github / advisory-database Public

Notifications You must be signed in to change notification settings
Fork 581
Star 2.2k

Code
Issues 73
Pull requests 34
Discussions
Actions
Models
Security and quality
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Models
Security and quality
Insights

Pull requests: github/advisory-database

Labels 15 Milestones 0

New pull request New

34 Open 6,435 Closed

Author

Filter by author

Uh oh!

There was an error while loading. Please reload this page.

Label

Filter by label

Uh oh!

There was an error while loading. Please reload this page.

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Uh oh!

There was an error while loading. Please reload this page.

Milestones

Filter by milestone

Uh oh!

There was an error while loading. Please reload this page.

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Uh oh!

There was an error while loading. Please reload this page.

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

[GHSA-8ffj-4hx4-9pgf] lightrag-hku: JWT Algorithm Confusion Vulnerability

#7336 opened Apr 8, 2026 by nomore8797

Loading…

[GHSA-4wmm-6qxj-fpj4] AVideo has a Path Traversal in listFiles.json.php Enables Server Filesystem Enumeration

#7335 opened Apr 8, 2026 by Marcono1234

Loading…

[GHSA-v467-g7g7-hhfh] AVideo has SSRF in Scheduler Plugin via callbackURL Missing isSSRFSafeURL() Validation

#7334 opened Apr 8, 2026 by Marcono1234

Loading…

[GHSA-6fmv-xxpf-w3cw] Plexus-Utils has a Directory Traversal vulnerability in its extractFile method

#7333 opened Apr 8, 2026 by timtebeek

Loading…

[GHSA-rfgh-63mg-8pwm] pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

#7332 opened Apr 8, 2026 by komi22

Loading…

[GHSA-ghc4-35x6-crw5] Envoy has RBAC Header Validation Bypass via Multi-Value Header Concatenation

#7331 opened Apr 8, 2026 by sekveaja

Loading…

[GHSA-rxpj-7qvf-xv32] Improper Input Validation, Improper Control of Generation...

#7330 opened Apr 8, 2026 by filipecamargos

Loading…

[GHSA-6jwv-w5xf-7j27] go.etcd.io/bbolt affected by index out-of-range vulnerability

#7329 opened Apr 8, 2026 by ryanbekhen

Loading…

[GHSA-5qcv-4rpc-jp93] A race condition in the Apache Kafka Java producer client...

#7328 opened Apr 8, 2026 by filipecamargos

Loading…

[GHSA-rq49-h582-83m7] Cockpit's remote login feature passes user-supplied...

#7327 opened Apr 8, 2026 by Venefilyn

Loading…

[GHSA-6fmv-xxpf-w3cw] Plexus-Utils has a Directory Traversal vulnerability in its extractFile method

#7326 opened Apr 8, 2026 by udengaardandersent-ELS

Loading…

[GHSA-f359-r3pv-2phf] AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints

#7324 opened Apr 8, 2026 by Marcono1234

Loading…

[GHSA-2m67-wjpj-xhg9] Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers

#7323 opened Apr 8, 2026 by pjfanning

Loading…

[GHSA-mp2g-9vg9-f4cg] h3 v1 has Request Smuggling (TE.TE) issue

#7322 opened Apr 8, 2026 by simonkoeck

Loading…

[GHSA-687q-32c6-8x68] AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection

#7321 opened Apr 8, 2026 by Marcono1234

Loading…

[GHSA-f23m-r3pf-42rh] lodash vulnerable to Prototype Pollution via array path bypass in _.unset and _.omit

#7320 opened Apr 8, 2026 by Kteamk

Loading…

[GHSA-2m67-wjpj-xhg9] Jackson Core: Document length constraint bypass in blocking, async, and DataInput parsers

#7319 opened Apr 8, 2026 by Adrian-Hirt

Loading…

[GHSA-jp2q-39xq-3w4g] Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser

#7318 opened Apr 8, 2026 by tung2744

Loading…

[GHSA-v2xr-wvrv-p969] RAGAS has an Arbitrary File Read vulnerability

#7317 opened Apr 7, 2026 by adithyan-ak

Loading…

[GHSA-6w46-j5rx-g56g] pytest through 9.0.2 on UNIX relies on directories with...

#7316 opened Apr 7, 2026 by adamjstewart

Loading…

[GHSA-gv3v-2cpp-3pmq] Keycloak logs sensitive headers

#7314 opened Apr 7, 2026 by eminaktas

Loading…

[GHSA-wj64-gh9j-xm82] Issue summary: An OpenSSL TLS 1.3 server may fail to...

#7312 opened Apr 7, 2026 by vdukhovni

Loading…

[GHSA-gxr4-xjj5-5px2] Potential XSS vulnerability in jQuery

#7311 opened Apr 6, 2026 by sealonohana

Loading…

[GHSA-5f7q-jpqc-wp7h] Next.js has Unbounded Memory Consumption via PPR Resume Endpoint

#7303 opened Apr 4, 2026 by jesvinjames

Loading…

Improve GHSA-jm43-hrq7-r7w6

#7290 opened Apr 3, 2026 by manuelleduc

Loading…

Previous 1 2 Next

Previous Next

ProTip! Type g i on any issue or pull request to go back to the issue listing page.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!