Insights: github/advisory-database

43 Pull requests merged by 16 people

• [GHSA-qrmm-w75w-3wpx] Server side request forgery in SwaggerUI

  #900 merged Jan 6, 2023

• [GHSA-hgp8-w8fj-r4cm] ToolJet is vulnerable to Denial of Service (DoS)

  #1030 merged Jan 6, 2023

• [GHSA-rvww-w62m-hch8] A cross-site request forgery (CSRF) vulnerability in...

  #1332 merged Jan 5, 2023

• [GHSA-qvhf-3567-pc4v] Sandbox protection in Jenkins Script Security Plugin 1.70...

  #1495 merged Jan 5, 2023

• [GHSA-6xxf-rwv4-mrjm] Jenkins Timestamper Plugin 1.11.1 and earlier does not...

  #1496 merged Jan 5, 2023

• [GHSA-vpfj-5gg5-fvfm] Jenkins Cobertura Plugin 1.15 and earlier does not...

  #1497 merged Jan 5, 2023

• [GHSA-m935-chfp-9f63] An arbitrary file write vulnerability in Jenkins...

  #1498 merged Jan 5, 2023

• [GHSA-cj2g-wwfv-mvjh] Jenkins Audit Trail Plugin 3.2 and earlier does not...

  #1499 merged Jan 5, 2023

• [GHSA-6fh3-xhwg-7hfh] Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier...

  #1509 merged Jan 6, 2023

• [GHSA-gvcj-72h4-8xm9] Jenkins Quality Gates Plugin 2.5 and earlier transmits...

  #1510 merged Jan 6, 2023

• [GHSA-wc2g-9j98-vcgw] Jenkins Subversion Release Manager Plugin 1.2 and earlier...

  #1511 merged Jan 6, 2023

• [GHSA-m365-98j8-w96w] Jenkins Zephyr for JIRA Test Management Plugin 1.5 and...

  #1513 merged Jan 6, 2023

• [GHSA-hm57-4qpx-f734] Jenkins DeployHub Plugin 8.0.14 and earlier transmits...

  #1515 merged Jan 5, 2023

• [GHSA-q2wv-m3pq-xpv9] Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits...

  #1516 merged Jan 5, 2023

• [GHSA-c329-r874-xc7j] Jenkins Literate Plugin 1.0 and earlier does not...

  #1517 merged Jan 5, 2023

• [GHSA-p5x5-jg3j-2jcj] Jenkins CryptoMove Plugin 0.1.33 and earlier allows...

  #1518 merged Jan 5, 2023

• [GHSA-hw26-fw67-qxm9] Jenkins Git Parameter Plugin 0.9.11 and earlier does not...

  #1519 merged Jan 6, 2023

• [GHSA-fgxc-mxvw-55mv] Jenkins Git Parameter Plugin 0.9.11 and earlier does not...

  #1520 merged Jan 6, 2023

• [GHSA-ffr6-8cv5-j637] Jenkins S3 publisher Plugin 0.11.4 and earlier transmits...

  #1521 merged Jan 6, 2023

• [GHSA-8g6v-g8qc-5w7j] Jenkins DigitalOcean Plugin 1.1 and earlier stores a...

  #1533 merged Jan 9, 2023

• [GHSA-2j3r-x6xc-qqqj] Jenkins BMC Release Package and Deployment Plugin 1.1 and...

  #1534 merged Jan 9, 2023

• [GHSA-6793-gmp9-2535] Jenkins ECX Copy Data Management Plugin 1.9 and earlier...

  #1535 merged Jan 5, 2023

• [GHSA-jmp9-f42q-4g85] Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a...

  #1536 merged Jan 5, 2023

• [GHSA-qj7p-9hgf-x8j7] Jenkins Harvest SCM Plugin 0.5.1 and earlier stores...

  #1537 merged Jan 5, 2023

• [GHSA-gmg2-3w6v-945p] Jenkins Parasoft Environment Manager Plugin 2.14 and...

  #1538 merged Jan 5, 2023

• [GHSA-54m9-h7qp-fwvg] Jenkins Applatix Plugin 1.1 and earlier stores a password...

