July 10, 2025 – July 17, 2025

Overview

9 Active pull requests

7 Active issues

4 Pull requests merged by 4 people

[GHSA-36wv-v2qp-v4g4] Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged
#5818 merged Jul 17, 2025
[GHSA-h4c9-rr5m-32fm] RuoYi vulnerable to arbitrary file download
#5811 merged Jul 16, 2025
[GHSA-x5gf-qvw8-r2rm] pm2 Regular Expression Denial of Service vulnerability
#5804 merged Jul 11, 2025
[GHSA-25xr-qj8w-c4vf] Uncontrolled Resource Consumption vulnerability in Apache...
#5800 merged Jul 11, 2025

5 Pull requests opened by 4 people

[GHSA-34rf-485x-g5h7] Arbitrary Command Injection in Kubernetes Headlamp via macOS Process codeSign
#5802 opened Jul 11, 2025
[GHSA-3wqc-mwfx-672p] Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability
#5808 opened Jul 15, 2025
[GHSA-8w3f-4r8f-pf53] Remote code execution through js2py onCaptchaResult
#5809 opened Jul 15, 2025
[GHSA-c23v-vqw5-52c5] PowerJob vulnerable to Incorrect Access Control via the create user/save interface.
#5812 opened Jul 16, 2025
[GHSA-x8qp-wqqm-57ph] vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes
#5819 opened Jul 17, 2025

3 Issues closed by 3 people

Advisory GHSA-v588-qcp3-jv46 lists incorrect fixed version
#5807 closed Jul 15, 2025
Networking problem
#5805 closed Jul 13, 2025
Advisory GHSA-jh5w-6964-x5cf lists incorrect fixed version
#5801 closed Jul 11, 2025

4 Issues opened by 2 people

Correction Request: Add ammo package to affected list in GHSA-gjph-xf5q-6mfq
#5820 opened Jul 17, 2025
Clarification on Overlap Between GHSA-8f89-2fwj-5v5r and GHSA-4r97-78gf-q24v
#5817 opened Jul 17, 2025
Duplicate advisories for Prototype Pollution in min-dash: GHSA-2m53-83f3-562j and GHSA-fm93-fhh2-cg2c
#5816 opened Jul 16, 2025
Metadata Correction Request for GHSA-3wqh-h42r-x8fq (@hapi/subtext)
#5815 opened Jul 16, 2025

3 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

Go: Supported ecosystem
#5762 commented on Jul 11, 2025 • 0 new comments
[GHSA-9fq2-x9r6-wfmf] Numpy Deserialization of Untrusted Data
#5777 commented on Jul 16, 2025 • 0 new comments
[GHSA-m8p2-495h-ccmh] The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
#5791 commented on Jul 17, 2025 • 0 new comments

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies:

Alternative Proxy