Skip to content

Pull requests: github/advisory-database

New pull request New
46 Open 6,546 Closed
46 Open 6,546 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

[GHSA-4hmj-39m8-jwc7] OpenClaw has ACP CLI approval prompt ANSI escape sequence injection
#7468 opened Apr 20, 2026 by anlakii Loading…
1
[GHSA-458j-xx4x-4375] hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR
#7467 opened Apr 20, 2026 by throwersedrickoctauious-del Loading…
1
[GHSA-xq7p-g2vc-g82p] Homograph attack allows Unicode lookalike characters to bypass validation.
#7466 opened Apr 20, 2026 by Wenxin-Jiang Loading…
1
[GHSA-px4h-xg32-q955] ReDoS in normalize-url
#7465 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-mwv9-gp5h-frr4] Sveltejs devalue's devalue.parse and devalue.unflatten emit objects with __proto__ own properties
#7464 opened Apr 20, 2026 by Wenxin-Jiang Loading…
7
[GHSA-hx9m-jf43-8ffr] seroval affected by Denial of Service via RegExp serialization
#7463 opened Apr 20, 2026 by Wenxin-Jiang Loading…
2
[GHSA-gpvj-q7fp-jcch] simplehttpserver allows directory traversal and file listing
#7462 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-ff7x-qrg7-qggm] dot-prop Prototype Pollution vulnerability
#7461 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-f6v4-cf5j-vf3w] dset Prototype Pollution vulnerability
#7460 opened Apr 20, 2026 by Wenxin-Jiang Loading…
1
[GHSA-92fh-27vv-894w] nanotar is vulnerable to path traversal in parseTar() and parseTarGzip()
#7458 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-8r6j-v8pm-fqw3] Code injection in fsevents
#7457 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-8j4w-5fw4-rm27] Prototype Pollution in deeply
#7456 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-884p-74jh-xrg2] Command Injection in tree-kill
#7455 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-86wf-436m-h424] Resource Exhaustion Denial of Service in http-proxy-agent
#7454 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-7mg4-w3w5-x5pc] Prototype pollution in json-pointer
#7453 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-6g33-8w2q-4hxv] robots-txt-guard Inefficient Regular Expression Complexity vulnerability
#7452 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-29xr-v42j-r956] thenify before 3.3.1 made use of unsafe calls to eval.
#7451 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-28xh-wpgr-7fm8] Command Injection in open
#7450 opened Apr 20, 2026 by Wenxin-Jiang Loading…
[GHSA-28g4-38q8-3cwc] Flowise: Cypher Injection in GraphCypherQAChain
#7449 opened Apr 20, 2026 by nikpivkin Loading…
2
[GHSA-rg7c-g689-fr3x] Google Agent Development Kit (ADK) has a Code Injection and Missing Authentication vulnerability
#7447 opened Apr 20, 2026 by philrollet Loading…
[GHSA-gcq8-j4vp-vgvp] Uncaught exception in OpenBMC Firmware for some Intel(R)...
#7446 opened Apr 20, 2026 by wongchaiyathamchaiphetwongchai-hue Loading…
[GHSA-cq8v-f236-94qc] Rand is unsound with a custom logger using rand::rng()
#7445 opened Apr 20, 2026 by ShoyuVanilla Loading…
[GHSA-rmmh-p597-ppvv] An issue in the anchors subparser of Showdownjs versions ...
#7444 opened Apr 20, 2026 by LukasChristel Loading…
1
[GHSA-9cp7-j3f8-p5jx] Daptin has Unauthenticated Path Traversal and Zip Slip
#7443 opened Apr 20, 2026 by cerquedai628-blip Loading…
1
Add 3 critical security advisories for hexstrike-ai (0x4m4/hexstrike-ai)
#7442 opened Apr 20, 2026 by sermikr0 Loading…
ProTip! Find all pull requests that aren't related to any open issues with -linked:issue.