GHSA-g85v-wf27-67xc: Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`

GHSA-8495-4g3g-x7pr: aiohttp allows request smuggling due to incorrect parsing of chunk extensions

Microweber prior to 1.2.21 is vulnerable to reflected cross-site scripting (XSS).

**Microweber before 1.2.21 vulnerable to reflected XSS**

Moderate severity GitHub Reviewed Published Jul 23, 2022 • Updated Jul 27, 2022