20 Pull requests merged by 9 people

• [GHSA-mrr8-v49w-3333] sweetalert2 v11.6.14 and above contains potentially undesirable behavior

  #6014 merged Aug 14, 2025

• [GHSA-6xp3-p59p-q4fj] go-pg SQL injection vulnerability via the component /types/append_value.go

  #6017 merged Aug 14, 2025

• [GHSA-6628-q6j9-w8vg] gRPC Reachable Assertion issue

  #5999 merged Aug 13, 2025

• [GHSA-9hxf-ppjv-w6rq] gRPC connection termination issue

  #5998 merged Aug 13, 2025

• [GHSA-cfgp-2977-2fmm] Connection confusion in gRPC

  #5997 merged Aug 13, 2025

• Note remediation for GHSA-jg74-mwgw-v6x3

  #5991 merged Aug 12, 2025

• Correctly annotate affected package

  #5990 merged Aug 12, 2025

• [GHSA-4q53-fqhc-cr46] ember-source Cross-site Scripting vulnerability

  #5987 merged Aug 11, 2025

• [GHSA-m8p2-495h-ccmh] The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks

  #5791 merged Aug 11, 2025

• [GHSA-4q53-fqhc-cr46] ember-source Cross-site Scripting vulnerability

  #5986 merged Aug 11, 2025

• [GHSA-h4h6-vccr-44h2] uptrace pgdriver SQL injection vulnerability

  #5985 merged Aug 11, 2025

• [GHSA-xwmg-2g98-w7v9] Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON

  #5983 merged Aug 11, 2025

• [GHSA-x5rq-j2xg-h7qm] Regular Expression Denial of Service (ReDoS) in lodash

  #5982 merged Aug 11, 2025

• [GHSA-jf85-cpcp-j695] Prototype Pollution in lodash

  #5981 merged Aug 11, 2025

• [GHSA-4xc9-xhrj-v574] Prototype Pollution in lodash

  #5980 merged Aug 11, 2025

• [GHSA-fvqr-27wr-82fm] Prototype Pollution in lodash

  #5979 merged Aug 11, 2025

• [GHSA-p6mc-m468-83gw] Prototype Pollution in lodash

  #5978 merged Aug 11, 2025

• [GHSA-35jh-r3h4-6jhm] Command Injection in lodash

  #5977 merged Aug 11, 2025

• [GHSA-29mw-wpgm-hmr9] Regular Expression Denial of Service (ReDoS) in lodash

  #5976 merged Aug 11, 2025

• [GHSA-h4h6-vccr-44h2] uptrace pgdriver SQL injection vulnerability

  #5975 merged Aug 11, 2025

4 Pull requests opened by 4 people

• [GHSA-m5xw-hwxw-fq3j] Deserialization of untrusted data in IPC and Parquet...

  #5988 opened Aug 12, 2025

• [GHSA-6v2p-p543-phr9] golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

  #5995 opened Aug 13, 2025

• [GHSA-859w-5945-r5v3] Vite's server.fs.deny bypassed with /. for files under project root

  #6018 opened Aug 15, 2025

• [GHSA-xh69-987w-hrp8] resolv vulnerable to DoS via insufficient DNS domain name length validation

  #6019 opened Aug 15, 2025

1 Issue opened by 1 person

• Advisory GHSA-hcg3-q754-cr77 has incorrect package listed

  #5996 opened Aug 13, 2025

4 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• Add support for purl

  #10 commented on Aug 12, 2025 • 0 new comments

• Advisory GHSA-f4w8-cv6p-x6r5 lists incorrect fixed version

  #5847 commented on Aug 14, 2025 • 0 new comments

• Advisory GHSA-4pg4-qvpc-4q3h lists incorrect fixed version

  #5848 commented on Aug 14, 2025 • 0 new comments

• [GHSA-34rf-485x-g5h7] Arbitrary Command Injection in Kubernetes Headlamp via macOS Process codeSign

  #5802 commented on Aug 11, 2025 • 0 new comments