-
Notifications
You must be signed in to change notification settings - Fork 648
Pull requests: github/advisory-database
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
[GHSA-89gg-p5r5-q6r4] MONAI: Unsafe functions lead to pickle deserialization rce
#8151
opened Jun 26, 2026 by
mingxin-zheng
Loading…
[GHSA-5jmj-h7xm-6q6v] jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties
#8150
opened Jun 26, 2026 by
snieguu
Loading…
[GHSA-7p36-fq2r-4h7r] Pimcore CMS Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed
#8149
opened Jun 26, 2026 by
astapc
Loading…
[GHSA-9cr8-q42q-g8m7] Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts
#8148
opened Jun 26, 2026 by
westonsteimel
Loading…
[GHSA-5r4w-85f3-pw66] Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass
#8147
opened Jun 26, 2026 by
westonsteimel
Loading…
[GHSA-c6pf-2v8j-96mc] Cilium node based network policies may incorrectly allow workload traffic
#8146
opened Jun 26, 2026 by
westonsteimel
Loading…
[GHSA-38pp-6gcp-rqvm] Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic
#8145
opened Jun 26, 2026 by
westonsteimel
Loading…
[GHSA-h67p-54hq-rp68] JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases
#8144
opened Jun 26, 2026 by
mazze93
Loading…
[GHSA-8r8j-gfhg-fw38] Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames
#8143
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-c4q5-6c82-3qpw] Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
#8142
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-m49c-g9wr-hv6v] jinjava has Sandbox Bypass via JavaType-Based Deserialization
#8141
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-r29c-68gh-xp6x] Apache Tomcat - HTTP/2 request headers not validated
#8140
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-v7gr-mqpj-wwh3] CometVisu Backend for openHAB affected by SSRF/XSS
#8139
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-g9gf-g5jq-9h3v] Apache Ranger UI vulnerable to Server Side Request Forgery
#8138
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-w76p-3cgp-qfcm] Apache Polaris has an Improper Input Validation issue
#8137
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-524g-x36v-9wm6] Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in
JavaExprAlgorithmExecutionFactory
#8136
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-2fm6-mv57-p2qh] Apache Dolphinscheduler Code Injection vulnerability
#8135
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-vmwp-vh32-rj75] Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
#8134
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-6jwp-4wvj-6597] Apache Pinot Vulnerable to Authentication Bypass
#8133
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-fpj8-gq4v-p354] Apache Tomcat - Client certificate verification bypass
#8132
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-2gh6-wc3m-g37f] hermes-management is vulnerable to RCE due to Apache commons-jxpath
#8131
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-5f29-2333-h9c7] OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE
#8130
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-2c59-37c4-qrx5] Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution
#8129
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-98m9-hrrm-r99r] Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
#8128
opened Jun 25, 2026 by
maikelvdh
Loading…
[GHSA-8gqp-hr9g-pg62] Conductor vulnerable to OS command injection through unrestricted access to Java classes
#8127
opened Jun 25, 2026 by
sealbenb
Loading…
Previous Next
ProTip!
What’s not been updated in a month: updated:<2026-05-26.