4 Pull requests merged by 4 people

• [GHSA-6qjf-g333-pv38] Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class

  #6028 merged Aug 20, 2025

• [GHSA-4gg5-vx3j-xwc7] Protobuf Java vulnerable to Uncontrolled Resource Consumption

  #6025 merged Aug 19, 2025

• [GHSA-mrr8-v49w-3333] sweetalert2 v11.6.14 and above contains potentially undesirable behavior

  #6014 merged Aug 14, 2025

• [GHSA-6xp3-p59p-q4fj] go-pg SQL injection vulnerability via the component /types/append_value.go

  #6017 merged Aug 14, 2025

12 Pull requests opened by 8 people

• [GHSA-859w-5945-r5v3] Vite's server.fs.deny bypassed with /. for files under project root

  #6018 opened Aug 15, 2025

• [GHSA-xh69-987w-hrp8] resolv vulnerable to DoS via insufficient DNS domain name length validation

  #6019 opened Aug 15, 2025

• [GHSA-q355-h244-969h] Komari vulnerable to Cross-site WebSocket Hijacking

  #6021 opened Aug 17, 2025

• [GHSA-w2cq-g8g3-gm83] content-security-policy-parser Prototype Pollution Vulnerability May Lead to RCE

  #6026 opened Aug 19, 2025

• [GHSA-3c93-92r7-j934] Grafana Infinity Datasource Plugin SSRF Vulnerability

  #6029 opened Aug 19, 2025

• [GHSA-8jh9-wqpf-q52c] sweetalert2 v8.19.1 and above contains hidden functionality

  #6030 opened Aug 19, 2025

• [GHSA-457r-cqc8-9vj9] sweetalert2 v10.16.10 and above contains hidden functionality

  #6031 opened Aug 19, 2025

• [GHSA-qq6h-5g6j-q3cm] sweetalert2 v11.4.9 and above contains hidden functionality

  #6032 opened Aug 19, 2025

• [GHSA-r4mg-4433-c7g3] Active Storage allowed transformation methods that were potentially unsafe

  #6033 opened Aug 20, 2025

• [GHSA-76r7-hhxj-r776] Active Record logging vulnerable to ANSI escape injection

  #6034 opened Aug 20, 2025

• [GHSA-xqrq-4mgf-ff32] Python-Future Module Arbitrary Code Execution via Unintended Import of test.py

  #6036 opened Aug 20, 2025

• [GHSA-7rqq-prvp-x9jh] Mermaid improperly sanitizes sequence diagram labels leading to XSS

  #6037 opened Aug 20, 2025

2 Issues closed by 1 person

• Isues_01

  #6022 closed Aug 20, 2025

• Facebook J. R.

  #6035 closed Aug 20, 2025

1 Issue opened by 1 person

• Seeking clarification on Advisory GHSA-h4h5-3hr4-j3g2 - Potential denial of service for protobuf-java

  #6023 opened Aug 18, 2025

2 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Advisory GHSA-f4w8-cv6p-x6r5 lists incorrect fixed version

  #5847 commented on Aug 14, 2025 • 0 new comments

• Advisory GHSA-4pg4-qvpc-4q3h lists incorrect fixed version

  #5848 commented on Aug 14, 2025 • 0 new comments