Skip to content

Pull requests: github/advisory-database

New pull request New
Clear current search query, filters, and sorts
11 Open 5,850 Closed
11 Open 5,850 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[GHSA-cwfw-4gq5-mrqx] Regular Expression Denial of Service (ReDoS) in braces
#6473 by ljharb was merged Nov 26, 2025 Loading…
5
[GHSA-2j58-pwwv-x666] Cross-Site Request Forgery in sqlite-web
#6472 by JohnGale87 was merged Nov 27, 2025 Loading…
2
[GHSA-vrpq-qp53-qv56] Eclipse JGit XML External Entity (XXE) Vulnerability
#6471 by christian0101 was merged Nov 27, 2025 Loading…
1
fix: initial range for GHSA-wqch-xfxh-vrr4
#6470 by UlisesGascon was merged Nov 25, 2025 Loading…
2
[GHSA-wqch-xfxh-vrr4] body-parser is vulnerable to denial of service when url encoding is used
#6469 by UlisesGascon was closed Nov 25, 2025 Loading…
3
[GHSA-wqch-xfxh-vrr4] body-parser is vulnerable to denial of service when url encoding is used
#6468 by jonchurch was closed Nov 25, 2025 Loading…
3
[GHSA-vrpq-qp53-qv56] Eclipse JGit XML External Entity (XXE) Vulnerability
#6467 by christian0101 was closed Nov 26, 2025 Loading…
1
[GHSA-vrpq-qp53-qv56] Eclipse JGit XML External Entity (XXE) Vulnerability
#6466 by christian0101 was closed Nov 25, 2025 Loading…
[GHSA-9g8m-v378-pcg3] parse is vulnerable to prototype pollution
#6465 by miguelmunoz-dotcom was merged Nov 27, 2025 Loading…
1
[GHSA-qpm2-6cq5-7pq5] happy-dom's --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript
#6464 by shaked-seal was merged Nov 27, 2025 Loading…
2
[GHSA-gv8h-7v7w-r22q] Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
#6463 by shaked-seal was merged Nov 27, 2025 Loading…
2
[GHSA-q7jf-gf43-6x6p] Hono vulnerable to Vary Header Injection leading to potential CORS Bypass
#6462 by gigatechcode was merged Nov 27, 2025 Loading…
2
[GHSA-frmv-pr5f-9mcr] Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects.
#6461 by omarkurt was merged Nov 27, 2025 Loading…
1
[GHSA-w62r-7c53-fmc5] Grafana Incorrect Privilege Assignment vulnerability
#6460 by cdupuis was merged Nov 21, 2025 Loading…
2
Add actions permissions
#6459 by taladrane was merged Nov 21, 2025 Loading…
1
1
[GHSA-42m5-3r2p-wr92] Monsta FTP versions 2.11 and earlier contain a...
#6458 by TaaviE was closed Nov 21, 2025 Loading…
1
[GHSA-6xvf-4vh9-mw47] Minder does not sandbox http.send in Rego programs invalid This doesn't seem right
#6456 by juel01739-bot was closed Nov 21, 2025 Loading…
2
[GHSA-5j98-mcp5-4vw2] glob CLI: Command injection via -c/--cmd executes matches with shell:true invalid This doesn't seem right
#6455 by MarcoAntoniodesp was closed Nov 21, 2025 Loading…
4
[GHSA-jc85-fpwf-qm7x] expr-eval does not restrict functions passed to the evaluate function
#6454 by sei-vsarvepalli was merged Nov 21, 2025 Loading…
4
[GHSA-hgrr-935x-pq79] Apache Tomcat Vulnerable to Improper Resource Shutdown or Release
#6453 by tkwilli94 was merged Nov 21, 2025 Loading…
1
[GHSA-wmwf-9ccg-fff5] Apache Tomcat Vulnerable to Relative Path Traversal
#6452 by tkwilli94 was merged Nov 20, 2025 Loading…
1
[GHSA-f6x5-jh6r-wrfv] golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
#6450 by leonklingele was merged Nov 20, 2025 Loading…
4
[GHSA-m494-w24q-6f7w] JDBC Driver for SQL Server has improper input validation issue
#6449 by urielcos was merged Nov 24, 2025 Loading…
1
[GHSA-399j-vxmf-hjvr] @react-native-community/cli has arbitrary OS command injection
#6443 by colinmoynes was closed Nov 19, 2025 Loading…
2
[GHSA-ffrw-9mx8-89p8] fast-redact vulnerable to prototype pollution
#6442 by mcollina was merged Nov 20, 2025 Loading…
6
ProTip! Add no:assignee to see everything that’s not assigned.