GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

GHSA-7q7g-4xm8-89cq: Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

GHSA-phm4-wf3h-pc3r: Unpatched Remote Code Execution in Gogs

GHSA-x645-6pf9-xwxw: LibreNMS has an Authenticated OS Command Injection

GHSA-gv4m-f6fx-859x: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. @ianwalter/merge is [deprecated](https://github.com/ianwalter/merge/blob/master/README.md) and the maintainer suggests using [@generates/merger](https://github.com/generates/generates/tree/main/packages/merger) instead.

**Prototype pollution in @ianwalter/merge**

Moderate severity GitHub Reviewed Published Jul 26, 2022 • Updated Jul 26, 2022

Headline

GHSA-42m6-g935-5vmq: Prototype pollution in @ianwalter/merge

Related news

ghsa: Latest News