GHSA-pj86-258h-qrvf: Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration

GHSA-vr6p-vq2p-6j74: LikeC4 has RCE through vulnerable React and Next.js versions

GHSA-wwrj-3hvj-prpm: Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

GHSA-496g-mmpw-j9x3: misskey.js's export data contains private post data

GHSA-m6hq-f4w9-qrjj: Weblate has improper validation upon invitation acceptance

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.

**Phone information disclosure vulnerability**

Moderate severity GitHub Reviewed Published Mar 6, 2024 to the GitHub Advisory Database • Updated Mar 6, 2024

Headline

GHSA-xg5p-8wg5-rhxm: Phone information disclosure vulnerability

ghsa: Latest News