GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames

GHSA-c2f5-jxjv-2hh8: Wasmtime doesn't fully sandbox all the Windows device filenames

GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability

GHSA-v2qh-f584-6hj8: @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

GHSA-5wmg-9cvh-qw25: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.

**cortex establishes TLS connections with \`InsecureSkipVerify\` set to \`true\`**

High severity GitHub Reviewed Published Aug 1, 2024 to the GitHub Advisory Database • Updated Aug 2, 2024

Headline

GHSA-vw7g-3cc7-7rmh: cortex establishes TLS connections with `InsecureSkipVerify` set to `true`

ghsa: Latest News