-
Notifications
You must be signed in to change notification settings - Fork 647
Pull requests: github/advisory-database
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
[GHSA-8r8j-gfhg-fw38] Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames
#8143
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-c4q5-6c82-3qpw] Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
#8142
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-m49c-g9wr-hv6v] jinjava has Sandbox Bypass via JavaType-Based Deserialization
#8141
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-r29c-68gh-xp6x] Apache Tomcat - HTTP/2 request headers not validated
#8140
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-v7gr-mqpj-wwh3] CometVisu Backend for openHAB affected by SSRF/XSS
#8139
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-g9gf-g5jq-9h3v] Apache Ranger UI vulnerable to Server Side Request Forgery
#8138
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-w76p-3cgp-qfcm] Apache Polaris has an Improper Input Validation issue
#8137
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-524g-x36v-9wm6] Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in
JavaExprAlgorithmExecutionFactory
#8136
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-2fm6-mv57-p2qh] Apache Dolphinscheduler Code Injection vulnerability
#8135
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-vmwp-vh32-rj75] Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override
#8134
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-6jwp-4wvj-6597] Apache Pinot Vulnerable to Authentication Bypass
#8133
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-fpj8-gq4v-p354] Apache Tomcat - Client certificate verification bypass
#8132
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-2gh6-wc3m-g37f] hermes-management is vulnerable to RCE due to Apache commons-jxpath
#8131
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-5f29-2333-h9c7] OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE
#8130
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-2c59-37c4-qrx5] Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution
#8129
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-98m9-hrrm-r99r] Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters
#8128
opened Jun 25, 2026 by
maikelvdh
Loading…
[GHSA-8gqp-hr9g-pg62] Conductor vulnerable to OS command injection through unrestricted access to Java classes
#8127
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-mf92-479x-3373] Spring Security HTTP Headers Are not Written Under Some Conditions
#8126
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-h2xq-h7f9-vh6c] XWiki Blog Application home page vulnerable to Stored XSS via Post Title
#8125
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-p6jf-79j3-33f3] carbon-apimgt does not properly restrict uploaded files
#8124
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-pm7g-w2cf-q238] pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT
#8123
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-vr79-8m62-wh98] FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft
#8122
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-6g23-24mc-hx6x] Spring Cloud Config vulnerable to Path Traversal
#8121
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-fxc7-fm93-6q77] ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases
#8120
opened Jun 25, 2026 by
sealbenb
Loading…
[GHSA-cx4m-2p55-rw7j] Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest
#8119
opened Jun 25, 2026 by
sealbenb
Loading…
Previous Next
ProTip!
What’s not been updated in a month: updated:<2026-05-25.