GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

GHSA-6r2x-8pq8-9489: Electron vulnerable to Heap Buffer Overflow in NativeImage

GHSA-v8fr-vxmw-6mf6: Mattermost Incorrect Authorization vulnerability

GHSA-wgvp-jj4w-88hf: Mattermost Incorrect Authorization vulnerability

The `spam` project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time

**\`spam\` project on PyPI compromised, malicious releases made**

High severity GitHub Reviewed Published Aug 30, 2024 to the GitHub Advisory Database • Updated Aug 30, 2024

Headline

GHSA-2r6g-7r83-jg72: `spam` project on PyPI compromised, malicious releases made

ghsa: Latest News