GHSA-mqf3-qpc3-g26q: Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message

GHSA-ff6q-3c9c-6cf5: Silverstripe Framework has a XSS in form messages

GHSA-7cmp-cgg8-4c82: Silverstripe Framework has a XSS via insert media remote file oembed

GHSA-m9c9-mc2h-9wjw: Lodestar snappy checksum issue

GHSA-53rv-hcvm-rpp9: Lodestar snappy decompression issue

The html package (aka x/net/html) through 2018-09-25 in Go mishandles `<table><math><select><mi><select></table>`, leading to an infinite loop during an `html.Parse` call because `inSelectIM` and `inSelectInTableIM` do not comply with a specification.

**x/net/html Vulnerable to DoS During HTML Parsing**

High severity GitHub Reviewed Published Sep 25, 2023 to the GitHub Advisory Database • Updated Sep 25, 2023

Headline

GHSA-vfw5-hrgq-h5wf: x/net/html Vulnerable to DoS During HTML Parsing

ghsa: Latest News