-
Notifications
You must be signed in to change notification settings - Fork 653
Pull requests: github/advisory-database
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
[GHSA-xw6w-9jjh-p9cr] Scriban has Multiple Denial-of-Service Vectors via Unbounded Resource Consumption During Expression Evaluation
#8498
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-m2p3-hwv5-xpqw] Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString
#8497
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-xcx6-vp38-8hr5] Scriban has Uncontrolled Recursion in
object.to_json Causing Unrecoverable Process Crash via StackOverflowException
#8496
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-v66j-x4hw-fv9g] Scriban: Uncontrolled Memory Allocation via string.pad_left/pad_right Allows Remote Denial of Service
#8495
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-c875-h985-hvrc] Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service
#8494
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-5wr9-m6jw-xx44] Scriban: Sandbox escape due to TypedObjectAccessorcache bypassing MemberFilter after TemplateContext reuse
#8493
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-x6m9-38vm-2xhf] Scriban has an authorization bypass due to stale include cache surviving TemplateContext.Reset()
#8492
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-p6q4-fgr8-vx4p] Scriban has a Stack Overflow via Nested Array Initializers That Bypass the ExpressionDepthLimit Fix
#8491
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-5rpf-x9jg-8j5p] Scriban Affected by Memory Exhaustion (OOM) via Unbounded String Generation (Denial of Service)
#8490
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-grr9-747v-xvcp] Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)
#8489
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-wgh7-7m3c-fx25] Scriban has Uncontrolled Recursion in Parser Leads to Stack Overflow and Process Crash (Denial of Service)
#8488
opened Jul 4, 2026 by
adamus2
Loading…
[GHSA-987m-9prq-3p7m] A OS command injection vulnerability in the CGI program...
#8486
opened Jul 4, 2026 by
TiaMonique
Loading…
[GHSA-hhpq-7wg4-36jm] CakePHP Authentication: Open redirect weakness via backslash bypass
#8485
opened Jul 3, 2026 by
markstory
Loading…
[GHSA-jc38-x7x8-2xc8] PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks
#8484
opened Jul 3, 2026 by
samuelwei
Loading…
[GHSA-q742-qvgc-gc2f] TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes
#8483
opened Jul 3, 2026 by
sbrinkhorst
Loading…
[GHSA-v98h-vmpc-fpqv] TinyMCE Cross-Site Scripting (XSS) vulnerability through
mce:protected comments
#8482
opened Jul 3, 2026 by
sbrinkhorst
Loading…
[GHSA-v5pm-xwqc-g5wc] Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing
#8481
opened Jul 3, 2026 by
mahsa-lamiyan
Loading…
[GHSA-v5pm-xwqc-g5wc] Microsoft.OpenAPI: Circular schema references may terminate OpenAPI parsing
#8480
opened Jul 2, 2026 by
Falco20019
Loading…
[GHSA-wm64-883p-84j3] An issue was discovered in H2 1.4.197. Insecure handling...
#8478
opened Jul 2, 2026 by
levpachmanov
Loading…
[GHSA-vrv9-rjp4-w93c] Description:
To issue and renew TLS certificates on...
#8477
opened Jul 2, 2026 by
DavidOsipov
Loading…
[GHSA-jgpv-4h4c-xhw3] Uncontrolled Resource Consumption in pillow
#8475
opened Jul 2, 2026 by
yusuke-koyoshi
Loading…
[GHSA-8988-4f7v-96qf] OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation
#8474
opened Jul 2, 2026 by
Lokeninfinitypoint
Loading…
[GHSA-567r-vvh5-jjr8] ACE vulnerability in conditional configuration file...
#8473
opened Jul 1, 2026 by
beth-soptim
Loading…
Previous Next
ProTip!
Updated in the last three days: updated:>2026-07-01.