GHSA-6gf2-ffq8-gcww: GHSL-2024-288: SickChill open redirect in login

GHSA-j3f9-p6hm-5w6q: Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

GHSA-cjgq-5qmw-rcj6: keras Path Traversal vulnerability

GHSA-j4jw-m6xr-fv6c: Soft Serve vulnerable to path traversal attacks

GHSA-mjf9-4pcv-vfg7: Apache OpenMeetings vulnerable to Deserialization of Untrusted Data 

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.

**Firefly III allows webhooks HTML Injection.**

Moderate severity GitHub Reviewed Published Jan 5, 2024 to the GitHub Advisory Database • Updated Jan 5, 2024

Headline

GHSA-vwv2-9wcj-64vx: Firefly III allows webhooks HTML Injection.

ghsa: Latest News