GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

GHSA-93ww-43rr-79v3: Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination 

GHSA-jgwc-jh89-rpgq: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

GHSA-xg58-75qf-9r67: Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges

GHSA-qqwr-j9mm-fhw6: deno_doc's HTML generator vulnerable to Cross-site Scripting

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server.

**Mage AI incorrectly gives privileges to users with deleted accounts**

Moderate severity GitHub Reviewed Published Aug 23, 2024 to the GitHub Advisory Database • Updated Aug 23, 2024

Headline

GHSA-jg95-r9xh-xw9c: Mage AI incorrectly gives privileges to users with deleted accounts

ghsa: Latest News