GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

GHSA-7q7g-4xm8-89cq: Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

GHSA-phm4-wf3h-pc3r: Unpatched Remote Code Execution in Gogs

GHSA-x645-6pf9-xwxw: LibreNMS has an Authenticated OS Command Injection

GHSA-gv4m-f6fx-859x: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data. 

**Scrapy decompression bomb vulnerability**

High severity GitHub Reviewed Published Apr 16, 2024 to the GitHub Advisory Database • Updated Apr 16, 2024

Headline

GHSA-rmqv-7v3j-mr7p: Scrapy decompression bomb vulnerability

ghsa: Latest News