GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager

GHSA-rmxg-6qqf-x8mr: GeoNode Server Side Request forgery

GHSA-5cph-wvm9-45gj: Flowise OverrideConfig security vulnerability

GHSA-hj3w-wrh4-44vp: LLama Factory Remote OS Command Injection Vulnerability

GHSA-jh6x-7xfg-9cq2: Searching Opencast may cause a denial of service

light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.

**light-oauth2 missing public key verification**

High severity GitHub Reviewed Published Oct 25, 2023 to the GitHub Advisory Database • Updated Oct 27, 2023

Headline

GHSA-mx47-h5fv-ghwh: light-oauth2 missing public key verification

Related news

ghsa: Latest News