Uh oh!

There was an error while loading. Please reload this page.

github / advisory-database Public

Notifications You must be signed in to change notification settings
Fork 647
Star 2.3k

Code
Issues 92
Pull requests 279
Discussions
Actions
Models
Security and quality
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Models
Security and quality
Insights

Pull requests: github/advisory-database

Labels 15 Milestones 0

New pull request New

279 Open 6,901 Closed

Author

Filter by author

Uh oh!

There was an error while loading. Please reload this page.

Label

Filter by label

Uh oh!

There was an error while loading. Please reload this page.

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Uh oh!

There was an error while loading. Please reload this page.

Milestones

Filter by milestone

Uh oh!

There was an error while loading. Please reload this page.

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Uh oh!

There was an error while loading. Please reload this page.

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

[GHSA-6jwp-4wvj-6597] Apache Pinot Vulnerable to Authentication Bypass

#8133 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-fpj8-gq4v-p354] Apache Tomcat - Client certificate verification bypass

#8132 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-2gh6-wc3m-g37f] hermes-management is vulnerable to RCE due to Apache commons-jxpath

#8131 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-5f29-2333-h9c7] OpenMetadata's Server-Side Template Injection (SSTI) in FreeMarker email templates leads to RCE

#8130 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-2c59-37c4-qrx5] Apache Parquet Avro Module Vulnerable to Arbitrary Code Execution

#8129 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-98m9-hrrm-r99r] Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

#8128 opened Jun 25, 2026 by maikelvdh

Loading…

[GHSA-8gqp-hr9g-pg62] Conductor vulnerable to OS command injection through unrestricted access to Java classes

#8127 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-mf92-479x-3373] Spring Security HTTP Headers Are not Written Under Some Conditions

#8126 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-h2xq-h7f9-vh6c] XWiki Blog Application home page vulnerable to Stored XSS via Post Title

#8125 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-p6jf-79j3-33f3] carbon-apimgt does not properly restrict uploaded files

#8124 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-pm7g-w2cf-q238] pac4j-jwt: JwtAuthenticator Authentication Bypass via JWE-Wrapped PlainJWT

#8123 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-vr79-8m62-wh98] FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft

#8122 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-6g23-24mc-hx6x] Spring Cloud Config vulnerable to Path Traversal

#8121 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-fxc7-fm93-6q77] ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-created databases

#8120 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-cx4m-2p55-rw7j] Apache OpenNLP ExtensionLoader Vulnerable to Arbitrary Class Instantiation via Model Manifest

#8119 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-76mw-6p95-x9x5] pac4j-core affected by a Java deserialization vulnerability

#8118 opened Jun 25, 2026 by bnbdr

Loading…

[GHSA-c9ph-gxww-7744] Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns

#8117 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-w22p-4x9f-486v] Jenkins GitHub Plugin has an XSS vulnerability

#8116 opened Jun 25, 2026 by sealbenb

Loading…

[GHSA-98m9-hrrm-r99r] Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

#8115 opened Jun 24, 2026 by sfriedman-cape

Loading…

[GHSA-263q-5cv3-xq9g] Gitea allows attackers to add attachments with forbidden file extensions

#8114 opened Jun 24, 2026 by brianrlamar-enlighten

Loading…

[GHSA-98m9-hrrm-r99r] Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

#8113 opened Jun 24, 2026 by Starfox64

Loading…

[GHSA-5jmj-h7xm-6q6v] jackson-databind has case-insensitive deserialization bypasses per-property @JsonIgnoreProperties

#8112 opened Jun 24, 2026 by pjfanning

Loading…

[GHSA-98m9-hrrm-r99r] Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

#8111 opened Jun 24, 2026 by iBotPeaches

Loading…

[GHSA-663r-x48j-fg8p] A weakness has been identified in jsonata-js jsonata up...

#8110 opened Jun 24, 2026 by mattbaileyuk

Loading…

[GHSA-5vg9-5847-vvmq] Laravel Framework: CRLF injection in default email rule

#8109 opened Jun 24, 2026 by OmarXtream

Loading…

Previous 1 2 3 4 5 … 11 12 Next

Previous Next

ProTip! Exclude everything labeled bug with -label:bug.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!