A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used (GHSA-v428-g3cw-7hv9)
Write=originate, is sufficient permissions for code execution / System() dialplan (GHSA-c4cg-9275-6w44)
res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests (GHSA-qqxj-v78h-hrf9)
PJSIP_HEADER dialplan function can overwrite memory/cause crash when using ‘update’ (GHSA-98rc-4j27-74hh)
PJSIP logging allows attacker to inject fake Asterisk log entries (GHSA-5743-x3p5-3rg7)