  #1539 merged Jan 5, 2023

• [GHSA-w596-4wvx-j9j6] ReDoS in py library when used with subversion

  #1545 merged Jan 4, 2023

• [GHSA-9c47-m6qq-7p4h] Prototype Pollution in JSON5 via Parse Method

  #1554 merged Jan 4, 2023

• [GHSA-hrm3-3xm6-x33h] golang-nanoauth authentication bypass vulnerability

  #1556 merged Jan 4, 2023

• [GHSA-hcpj-qp55-gfph] GitPython vulnerable to Remote Code Execution due to improper user input validation

  #1561 merged Jan 4, 2023

• [GHSA-r3r5-jhw6-4634] Insecure temporary file usage in SWHKD

  #1562 merged Jan 5, 2023

• [GHSA-wqv3-8cm6-h6wg] Improper Authentication in Kubernetes

  #1563 merged Jan 6, 2023

• [GHSA-h6xw-mghq-7523] Unsafe parsing in SWHKD

  #1569 merged Jan 6, 2023

• [GHSA-g56w-cwg4-hxx9] Code injection in quarkus dev ui config editor

  #1570 merged Jan 6, 2023

• [GHSA-47fc-vmwq-366v] PyTorch vulnerable to arbitrary code execution

  #1571 merged Jan 6, 2023

• [GHSA-vc29-mvwv-wpcq] Cross-site scripting (XSS) vulnerability in cake/libs...

  #1579 merged Jan 9, 2023

• [GHSA-8jmw-wjr8-2x66] Command injection in git-clone

  #1581 merged Jan 8, 2023

• [GHSA-chj3-f7xw-367m] OS Command Injection in git-promise

  #1582 merged Jan 8, 2023

• [GHSA-qffw-8wg7-h665] Command injection in git-interface

  #1583 merged Jan 8, 2023

• [GHSA-28xr-mwxg-3qc8] Command injection in simple-git

  #1584 merged Jan 8, 2023

• [GHSA-4jv9-3563-23j3] Knex.js has a limited SQL injection vulnerability

  #1585 merged Jan 8, 2023

• [GHSA-3xq5-wjfh-ppjc] Luxon Inefficient Regular Expression Complexity vulnerability

  #1586 merged Jan 9, 2023

• [GHSA-3xq5-wjfh-ppjc] Luxon Inefficient Regular Expression Complexity vulnerability

  #1589 merged Jan 9, 2023

13 Pull requests opened by 6 people

• [GHSA-9c47-m6qq-7p4h] Prototype Pollution in JSON5 via Parse Method

  #1560 opened Jan 4, 2023

• [GHSA-9pgx-pf36-w46r] A vulnerability exists in CakePHP versions 4.0.x through...

  #1572 opened Jan 6, 2023

• [GHSA-g2vx-8v47-4vhh] The _validatePost function in libs/controller/components...

  #1573 opened Jan 6, 2023

• [GHSA-r7p6-fr3x-r877] CakePHP 1.3.7 allows remote attackers to obtain sensitive...

  #1574 opened Jan 6, 2023

• [GHSA-5964-pq8r-4q62] The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x...

  #1575 opened Jan 6, 2023

• [GHSA-556q-h4vr-pgh2] CakePHP 2.x and 3.x before 3.1.5 might allow remote...

  #1576 opened Jan 6, 2023

• [GHSA-j8p3-8m69-2hqq] The clientIp function in CakePHP 3.2.4 and earlier allows...

  #1577 opened Jan 6, 2023

• [GHSA-rw73-xmpv-j5x2] Directory traversal vulnerability in app/webroot/js...

  #1578 opened Jan 6, 2023

• [GHSA-p46c-w9m3-7qr2] Use of Uninitialized Resource in flumedb.

  #1592 opened Jan 10, 2023

• [GHSA-9783-42pm-x5jq] Use of Uninitialized Resource in csv-sniffer.

  #1593 opened Jan 10, 2023

• [GHSA-4jv9-3563-23j3] Knex.js has a limited SQL injection vulnerability

  #1594 opened Jan 10, 2023

• [GHSA-27h2-hvpr-p74q] jsonwebtoken has insecure input validation in jwt.verify function

  #1595 opened Jan 10, 2023

• [GHSA-m7r3-6mr9-xj8f] workers/extractor.py in Pandora (aka pandora-analysis...

  #1596 opened Jan 10, 2023

4 Issues opened by 3 people

• Missing information in json files compared to the advisory page

  #1580 opened Jan 7, 2023

• [Feature Request] Better transitive security disclosure and alerting

  #1565 opened Jan 5, 2023

• [Feature Request] Allow official CVEs to be shown on Security Advisory page

  #1564 opened Jan 5, 2023

• Improper formatting and code escaping when merging/syncing a PR

  #1555 opened Jan 3, 2023