github / advisory-database Public

Notifications You must be signed in to change notification settings
Fork 582
Star 2.2k

Code
Issues 70
Pull requests 33
Discussions
Actions
Models
Security and quality
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Models
Security and quality
Insights

Pull requests: github/advisory-database

Labels 15 Milestones 0

New pull request New

33 Open 6,448 Closed

Author

Filter by author

Uh oh!

There was an error while loading. Please reload this page.

Label

Filter by label

Uh oh!

There was an error while loading. Please reload this page.

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Uh oh!

There was an error while loading. Please reload this page.

Milestones

Filter by milestone

Uh oh!

There was an error while loading. Please reload this page.

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Uh oh!

There was an error while loading. Please reload this page.

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

[GHSA-qm9p-f9j5-w83w] Parcel has an Origin Validation Error vulnerability

#7348 opened Apr 9, 2026 by Pomax

Loading…

[GHSA-5wfc-hjrc-gq87] hjson stack exhaustion vulnerability

#7347 opened Apr 9, 2026 by achibear

Loading…

[GHSA-5hr4-253g-cpx2] web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

#7346 opened Apr 9, 2026 by Nadav0077

Loading…

[GHSA-qj83-cq47-w5f8] Axios HTTP/2 Session Cleanup State Corruption Vulnerability

#7345 opened Apr 9, 2026 by sealonohana

Loading…

[GHSA-4pgc-gfrr-wcmg] Keycloak has Improper Access Control allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false

#7344 opened Apr 9, 2026 by dnegreira

Loading…

[GHSA-22rm-wp4x-v5cx] Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation

#7343 opened Apr 9, 2026 by dnegreira

Loading…

[GHSA-rhgq-f8x5-j2jc] Keycloak's identity-first login flow exposes user information

#7342 opened Apr 9, 2026 by dnegreira

Loading…

[GHSA-vxg3-v4p6-f3fp] Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

#7340 opened Apr 9, 2026 by herbertroth

Loading…

[GHSA-349c-2h2f-mxf6] Laravel Passport: TokenGuard Authenticates Unrelated User for Client Credentials Tokens

#7338 opened Apr 9, 2026 by pushpak1300

Loading…

[GHSA-x4xq-7w28-q486] Smart contract Marginal v1 performs unsafe downcast,...

#7337 opened Apr 8, 2026 by donnyoregon

Loading…

[GHSA-8ffj-4hx4-9pgf] lightrag-hku: JWT Algorithm Confusion Vulnerability

#7336 opened Apr 8, 2026 by nomore8797

Loading…

[GHSA-4wmm-6qxj-fpj4] AVideo has a Path Traversal in listFiles.json.php Enables Server Filesystem Enumeration

#7335 opened Apr 8, 2026 by Marcono1234

Loading…

[GHSA-v467-g7g7-hhfh] AVideo has SSRF in Scheduler Plugin via callbackURL Missing isSSRFSafeURL() Validation

#7334 opened Apr 8, 2026 by Marcono1234

Loading…

[GHSA-rfgh-63mg-8pwm] pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

#7332 opened Apr 8, 2026 by komi22

Loading…

[GHSA-ghc4-35x6-crw5] Envoy has RBAC Header Validation Bypass via Multi-Value Header Concatenation

#7331 opened Apr 8, 2026 by sekveaja

Loading…

[GHSA-rxpj-7qvf-xv32] Improper Input Validation, Improper Control of Generation...

#7330 opened Apr 8, 2026 by filipecamargos

Loading…

[GHSA-6jwv-w5xf-7j27] go.etcd.io/bbolt affected by index out-of-range vulnerability

#7329 opened Apr 8, 2026 by ryanbekhen

Loading…

[GHSA-5qcv-4rpc-jp93] A race condition in the Apache Kafka Java producer client...

#7328 opened Apr 8, 2026 by filipecamargos

Loading…

[GHSA-rq49-h582-83m7] Cockpit's remote login feature passes user-supplied...

#7327 opened Apr 8, 2026 by Venefilyn

Loading…

[GHSA-mp2g-9vg9-f4cg] h3 v1 has Request Smuggling (TE.TE) issue

#7322 opened Apr 8, 2026 by simonkoeck

Loading…

[GHSA-f23m-r3pf-42rh] lodash vulnerable to Prototype Pollution via array path bypass in _.unset and _.omit

#7320 opened Apr 8, 2026 by Kteamk

Loading…

[GHSA-6w46-j5rx-g56g] pytest through 9.0.2 on UNIX relies on directories with...

#7316 opened Apr 7, 2026 by adamjstewart

Loading…

[GHSA-gxr4-xjj5-5px2] Potential XSS vulnerability in jQuery

#7311 opened Apr 6, 2026 by sealonohana

Loading…

[GHSA-jm43-hrq7-r7w6] Privilege escalation through link refactoring

#7290 opened Apr 3, 2026 by manuelleduc

Loading…

[GHSA-m494-w24q-6f7w] JDBC Driver for SQL Server has improper input validation issue

#7287 opened Apr 3, 2026 by dguerri

Loading…

Previous 1 2 Next

Previous Next

ProTip! What’s not been updated in a month: updated:<2026-03-09.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!