GHSA-xc93-q32j-cpcg: Jellysweep uses uncontrolled data in image cache API endpoint

GHSA-7vjm-6qgq-3mrq: Shaman has soundness issues and is unmaintained

GHSA-h238-5mwf-8xw8: lakeFS affected by unauthenticated access to API usage metrics

GHSA-j945-qm58-4gjx: motionEye vulnerable to RCE via unsanitized motion config parameter

GHSA-qv78-c8hc-438r: OpenMage vulnerable to XSS in Admin Notifications

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function.

**global-modules-path Command Injection vulnerability**

High severity GitHub Reviewed Published Jan 13, 2023 • Updated Jan 13, 2023

Headline

GHSA-vvj3-85vf-fgmw: global-modules-path Command Injection vulnerability

Related news

ghsa: Latest News