GHSA-9722-9j67-vjcr: Improper Authorization in Select Permissions

GHSA-qjrv-v6qp-x99x: SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter.

**Cross-site Scripting in JFinal**

Moderate severity GitHub Reviewed Published Jan 23, 2024 to the GitHub Advisory Database • Updated Jan 23, 2024