GHSA-f27p-cmv8-xhm6: fetch: Authorization headers not dropped when redirecting cross-origin

GHSA-2p95-8xvm-2pjx: REDAXO CMS Cross-site Scripting vulnerability

GHSA-m78c-qx99-mvw9: Grav Cross-site Scripting vulnerability

GHSA-237r-r8m4-4q88: Guzzle OAuth Subscriber has insufficient nonce entropy

GHSA-v6jv-p6r8-j78w: NiceGUI On Air authentication issue

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

**Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin**

Low severity GitHub Reviewed Published Jan 24, 2024 to the GitHub Advisory Database • Updated Jan 24, 2024

Headline

GHSA-f67f-2j6r-m4c9: Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin

ghsa: Latest News