-
Notifications
You must be signed in to change notification settings - Fork 670
Pull requests: github/advisory-database
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
[GHSA-p4gq-832x-fm9v] Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read
#8711
opened Jul 14, 2026 by
maheshwarivijaykumar
Loading…
[GHSA-cw25-2p92-7f75] Prefect has an Argument Injection issue
#8709
opened Jul 14, 2026 by
bdalpe
Loading…
[GHSA-7pm4-56h2-5rxr] Prefect version 3.6.23 is vulnerable to remote code...
#8708
opened Jul 14, 2026 by
bdalpe
Loading…
[GHSA-pmfc-4wjj-gmhx] cut: -s ignored in -z -d '' newline-delimiter mode
#8707
opened Jul 14, 2026 by
vitoroliveirasilva
Loading…
[GHSA-fccv-jmmp-qg76] Apache Tomcat Improper Input Validation vulnerability
#8705
opened Jul 14, 2026 by
aruneko
Contributor
Loading…
[GHSA-53hp-jpwq-2jgq] Uncontrolled Resource Consumption in Apache Tomcat
#8704
opened Jul 14, 2026 by
yusuke-koyoshi
Loading…
[GHSA-7jqf-v358-p8g7] Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
#8703
opened Jul 14, 2026 by
hara-satoshi-ymr
Loading…
[GHSA-jhq6-gfmj-v8fx] Logback vulnerable to Object Injection through HardenedObjectInputStream modules
#8699
opened Jul 14, 2026 by
lakunero
Loading…
[GHSA-c236-24xj-j3g6] IDrive’s id_service.exe process runs with elevated...
#8698
opened Jul 14, 2026 by
shialmoti-boop
Loading…
[GHSA-493p-pfq6-5258] json-smart Uncontrolled Recursion vulnerability
#8697
opened Jul 14, 2026 by
oswaldobapvicjr
Loading…
[GHSA-5r2p-pjr8-7fh7] SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality
#8696
opened Jul 13, 2026 by
eddiegrau
Loading…
[GHSA-xcpc-8h2w-3j85] adm-zip before 0.5.18 is vulnerable to denial of service...
#8694
opened Jul 13, 2026 by
julianladisch
Loading…
[GHSA-qv9r-c865-cp47] Improper encoding of non-finite floating-point values...
#8693
opened Jul 13, 2026 by
ppkarwasz
Loading…
[GHSA-7rjr-3q55-vv33] Incomplete fix for Apache Log4j vulnerability
#8692
opened Jul 13, 2026 by
noren95
Loading…
[GHSA-fj2m-w3wv-x9pr] Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack
#8687
opened Jul 12, 2026 by
levpachmanov
Loading…
[GHSA-jj36-r9w3-3pfh] Budibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentials
#8686
opened Jul 12, 2026 by
Amayyas
Loading…
[GHSA-56r7-h6mw-rcfv] Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
#8685
opened Jul 12, 2026 by
sealonohana
Loading…
[GHSA-m9gh-789g-q5pv] Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates
#8684
opened Jul 12, 2026 by
sealonohana
Loading…
[GHSA-ghfh-p92w-j4mg] Elasticsearch Potential Node Crash due to Large Recursion in
innerForbidCircularReferences Function
#8683
opened Jul 12, 2026 by
sealonohana
Loading…
[GHSA-rgxp-2hwp-jwgg] Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering
#8682
opened Jul 12, 2026 by
noren95
Loading…
[GHSA-fxhp-mv3v-67qp]
oras-go tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution
#8681
opened Jul 12, 2026 by
onelapahead
Loading…
[GHSA-hhx9-57xq-r5rw] @hey-api/openapi-ts's
buildClientParams template: prototype chain substitution via unknown $<slot>___proto__ key
#8677
opened Jul 10, 2026 by
jason-anthropic
Loading…
Previous Next
ProTip!
Exclude everything labeled
bug with -label:bug.