GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

The vulnerability arises from the way the url parameter is incorporated into the command string without proper validation or sanitization. If the url is constructed from untrusted sources, an attacker could potentially inject malicious commands.

**Code Injection in paddlepaddle**

Critical severity GitHub Reviewed Published Jan 20, 2024 to the GitHub Advisory Database • Updated Jan 23, 2024

Headline

GHSA-chj7-w3f6-cvfj: Code Injection in paddlepaddle

ghsa: Latest News