GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

GHSA-93ww-43rr-79v3: Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination 

GHSA-jgwc-jh89-rpgq: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

GHSA-xg58-75qf-9r67: Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges

GHSA-qqwr-j9mm-fhw6: deno_doc's HTML generator vulnerable to Cross-site Scripting

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the `compileClient`, `compileFileClient`, or `compileClientWithDependenciesTracked` function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.

**Pug allows JavaScript code execution if an application accepts untrusted input**

High severity GitHub Reviewed Published May 24, 2024 to the GitHub Advisory Database • Updated May 24, 2024

Headline

GHSA-3965-hpx2-q597: Pug allows JavaScript code execution if an application accepts untrusted input

ghsa: Latest News