSS 3.1 score from NVD assessment
#7385 opened Apr 13, 2026 by PiniShv Loading…
GHSA-rwvc-j5jr-mgvh: update CVSS to match NVD assessment, enrich description
#7384 opened Apr 13, 2026 by PiniShv Loading…
[GHSA-hcch-w73c-jp4m] Statamic vulnerable to privilege escalation via stored cross-site scripting
#7383 opened Apr 13, 2026 by Shirshaw64p Loading…
5
[GHSA-24p2-2h4q-gmhf] Lack of output escaping leads to a XSS vector in the...
#7382 opened Apr 13, 2026 by Shirshaw64p Loading…
1
[GHSA-jcxm-m3jx-f287] simple-git Affected by Command Execution via Option-Parsing Bypass
#7381 opened Apr 13, 2026 by adnanrahim110 Loading…
2
[GHSA-3p68-rc4w-qgx5] Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
#7379 opened Apr 13, 2026 by Wenxin-Jiang Loading…
1
[GHSA-49jm-g4m8-x53p] Withdrawn Advisory: CodeIgniter4 Cross-Site Scripting Vulnerability in debugbar_time Parameter
#7376 opened Apr 13, 2026 by mpihelgas Loading…
[GHSA-3p68-rc4w-qgx5] Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
#7374 opened Apr 13, 2026 by SwTan98 Loading…
1
[GHSA-r6q2-hw4h-h46w] Race Condition in node-tar Path Reservations via Unicode Ligature Collisions on macOS APFS
#7366 opened Apr 12, 2026 by levpachmanov Loading…
1
[GHSA-8vrh-3pm2-v4v6] FileBrowser Quantum: Password Protection Not Enforced on Shared File Links
#7353 opened Apr 9, 2026 by ByteAfterlife Loading…
1
[GHSA-525j-95gf-766f] FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info
#7352 opened Apr 9, 2026 by ByteAfterlife Loading…
1
[GHSA-vxg3-v4p6-f3fp] Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause
#7340 opened Apr 9, 2026 by herbertroth Loading…
3
[GHSA-f23m-r3pf-42rh] lodash vulnerable to Prototype Pollution via array path bypass in _.unset and _.omit
#7320 opened Apr 8, 2026 by Kteamk Loading…
2
[GHSA-j3q9-mxjg-w52f] path-to-regexp vulnerable to Denial of Service via sequential optional groups
#7282 opened Apr 1, 2026 by CodyCodeman Loading…
3
[GHSA-prjq-f4q3-fvfr] github.com/russellhaering/gosaml2 is vulnerable to NULL Pointer Dereference
#7278 opened Apr 1, 2026 by simon-reisinger-dynatrace Loading…
4
[GHSA-mf92-479x-3373] Spring Security HTTP Headers Are not Written Under Some Conditions
#7275 opened Mar 31, 2026 by fritzdal Loading…
3
[GHSA-653v-rqx9-j85p] deep-object-diff vulnerable to Prototype Pollution
#7272 opened Mar 31, 2026 by rsholokh Loading…
1
[GHSA-9848-v244-962p] Apache Struts XSS
#7270 opened Mar 31, 2026 by urielcos Loading…
1
[GHSA-qf5v-q897-m77r] The ip (aka node-ip) package through 2.0.1 (in NPM) might... Stale
#7243 opened Mar 27, 2026 by bughir0 Loading…
3
ProTip! no:milestone will show everything without a milestone.