GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.

**Alist Cross-site Scripting vulnerability**

Low severity GitHub Reviewed Published Dec 12, 2022 • Updated Dec 12, 2022