GHSA-rhm9-gp5p-5248: Gradio vulnerable to arbitrary file read with File and UploadButton components

GHSA-fpm5-2wcj-vfr7: codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service

GHSA-f3f8-vx3w-hp5q: codechecker vulnerable to authentication bypass when using specifically crafted URLs

GHSA-p7mv-53f2-4cwj: CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data

GHSA-96g7-g7g9-jxw8: happy-dom allows for server side code to be executed by a <script> tag

langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.

**langchain\_experimental Code Execution via Python REPL access**

Moderate severity GitHub Reviewed Published Jun 16, 2024 to the GitHub Advisory Database • Updated Jun 17, 2024

Headline

GHSA-wmvm-9vqv-5qpp: langchain_experimental Code Execution via Python REPL access

ghsa: Latest News