GHSA-rm76-4mrf-v9r8: vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache

GHSA-c7w4-9wv8-7x7c: WhoDB allows parameter injection in DB connection URIs leading to local file inclusion

GHSA-9r4c-jwx3-3j76: WhoDB has a path traversal opening Sqlite3 database

GHSA-2hjh-495w-hmxc: Sylius allows unrestricted brute-force attacks on user accounts

GHSA-j82m-pc2v-2484: Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc

In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced.

The copied system time zone was released before its name was copied.
If the system time zone was changed between the call of `CFRelease` and `str::to_owned()`,
random memory would be copied.


**iana-time-zone vulnerable to use after free in MacOS / iOS implementation**

Moderate severity GitHub Reviewed Published Aug 30, 2022 • Updated Aug 30, 2022

Headline

GHSA-3fg9-hcq5-vxrc: iana-time-zone vulnerable to use after free in MacOS / iOS implementation

ghsa: Latest News