GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.


**Onnx Directory Traversal vulnerability**

High severity GitHub Reviewed Published Feb 23, 2024 to the GitHub Advisory Database • Updated Feb 23, 2024

Headline

GHSA-whh8-fjgc-qp73: Onnx Directory Traversal vulnerability

ghsa: Latest News