github / advisory-database Public

Notifications You must be signed in to change notification settings
Fork 579
Star 2.2k

Code
Issues 71
Pull requests 42
Discussions
Actions
Models
Security and quality
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Models
Security and quality
Insights

Pull requests: github/advisory-database

Labels 15 Milestones 0

New pull request New

42 Open 6,452 Closed

Author

Filter by author

Uh oh!

There was an error while loading. Please reload this page.

Label

Filter by label

Uh oh!

There was an error while loading. Please reload this page.

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Uh oh!

There was an error while loading. Please reload this page.

Milestones

Filter by milestone

Uh oh!

There was an error while loading. Please reload this page.

Reviews

Filter by reviews

No reviews Review required Approved review Changes requested

Assignee

Filter by who’s assigned

Assigned to nobody

Uh oh!

There was an error while loading. Please reload this page.

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Pull requests list

[GHSA-w35j-pv5h-q9q9] Apache Log4j's JsonTemplateLayout produces invalid JSON output when log events contain non-finite floating-point values

#7362 opened Apr 11, 2026 by ppkarwasz

Loading…

[GHSA-3pxv-7cmr-fjr4] Apache Log4j Core's XmlLayout fails to sanitize characters

#7361 opened Apr 11, 2026 by ppkarwasz

Loading…

[GHSA-9cp7-j3f8-p5jx] Daptin has Unauthenticated Path Traversal and Zip Slip

#7360 opened Apr 11, 2026 by cerquedai628-blip

Loading…

[GHSA-4f7c-pmjv-c25w] Apache Log4net's XmlLayout https://logging.apache.org...

#7359 opened Apr 10, 2026 by FreeAndNil

Loading…

[GHSA-h383-gmxw-35v2] The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2...

#7358 opened Apr 10, 2026 by ppkarwasz

Loading…

[GHSA-445c-vh5m-36rj] Apache Log4j Core's Rfc5424Layout https://logging.apache...

#7357 opened Apr 10, 2026 by ppkarwasz

Loading…

[GHSA-6hg6-v5c8-fphq] The fix for CVE-2025-68161 https://logging.apache.org...

#7356 opened Apr 10, 2026 by ppkarwasz

Loading…

[GHSA-r5fr-rjxr-66jc] lodash vulnerable to Code Injection via _.template imports key names

#7354 opened Apr 9, 2026 by goro

Loading…

[GHSA-8vrh-3pm2-v4v6] FileBrowser Quantum: Password Protection Not Enforced on Shared File Links

#7353 opened Apr 9, 2026 by ByteAfterlife

Loading…

[GHSA-525j-95gf-766f] FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info

#7352 opened Apr 9, 2026 by ByteAfterlife

Loading…

[GHSA-qm9p-f9j5-w83w] Parcel has an Origin Validation Error vulnerability

#7348 opened Apr 9, 2026 by Pomax

Loading…

[GHSA-5wfc-hjrc-gq87] hjson stack exhaustion vulnerability

#7347 opened Apr 9, 2026 by achibear

Loading…

[GHSA-5hr4-253g-cpx2] web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

#7346 opened Apr 9, 2026 by Nadav0077

Loading…

[GHSA-qj83-cq47-w5f8] Axios HTTP/2 Session Cleanup State Corruption Vulnerability

#7345 opened Apr 9, 2026 by sealonohana

Loading…

[GHSA-4pgc-gfrr-wcmg] Keycloak has Improper Access Control allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false

#7344 opened Apr 9, 2026 by dnegreira

Loading…

[GHSA-22rm-wp4x-v5cx] Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation

#7343 opened Apr 9, 2026 by dnegreira

Loading…

[GHSA-rhgq-f8x5-j2jc] Keycloak's identity-first login flow exposes user information

#7342 opened Apr 9, 2026 by dnegreira

Loading…

[GHSA-vxg3-v4p6-f3fp] Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

#7340 opened Apr 9, 2026 by herbertroth

Loading…

[GHSA-349c-2h2f-mxf6] Laravel Passport: TokenGuard Authenticates Unrelated User for Client Credentials Tokens

#7338 opened Apr 9, 2026 by pushpak1300

Loading…

[GHSA-x4xq-7w28-q486] Smart contract Marginal v1 performs unsafe downcast,...

#7337 opened Apr 8, 2026 by donnyoregon

Loading…

[GHSA-8ffj-4hx4-9pgf] lightrag-hku: JWT Algorithm Confusion Vulnerability

#7336 opened Apr 8, 2026 by nomore8797

Loading…

[GHSA-4wmm-6qxj-fpj4] AVideo has a Path Traversal in listFiles.json.php Enables Server Filesystem Enumeration

#7335 opened Apr 8, 2026 by Marcono1234 Contributor

Loading…

[GHSA-v467-g7g7-hhfh] AVideo has SSRF in Scheduler Plugin via callbackURL Missing isSSRFSafeURL() Validation

#7334 opened Apr 8, 2026 by Marcono1234 Contributor

Loading…

[GHSA-rfgh-63mg-8pwm] pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

#7332 opened Apr 8, 2026 by komi22

Loading…

[GHSA-ghc4-35x6-crw5] Envoy has RBAC Header Validation Bypass via Multi-Value Header Concatenation

#7331 opened Apr 8, 2026 by sekveaja

Loading…

Previous 1 2 Next

Previous Next

ProTip! Exclude everything labeled bug with -label:bug.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!