GHSA-rm76-4mrf-v9r8: vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache

GHSA-c7w4-9wv8-7x7c: WhoDB allows parameter injection in DB connection URIs leading to local file inclusion

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

**MLflow Path Traversal Vulnerability**

High severity GitHub Reviewed Published Dec 20, 2023 to the GitHub Advisory Database • Updated Dec 20, 2023