GHSA-5jfw-gq64-q45f: HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

GHSA-hrxh-9w67-g4cv: Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata

GHSA-m5vv-7jxc-8p6x: Redaxo Core CMS Cross Site Scripting (XSS)

GHSA-p7f6-8mcm-fwv3: Statamic CMS has a Path Traversal in Asset Upload

GHSA-2x2g-32r7-p4x8: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.

**Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library**

High severity GitHub Reviewed Published Sep 1, 2023 to the GitHub Advisory Database • Updated Sep 1, 2023

Headline

GHSA-f73w-4m7g-ch9x: Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library

Related news

ghsa: Latest News