GHSA-rm76-4mrf-v9r8: vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache

GHSA-c7w4-9wv8-7x7c: WhoDB allows parameter injection in DB connection URIs leading to local file inclusion

GHSA-9r4c-jwx3-3j76: WhoDB has a path traversal opening Sqlite3 database

GHSA-2hjh-495w-hmxc: Sylius allows unrestricted brute-force attacks on user accounts

GHSA-j82m-pc2v-2484: Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc

An issue was discovered in the bsock component of bcoin-org bcoin that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component `\vendor\faye-websocket.js`.

**bsock uses weak hashing algorithms**

Moderate severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 21, 2023

Headline

GHSA-jj93-39pf-7mcf: bsock uses weak hashing algorithms

ghsa: Latest News