15 Pull requests merged by 15 people

• [GHSA-v6w3-2prq-h95f] Improper Input Validation in Jakarta Expression Language

  #5782 merged Jul 1, 2025

• [GHSA-m964-fjrh-xxq2] Deserialization of Untrusted Data vulnerability in Apache...

  #5772 merged Jun 30, 2025

• [GHSA-vv7r-c36w-3prj] Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

  #5764 merged Jun 30, 2025

• [GHSA-jc9r-qcgw-fxq9] A vulnerability was found in sparklemotion nokogiri up to...

  #5778 merged Jun 30, 2025

• [GHSA-48p4-8xcf-vxj5] urllib3 does not control redirects in browsers and Node.js

  #5776 merged Jun 30, 2025

• [GHSA-g93m-8x6h-g5gv] When using IPAuthenticationProvider in ZooKeeper Admin...

  #5775 merged Jun 30, 2025

• [GHSA-rvqx-wpfh-mfx7] Langflow Unauth RCE

  #5773 merged Jun 30, 2025

• [GHSA-vhxf-7vqr-mrjg] DOMPurify allows Cross-site Scripting (XSS)

  #5763 merged Jun 30, 2025

• [GHSA-fc9h-whq2-v747] Valid ECDSA signatures erroneously rejected in Elliptic

  #5442 merged Jun 27, 2025

• [GHSA-h6gj-6jjq-h8g9] jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

  #5757 merged Jun 27, 2025

• [GHSA-rx97-6c62-55mf] Hashicorp Nomad Incorrect Privilege Assignment vulnerability

  #5759 merged Jun 27, 2025

• [GHSA-h4h6-vccr-44h2] uptrace pgdriver SQL injection vulnerability

  #5746 merged Jun 25, 2025

• [GHSA-9v35-4xcr-w9ph] NetBird uses a static initialization vector (IV)

  #5714 merged Jun 25, 2025

• [GHSA-wrrj-h57r-vx9p] Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports

  #5748 merged Jun 24, 2025

• [GHSA-4h8f-2wvx-gg5w] Bouncy Castle Java Cryptography API vulnerable to DNS poisoning

  #5717 merged Jun 24, 2025

4 Pull requests opened by 4 people

• [GHSA-p979-4mfw-53vg] HTTP Request Smuggling in Netty

  #5774 opened Jun 30, 2025

• [GHSA-9fq2-x9r6-wfmf] Numpy Deserialization of Untrusted Data

  #5777 opened Jun 30, 2025

• [GHSA-5h6x-m52p-23ph] Improper Certificate Validation in Apache Qpid Proton

  #5780 opened Jun 30, 2025

• [GHSA-gpqc-4pp7-5954] Authentication Bypass by CSRF Weakness

  #5783 opened Jul 1, 2025

4 Issues closed by 2 people

• Check out this app!

  #5771 closed Jun 30, 2025

• Review requested:

  #5770 closed Jun 30, 2025

• Data

  #5769 closed Jun 30, 2025

• Include Mend.io database

  #5727 closed Jun 26, 2025

4 Issues opened by 3 people

• Maven advisories missing scala SBT suffixes in package names

  #5781 opened Jun 30, 2025

• Possible Inaccuracy in XXE Vulnerability: Advisory-[GHSA-jffq-528j-mp6c]

  #5767 opened Jun 28, 2025

• Go: Supported ecosystem

  #5762 opened Jun 27, 2025

• Clarification on Overlap Between GHSA-gpqc-4pp7-5954 and GHSA-26xx-m4q2-xhq8

  #5756 opened Jun 25, 2025

2 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• julia ecosystem support

  #1689 commented on Jul 1, 2025 • 0 new comments

• [GHSA-9pp5-9c7g-4r83] Spring Security authorization bypass for method security annotations on private methods

  #5747 commented on Jun 26, 2025 • 0 new comments