GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the `esc_name` (Escalation Name) parameter at `Configuration/Notifications/Escalations`. Versions 21.04.16, 21.10.8, and 22.04.2 contain patches.

**Package**

composer centreon/centreon (Composer)

**Affected versions**

< 21.04.16

\>= 21.10.0, < 21.10.8

\>= 22.0.0, < 22.04.1

**Patched versions**

21.04.16

21.10.8

22.04.2

Headline

GHSA-25gv-wg6f-6frp: Centreon SQL Injection vulnerability via esc_name parameter

ghsa: Latest News