GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

GHSA-v7vm-rhmg-8j2r: Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API

GHSA-2xcc-vm3f-m8rw: @lobehub/chat Server Side Request Forgery vulnerability

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

The d3-color module provides representations for various color spaces in the browser. Versions prior to 3.1.0 are vulnerable to a Regular expression Denial of Service. This issue has been patched in version 3.1.0. There are no known workarounds.

**d3-color vulnerable to ReDoS**

High severity GitHub Reviewed Published Sep 29, 2022 • Updated Sep 29, 2022

Headline

GHSA-36jr-mh4h-2g58: d3-color vulnerable to ReDoS

ghsa: Latest News