GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability.

**Typo3 Information Disclosure in Page Tree**

Low severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Headline

GHSA-h934-f4m4-wc8x: Typo3 Information Disclosure in Page Tree

ghsa: Latest News