GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).

**SonarQube logs sensitive information**

Moderate severity GitHub Reviewed Published Jun 16, 2024 to the GitHub Advisory Database • Updated Jun 17, 2024

Headline

GHSA-hw2c-8xgw-mf57: SonarQube logs sensitive information

ghsa: Latest News