GHSA-g59r-24g3-h7cm: Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation

GHSA-29xp-372q-xqph: node-tar has a race condition leading to uninitialized memory exposure

GHSA-fj2x-735w-74vq: gnark-crypto allows unchecked memory allocation during vector deserialization

GHSA-cf57-c578-7jvv: Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode

GHSA-xgp7-7qjq-vg47: n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

A missing access check in the `InvitationController` allows an unauthenticated user with a valid invitation link to set the password of all frontend users.

**Broken Access Control in 3rd party TYPO3 extension "femanager"**

High severity GitHub Reviewed Published Feb 2, 2023 to the GitHub Advisory Database • Updated Feb 8, 2023

Headline

GHSA-mm8v-wmqx-8h2j: Broken Access Control in 3rd party TYPO3 extension "femanager"

ghsa: Latest News