GHSA-rxq8-q85f-m866: Prevent XSS from Confidant API call

GHSA-58vj-cv5w-v4v6: Navidrome has Multiple SQL Injections and ORM Leak

GHSA-73rg-f94j-xvhx: Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes

GHSA-9hf4-67fc-4vf4: Puma's header normalization allows for client to clobber proxy set headers

GHSA-vvf8-2h68-9475: Keycloak Open Redirect vulnerability

The package cycle-import-check before version 1.3.2 is vulnerable to Command Injection via the `writeFileToTmpDirAndOpenIt` function due to improper user-input sanitization.

**cycle-import-check vulnerable to Command Injection**

High severity GitHub Reviewed Published Dec 14, 2022 • Updated Dec 14, 2022

Headline

GHSA-995x-33wq-8gc9: cycle-import-check vulnerable to Command Injection

Related news

ghsa: Latest News