GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.

**cleo is vulnerable to Regular Expression Denial of Service (ReDoS)**

Moderate severity GitHub Reviewed Published Nov 10, 2022 • Updated Nov 10, 2022

Headline

GHSA-2p9h-ccw7-33gf: cleo is vulnerable to Regular Expression Denial of Service (ReDoS)

Related news

ghsa: Latest News