GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number.

**Cross-site Scripting in OpenCRX**

Moderate severity GitHub Reviewed Published Nov 18, 2023 to the GitHub Advisory Database • Updated Nov 20, 2023