GHSA-rhm9-gp5p-5248: Gradio vulnerable to arbitrary file read with File and UploadButton components

GHSA-fpm5-2wcj-vfr7: codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

GHSA-f3f8-vx3w-hp5q: codechecker vulnerable to authentication bypass when using specifically crafted URLs

GHSA-p7mv-53f2-4cwj: CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data

GHSA-96g7-g7g9-jxw8: happy-dom allows for server side code to be executed by a <script> tag

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue.

**Meshery SQL Injection vulnerability**

High severity GitHub Reviewed Published Aug 5, 2024 to the GitHub Advisory Database • Updated Aug 5, 2024

Headline

GHSA-652r-q29p-m25h: Meshery SQL Injection vulnerability

ghsa: Latest News