8 Pull requests merged by 7 people

• [GHSA-qc4j-v7h6-xr5h] Improper Neutralization of Special Elements used in an OS...

  #5854 merged Jul 25, 2025

• [GHSA-v9mx-4pqq-h232] Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo

  #5850 merged Jul 24, 2025

• [GHSA-4j66-8f4r-3pjx] bun vulnerable to OS Command Injection

  #5851 merged Jul 24, 2025

• [GHSA-rm8p-cx58-hcvx] Axios has Transitive Critical Vulnerability via form-data — Predictable Boundary Values (CVE-2025-7783)

  #5849 merged Jul 24, 2025

• [GHSA-2gxp-6r36-m97r] Corrected severity on advisory

  #5841 merged Jul 23, 2025

• [GHSA-c23v-vqw5-52c5] PowerJob vulnerable to Incorrect Access Control via the create user/save interface.

  #5840 merged Jul 22, 2025

• [GHSA-96c2-h667-9fxp] nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability

  #5839 merged Jul 22, 2025

• [GHSA-f29h-pxvx-f335] eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7...

  #5838 merged Jul 21, 2025

4 Pull requests opened by 4 people

• [GHSA-7653-r8cq-rf8w] The Nginx Cache Purge Preload plugin for WordPress is...

  #5845 opened Jul 23, 2025

• [GHSA-xffm-g5w8-qvg7] @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser

  #5852 opened Jul 24, 2025

• [GHSA-h47j-hc6x-h3qq] Remote Code Execution Vulnerability in NPM mongo-express

  #5855 opened Jul 25, 2025

• [GHSA-2g7m-ph9x-7q7m] ReDoS in strip_whitespaces() function in cps...

  #5856 opened Jul 26, 2025

6 Issues closed by 3 people

• Advisory GHSA-jwvw-v7c5-m82h - Clarification required on ecosystems impacted

  #5796 closed Jul 24, 2025

• Review requested for GHSA-fh4q-jc76-r59p: Potential false positive for the stylus npm package

  #5846 closed Jul 23, 2025

• Metadata Correction Request for GHSA-3wqh-h42r-x8fq (@hapi/subtext)

  #5815 closed Jul 22, 2025

• Add support for Linux packages

  #5836 closed Jul 21, 2025

• Go: Supported ecosystem

  #5762 closed Jul 21, 2025

• Correction Request: Add ammo package to affected list in GHSA-gjph-xf5q-6mfq

  #5820 closed Jul 21, 2025

4 Issues opened by 4 people

• request to review and remove GHSA-hhqp-hr66-2g9r

  #5857 opened Jul 27, 2025

• Advisory GHSA-xffm-g5w8-qvg7 has incorrect fix version

  #5853 opened Jul 25, 2025

• Advisory GHSA-4pg4-qvpc-4q3h lists incorrect fixed version

  #5848 opened Jul 23, 2025

• Advisory GHSA-f4w8-cv6p-x6r5 lists incorrect fixed version

  #5847 opened Jul 23, 2025

3 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

• False Positive: CWE-506 Flag on Project Packages

  #5478 commented on Jul 23, 2025 • 0 new comments

• [GHSA-wx5j-54mm-rqqq] HTTP request smuggling in netty

  #5792 commented on Jul 21, 2025 • 0 new comments

• [GHSA-fr5w-98mc-jjvg] Arbitrary file upload in Mingsoft MCMS

  #5834 commented on Jul 22, 2025 • 0 new comments