Skip to content

Pull requests: github/advisory-database

New pull request New
248 Open 6,898 Closed
248 Open 6,898 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[GHSA-7m2p-62gw-p8qq] Due to incorrect host parsing, applications that rely on...
#8097 opened Jun 23, 2026 by julianladisch Loading…
[GHSA-3prj-6hqw-cm82] PHP JWT Library: PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service
#8096 opened Jun 23, 2026 by hostep Loading…
1
[GHSA-jc38-x7x8-2xc8] PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks
#8095 opened Jun 23, 2026 by hostep Loading…
1
[GHSA-293q-567p-wmwq] SubjectDnX509PrincipalExtractor does not correctly handle...
#8094 opened Jun 23, 2026 by julianladisch Loading…
[GHSA-g3pr-3p32-fp23] In Micrometer, it is possible for a user to provide...
#8092 opened Jun 23, 2026 by julianladisch Loading…
[GHSA-w737-wx49-qj23] In Micrometer, it is possible for a user to provide...
#8091 opened Jun 23, 2026 by julianladisch Loading…
[GHSA-42jc-v69j-g38f] Gophish through 0.12.1 contains a denial of service...
#8090 opened Jun 23, 2026 by ashikmd7 Loading…
Add LangSmith SDK 0.8.18 fix references
#8089 opened Jun 22, 2026 by krotname Loading…
[GHSA-c8q4-9h32-2ww8] Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types
#8088 opened Jun 22, 2026 by connorshea Loading…
2
[GHSA-5xgj-pmjj-gw49] RISC Zero zkVM notes on zero-knowledge
#8087 opened Jun 22, 2026 by v-sdingari Loading…
2
[GHSA-263q-5cv3-xq9g] Gitea allows attackers to add attachments with forbidden file extensions
#8086 opened Jun 22, 2026 by brianrlamar-enlighten Loading…
1
[GHSA-5xgj-pmjj-gw49] RISC Zero zkVM notes on zero-knowledge
#8083 opened Jun 22, 2026 by Saireddy453 Loading…
3
[GHSA-p4gq-832x-fm9v] Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read
#8081 opened Jun 21, 2026 by ekaf Loading…
2
Add python-liquid 2.2.1 fix references
#8079 opened Jun 20, 2026 by krotname Loading…
Add pydantic-settings 2.14.2 release reference
#8078 opened Jun 20, 2026 by krotname Loading…
[GHSA-m5wg-cjgh-223j] goodoneuz/pay-uz: the /payment/api/editable/update endpoint overwrites existing PHP payment hook files
#8077 opened Jun 20, 2026 by shaxzodbek-uzb Loading…
Enrich GHSA-xp7f-v245-w3w8 (CVE-2026-38361, dash-uploader DoS): resubmit of #7636
#8076 opened Jun 20, 2026 by a1ohadance Loading…
[GHSA-wqp7-x3pw-xc5r] Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
#8075 opened Jun 19, 2026 by arafatjoyadh0414-ux Loading…
9
[GHSA-8xpq-cjcf-3wh9] Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
#8074 opened Jun 19, 2026 by tomasilluminati Loading…
2
[GHSA-wf44-4mgj-rwvx] OpenStack Neutron Improper Input Validation vulnerability
#8073 opened Jun 19, 2026 by cardoe Loading…
Add affected range to GHSA-q9xm-f36c-xm3q (@steipete/summarize)
#8071 opened Jun 19, 2026 by faketut Loading…
Add affected range to GHSA-434r-7c99-hwf3 (nanobot-ai)
#8070 opened Jun 19, 2026 by faketut Loading…
Add affected range to GHSA-m3v4-v5gx-7wf5 (openmed)
#8069 opened Jun 19, 2026 by faketut Loading…
Add affected range to GHSA-mvq4-39wx-6h5g (mysql-mcp-server)
#8068 opened Jun 19, 2026 by faketut Loading…
[GHSA-vg35-5wq7-3x7w] TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin data-mce-object injection
#8067 opened Jun 19, 2026 by sbrinkhorst Loading…
4
ProTip! Add no:assignee to see everything that’s not assigned.