GHSA-rm76-4mrf-v9r8: vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache

GHSA-c7w4-9wv8-7x7c: WhoDB allows parameter injection in DB connection URIs leading to local file inclusion

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.

**MLflow Path Traversal Vulnerability**

High severity GitHub Reviewed Published Dec 20, 2023 to the GitHub Advisory Database • Updated Dec 20, 2023