-
Notifications
You must be signed in to change notification settings - Fork 449
Insights: github/advisory-database
Overview
-
- 17 Merged pull requests
- 4 Open pull requests
- 6 Closed issues
- 0 New issues
Could not load contribution data
Please try again later
17 Pull requests merged by 7 people
-
[GHSA-96c2-h667-9fxp] nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability
#5839 merged
Jul 22, 2025 -
[GHSA-f29h-pxvx-f335] eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7...
#5838 merged
Jul 21, 2025 -
[GHSA-c352-x843-ggpq] XXL-JOB vulnerable to Server-Side Request Forgery
#5833 merged
Jul 18, 2025 -
[GHSA-g5cj-5h58-j93w] Jeecg-boot vulnerable to SQL Injection
#5831 merged
Jul 18, 2025 -
[GHSA-v87q-rpwp-qr7q] Jeecg-boot vulnerable to SQL Injection
#5832 merged
Jul 18, 2025 -
[GHSA-4j2x-v3mr-467m] Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString
#5830 merged
Jul 18, 2025 -
[GHSA-25gv-mvm7-5h3h] Jeecg-boot vulnerable to SQL injection via /sys/user/putRecycleBin
#5829 merged
Jul 18, 2025 -
[GHSA-4gr7-qw2q-jxh6] Cross-site Scripting in Nacos
#5824 merged
Jul 18, 2025 -
[GHSA-83w4-x5w9-hf4h] XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
#5828 merged
Jul 18, 2025 -
[GHSA-c6mx-3fj9-9j7q] PowerJob vulnerable to incorrect access control
#5823 merged
Jul 18, 2025 -
[GHSA-mpvf-6h9g-2hq2] PowerJob Incorrect Access Control vulnerability
#5822 merged
Jul 18, 2025 -
[GHSA-x6rc-54xp-ccxx] Improper Restriction of XML External Entity Reference in Apache ActiveMQ
#5821 merged
Jul 18, 2025 -
[GHSA-h4c9-rr5m-32fm] RuoYi vulnerable to arbitrary file download
#5811 merged
Jul 16, 2025
4 Pull requests opened by 3 people
-
[GHSA-fr5w-98mc-jjvg] Arbitrary file upload in Mingsoft MCMS
#5834 opened
Jul 18, 2025 -
[GHSA-h57w-vh34-f8cw] Code injection in mingSoft MCMS
#5835 opened
Jul 18, 2025 -
[GHSA-2gxp-6r36-m97r] Corrected severity on advisory
#5841 opened
Jul 22, 2025
6 Issues closed by 2 people
-
Metadata Correction Request for GHSA-3wqh-h42r-x8fq (@hapi/subtext)
#5815 closed
Jul 22, 2025 -
Add support for Linux packages
#5836 closed
Jul 21, 2025 -
Go: Supported ecosystem
#5762 closed
Jul 21, 2025 -
Correction Request: Add ammo package to affected list in GHSA-gjph-xf5q-6mfq
#5820 closed
Jul 21, 2025 -
Clarification on Overlap Between GHSA-8f89-2fwj-5v5r and GHSA-4r97-78gf-q24v
#5817 closed
Jul 18, 2025 -
Duplicate advisories for Prototype Pollution in min-dash: GHSA-2m53-83f3-562j and GHSA-fm93-fhh2-cg2c
#5816 closed
Jul 18, 2025
5 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
question: how handle `affected[].ranges[].events` + `affectedversions-field`
#5734 commented on
Jul 20, 2025 • 0 new comments -
[GHSA-9pp5-9c7g-4r83] Spring Security authorization bypass for method security annotations on private methods
#5747 commented on
Jul 20, 2025 • 0 new comments -
[GHSA-m8p2-495h-ccmh] The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
#5791 commented on
Jul 17, 2025 • 0 new comments -
[GHSA-wx5j-54mm-rqqq] HTTP request smuggling in netty
#5792 commented on
Jul 21, 2025 • 0 new comments -
[GHSA-8w3f-4r8f-pf53] Remote code execution through js2py onCaptchaResult
#5809 commented on
Jul 17, 2025 • 0 new comments