GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames

GHSA-c2f5-jxjv-2hh8: Wasmtime doesn't fully sandbox all the Windows device filenames

GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability

GHSA-v2qh-f584-6hj8: @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

GHSA-5wmg-9cvh-qw25: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.

**in django-grappelli**

Moderate severity GitHub Reviewed Published Oct 22, 2023 to the GitHub Advisory Database • Updated Oct 24, 2023

Headline

GHSA-9x43-5qcq-h79q: in django-grappelli

Related news

ghsa: Latest News