github / advisory-database Public

Notifications You must be signed in to change notification settings
Fork 628
Star 2.3k

Code
Issues 84
Pull requests 210
Discussions
Actions
Models
Security and quality
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Models
Security and quality
Insights

Pull requests: github/advisory-database

Labels 15 Milestones 0

New pull request New

210 Open 6,755 Closed

Author

Filter by author

Uh oh!

There was an error while loading. Please reload this page.

Label

Filter by label

Uh oh!

There was an error while loading. Please reload this page.

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Uh oh!

There was an error while loading. Please reload this page.

Milestones

Filter by milestone

Uh oh!

There was an error while loading. Please reload this page.

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Uh oh!

There was an error while loading. Please reload this page.

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

[GHSA-rr89-w3h9-m66j] ExifReader is vulnerable to denial of service via unbounded decompression of image metadata

#7906 opened Jun 5, 2026 by yuki-matsuhashi

Loading…

[GHSA-h64w-w9pr-82m4] ExifReader is vulnerable to denial of service via crafted ICC mluc tag

#7905 opened Jun 5, 2026 by yuki-matsuhashi

Loading…

[GHSA-wc7j-g8wx-m2qx] Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling

#7904 opened Jun 5, 2026 by kingjia90

Loading…

[GHSA-r2f4-ff2p-xc64] Pimcore Platform - SQL Injection in DataObject composite index handling during class definition import/save

#7903 opened Jun 5, 2026 by kingjia90

Loading…

[GHSA-jwcc-gv4m-93x6] Pimcore has a CustomReports Share Bypass

#7902 opened Jun 5, 2026 by kingjia90

Loading…

[GHSA-36fc-7wjg-mfvj] Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_classes Restriction

#7901 opened Jun 5, 2026 by kingjia90

Loading…

[GHSA-332x-r494-54fq] Pimcore has a WordExport Authorization Bypass for Unauthorized Document Export

#7900 opened Jun 5, 2026 by kingjia90

Loading…

[GHSA-h4ph-crvj-9h92] Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Date Filter via Unsanitized Property Parameter

#7899 opened Jun 5, 2026 by kingjia90

Loading…

[GHSA-3234-gxc3-pq6f] Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration

#7898 opened Jun 5, 2026 by kingjia90

Loading…

Add patch commit and release reference to GHSA-62hf-57xw-28j9

#7897 opened Jun 5, 2026 by 0bi0

Loading…

[GHSA-rxv8-25v2-qmq8] React Router vulnerable to Denial of Service via reflected user input in single-fetch

#7895 opened Jun 4, 2026 by arafatjoyadh0414-ux

Loading…

[GHSA-5xrq-8626-4rwp] When Vitest UI server is listening, arbitrary file can be read and executed

#7892 opened Jun 4, 2026 by SaronGrave

Loading…

[GHSA-j4fx-xxwh-2485] Update advisory references

#7890 opened Jun 4, 2026 by yuki-matsuhashi

Loading…

[GHSA-2f3m-j83v-344c] Update advisory references

#7889 opened Jun 4, 2026 by yuki-matsuhashi

Loading…

[GHSA-5xrq-8626-4rwp] When Vitest UI server is listening, arbitrary file can be read and executed

#7888 opened Jun 4, 2026 by koteswar-k

Loading…

[GHSA-8rm2-7qqf-34qm] Prometheus: Remote read endpoint allows denial of service via crafted snappy payload

#7887 opened Jun 4, 2026 by noren95

Loading…

[GHSA-wg65-39gg-5wfj] Prometheus Azure AD remote write OAuth client secret exposed via config API

#7886 opened Jun 4, 2026 by noren95

Loading…

[GHSA-rmj9-q58g-9qgg] go-unzip vulnerable to Path Traversal

#7885 opened Jun 3, 2026 by amita-seal

Loading…

[GHSA-5xrq-8626-4rwp] When Vitest UI server is listening, arbitrary file can be read and executed

#7883 opened Jun 3, 2026 by joevin-slq-docto

Loading…

[GHSA-5xrq-8626-4rwp] When Vitest UI server is listening, arbitrary file can be read and executed

#7881 opened Jun 2, 2026 by qispark

Loading…

[GHSA-799x-qp47-8qwq] Apache Airflow's EmailOperator and the underlying ...

#7879 opened Jun 2, 2026 by francisbergin

Loading…

[GHSA-gxr4-xjj5-5px2] Potential XSS vulnerability in jQuery

#7877 opened Jun 2, 2026 by Athlon1600

Loading…

[GHSA-mx76-r943-rf8g] Bouncy Castle has a vulnerability in program files gcm128w, gcm512w

#7874 opened Jun 1, 2026 by discerningdev

Loading…

[GHSA-q8mj-m7cp-5q26] qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set

#7873 opened Jun 1, 2026 by Lokeninfinitypoint

Loading…

chore: introduced version in GHSA advisory

#7872 opened Jun 1, 2026 by jasonsaayman

Loading…

Previous 1 2 3 4 5 … 8 9 Next

Previous Next

ProTip! Mix and match filters to narrow down what you’re looking for.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!