GHSA-pfr9-2p92-qrhq: Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function

GHSA-jqfv-jrvq-95jm: Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability

GHSA-9722-9j67-vjcr: Improper Authorization in Select Permissions

GHSA-qjrv-v6qp-x99x: SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

GHSA-f3cx-396f-7jqp: Livewire Remote Code Execution on File Uploads

automad up to 1.10.9 is vulnerable to stored cross-site scripting in the `sitename` argument because the `SharedController` class that handles form data and saving shared information does not properly sanitize the user input on the client side when rendering the data. The attack may be launched remotely and an exploit has been disclosed publicly.

**Stored Cross-site scripting affecting automad/automad**

Low severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 29, 2023

Headline

GHSA-7j9h-ch38-474r: Stored Cross-site scripting affecting automad/automad

ghsa: Latest News