GHSA-gppm-hq3p-h4rp: Git credentials are exposed in Atlantis logs

GHSA-gr3c-q7xf-47vh: XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`

GHSA-8m24-3cfx-9fjw: sp1 has insufficient observation of cumulative sum

GHSA-j857-2pwm-jjmm: Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled). At the time of publication, there is no fix.

**libxmljs2 type confusion vulnerability when parsing specially crafted XML**

High severity GitHub Reviewed Published May 2, 2024 to the GitHub Advisory Database • Updated May 3, 2024

Headline

GHSA-mjr4-7xg5-pfvh: libxmljs2 type confusion vulnerability when parsing specially crafted XML

ghsa: Latest News