GHSA-gmx7-gr5q-85w5: magic-crypt uses insecure cryptographic algorithms

GHSA-gv7f-5qqh-vxfx: xous has unsound usages of `core::slice::from_raw_parts` 

GHSA-ggwq-xc72-33r3: LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

GHSA-8jhw-6pjj-8723: Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint

GHSA-4fwj-m62q-pp47: Password Pusher Allows Session Token Interception Leading to Potential Hijacking

### Impact

If you use the report server, it may be vulnerable to a Denial of Service attack.

### Patches

Has been patched in v0.19.2.

### References

The vulnerability was inherited by the following upstream vulnerabilites

- [golang.org/x/text < v0.3.7](https://github.com/advisories/GHSA-ppp9-7jff-5vj2)
- [golang.org/x/net < 0.0.0-20220906165146-f3363e06e74c](https://github.com/advisories/GHSA-69cg-p879-7622)


**Yapscan Denial of Service vulnerability in report server**

High severity GitHub Reviewed Published Mar 3, 2023 in fkie-cad/yapscan • Updated Mar 3, 2023

Headline

GHSA-wxwq-525w-hcqx: Yapscan Denial of Service vulnerability in report server

Impact

Patches

References

ghsa: Latest News