JLSEC-2025-5 Lack of validation for user-provided fields in GitHub.jl

There is a lack of input validation for user-provided values in certain functions. In the GitHub.repo function, the user can provide any string for the reponame field. These inputs are not validated or safely encoded and are sent directly to the server. Impact This means a user can add path...

CVE-2025-52479 HTTP.jl vulnerable to CR/LF Injection in URIs

HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers URIs. URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs containing CR/LF characters. If user input was not otherwise...