GHSA-jp37-5qhw-mffw: Sharks has a Bias of Polynomial Coefficients in Secret Sharing

GHSA-vggm-3478-vm5m: Graylog concurrent PDF report rendering can leak other users' reports

GHSA-7cc9-j4mv-vcjp: XXE in PHPSpreadsheet's XLSX reader

GHSA-jw4x-v69f-hh5w: XmlScanner bypass leads to XXE

GHSA-m26c-fcgh-cp6h: cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

**ip SSRF improper categorization in isPublic**

High severity GitHub Reviewed Published Jun 2, 2024 to the GitHub Advisory Database • Updated Jun 2, 2024

Headline

GHSA-2p57-rm9w-gvfp: ip SSRF improper categorization in isPublic

ghsa: Latest News