GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

An issue in the component `js2py.disable_pyimport()` of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.

**js2py allows remote code execution**

High severity GitHub Reviewed Published Jun 20, 2024 to the GitHub Advisory Database • Updated Jun 20, 2024