GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

dhowden tag before 0.0.0-20201120070457-d52dcb253c63 allows `panic: runtime error: index out of range` via readPICFrame.

**Denial of Service in dhowden/tag**

Moderate severity GitHub Reviewed Published Feb 7, 2023 to the GitHub Advisory Database • Updated Feb 7, 2023