github / advisory-database Public

Notifications You must be signed in to change notification settings
Fork 579
Star 2.2k

Code
Issues 76
Pull requests 18
Discussions
Actions
Models
Security and quality
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Models
Security and quality
Insights

Pull requests: github/advisory-database

Labels 15 Milestones 0

New pull request New

18 Open 6,506 Closed

Author

Filter by author

Uh oh!

There was an error while loading. Please reload this page.

Label

Filter by label

Uh oh!

There was an error while loading. Please reload this page.

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Uh oh!

There was an error while loading. Please reload this page.

Milestones

Filter by milestone

Uh oh!

There was an error while loading. Please reload this page.

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Uh oh!

There was an error while loading. Please reload this page.

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

[GHSA-w4fj-87j5-f25c] XWiki has Reflected Cross-Site Scripting (XSS) in page history compare

#7397 opened Apr 15, 2026 by officialchrist5480-creator

Loading…

[GHSA-gqrq-j6pm-98c2] External Control of File Name or Path in h2oai/h2o-3

#7396 opened Apr 15, 2026 by tjuyuxinzhang

Loading…

[GHSA-f886-m6hf-6m8v] brace-expansion: Zero-step sequence causes process hang and memory exhaustion

#7395 opened Apr 15, 2026 by Lokeninfinitypoint

Loading…

[GHSA-3p68-rc4w-qgx5] Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF

#7394 opened Apr 15, 2026 by zheinz

Loading…

[GHSA-3p68-rc4w-qgx5] Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF

#7393 opened Apr 14, 2026 by cgurnik

Loading…

[GHSA-3p68-rc4w-qgx5] Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF

#7379 opened Apr 13, 2026 by Wenxin-Jiang

Loading…

[GHSA-3p68-rc4w-qgx5] Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF

#7374 opened Apr 13, 2026 by SwTan98

Loading…

[GHSA-8vrh-3pm2-v4v6] FileBrowser Quantum: Password Protection Not Enforced on Shared File Links

#7353 opened Apr 9, 2026 by ByteAfterlife

Loading…

[GHSA-525j-95gf-766f] FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info

#7352 opened Apr 9, 2026 by ByteAfterlife

Loading…

[GHSA-vxg3-v4p6-f3fp] Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

#7340 opened Apr 9, 2026 by herbertroth

Loading…

[GHSA-f23m-r3pf-42rh] lodash vulnerable to Prototype Pollution via array path bypass in _.unset and _.omit

#7320 opened Apr 8, 2026 by Kteamk

Loading…

[GHSA-j3q9-mxjg-w52f] path-to-regexp vulnerable to Denial of Service via sequential optional groups

#7282 opened Apr 1, 2026 by CodyCodeman

Loading…

[GHSA-prjq-f4q3-fvfr] github.com/russellhaering/gosaml2 is vulnerable to NULL Pointer Dereference

#7278 opened Apr 1, 2026 by simon-reisinger-dynatrace

Loading…

[GHSA-mf92-479x-3373] Spring Security HTTP Headers Are not Written Under Some Conditions

#7275 opened Mar 31, 2026 by fritzdal

Loading…

[GHSA-653v-rqx9-j85p] deep-object-diff vulnerable to Prototype Pollution

#7272 opened Mar 31, 2026 by rsholokh

Loading…

[GHSA-9848-v244-962p] Apache Struts XSS

#7270 opened Mar 31, 2026 by urielcos

Loading…

[GHSA-qf5v-q897-m77r] The ip (aka node-ip) package through 2.0.1 (in NPM) might... Stale

#7243 opened Mar 27, 2026 by bughir0

Loading…

[GHSA-jx49-fphc-w293] Improper Restriction of XML External Entity Reference... Stale

#7197 opened Mar 19, 2026 by Bhanu99517

Loading…

ProTip! Follow long discussions with comments:>50.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!