GHSA-8pmp-678w-c8xx: gitsign may use incorrect Rekor entries during verification

GHSA-wvv7-wm5v-w2gv: Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing.

**Filename spoofing in archive**

Low severity GitHub Reviewed Published Aug 31, 2023 to the GitHub Advisory Database • Updated Aug 31, 2023