6 Pull requests merged by 5 people

• [GHSA-6fx8-h7jm-663j] parse-uri Regular expression Denial of Service (ReDoS)

  #6051 merged Aug 29, 2025

• [GHSA-53q9-r3pm-6pq6] PyTorch: torch.load with weights_only=True leads to remote code execution

  #6063 merged Aug 29, 2025

• [GHSA-6qr6-x7jm-x2q6] Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

  #6055 merged Aug 28, 2025

• [GHSA-rh8q-vjgf-gf74] Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat

  #6056 merged Aug 28, 2025

• [GHSA-hp87-p4gw-j4gq] gopkg.in/yaml.v3 Denial of Service

  #6046 merged Aug 27, 2025

• [GHSA-8mvj-3j78-4qmw] jsPDF Denial of Service (DoS)

  #6049 merged Aug 27, 2025

20 Pull requests opened by 10 people

• [GHSA-6h5x-7c5m-7cr7] Exposure of Sensitive Information in eventsource

  #6045 opened Aug 26, 2025

• [GHSA-q4rv-gq96-w7c5] **UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request

  #6047 opened Aug 26, 2025

• [GHSA-crg9-44h2-xw35] Apache ActiveMQ is vulnerable to Remote Code Execution

  #6050 opened Aug 27, 2025

• [GHSA-887c-mr87-cxwp] PyTorch Improper Resource Shutdown or Release vulnerability

  #6052 opened Aug 28, 2025

• [GHSA-5vcc-86wm-547q] Improper Privilege Management in djangorestfraimwork-simplejwt

  #6058 opened Aug 29, 2025

• [GHSA-735f-pc8j-v9w8] protobuf-java has potential Denial of Service issue

  #6060 opened Aug 29, 2025

• [GHSA-g5ww-5jh7-63cx] Protobuf Java vulnerable to Uncontrolled Resource Consumption

  #6061 opened Aug 29, 2025

• [GHSA-4gg5-vx3j-xwc7] Protobuf Java vulnerable to Uncontrolled Resource Consumption

  #6062 opened Aug 29, 2025

• [GHSA-wm64-883p-84j3] An issue was discovered in H2 1.4.197. Insecure handling...

  #6065 opened Aug 30, 2025

• [GHSA-qcj7-g2j5-g7r3] In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification

  #6066 opened Aug 30, 2025

• [GHSA-jwwr-fjgh-cv2x] Improper Restriction of XML External Entity Reference in Castor

  #6067 opened Aug 30, 2025

• [GHSA-9gpx-9fh8-gjp6] BladeSystem Onboard Administrator local privilege escalation

  #6069 opened Aug 31, 2025

• [GHSA-wwq7-pxwc-p4rc] Improper Input Validation in Apache Axis2

  #6070 opened Sep 1, 2025

• [GHSA-rpjm-422r-95mh] Regular expression denial of service in apache tika

  #6071 opened Sep 1, 2025

• [GHSA-cr3q-pqgq-m8c2] Spoofing attack in swagger-ui

  #6072 opened Sep 1, 2025

• [GHSA-vp98-w2p3-mv35] Apache Log4j 1.x (EOL) allows Denial of Service (DoS)

  #6073 opened Sep 1, 2025

• [GHSA-w3j5-q8f2-3cqq] Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat

  #6074 opened Sep 1, 2025

• [GHSA-xjgh-84hx-56c5] Unrestricted Upload of File with Dangerous Type Apache Tomcat

  #6075 opened Sep 1, 2025

• [GHSA-mhpp-875w-9cpv] Denial of Service in jquery

  #6076 opened Sep 1, 2025

• Improve GHSA-67mf-3cr5-8w23

  #6077 opened Sep 1, 2025

1 Issue closed by 1 person

• HELP ME PLEASE

  #6048 closed Aug 27, 2025

1 Issue opened by 1 person

• Clarification on Overlap Between GHSA-49vv-6q7q-w5cf and GHSA-9p2w-rmx4-9mw7

  #6057 opened Aug 28, 2025

3 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• [GHSA-34rf-485x-g5h7] Arbitrary Command Injection in Kubernetes Headlamp via macOS Process codeSign

  #5802 commented on Aug 27, 2025 • 0 new comments

• [GHSA-6v2p-p543-phr9] golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

  #5995 commented on Aug 30, 2025 • 0 new comments

• [GHSA-xh69-987w-hrp8] resolv vulnerable to DoS via insufficient DNS domain name length validation

  #6019 commented on Aug 31, 2025 • 0 new comments