GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

GHSA-q78v-cv36-8fxj: Devtron has SQL Injection in CreateUser API

GHSA-88h5-6w7m-5w56: jj vulnerable to path traversal via crafted Git repositories

GHSA-4hxw-gc2q-f6f3: Filament has exported files stored in default (`public`) filesystem if not reconfigured

GHSA-x87r-37q5-mmr8: Moodle has CSRF risk in Feedback non-respondents report

Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects.

**@75lb/deep-merge Prototype Pollution vulnerability**

High severity GitHub Reviewed Published Jul 30, 2024 to the GitHub Advisory Database • Updated Jul 31, 2024

Headline

GHSA-28mc-g557-92m7: @75lb/deep-merge Prototype Pollution vulnerability

ghsa: Latest News