GHSA-xffm-g5w8-qvg7: @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser

GHSA-5662-cv6m-63wh: melange's world-writable permissions expose SBOM files to potential image tampering

GHSA-x6ph-r535-3vjw: apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files

GHSA-fm79-3f68-h2fc: Wasmtime CLI  is vulnerable to host panic through its fd_renumber function

GHSA-6v2p-p543-phr9: golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

Previously, it was possible to exfiltrate secrets in Gradio's CI, but this is now fixed.

**Gradio's CI vulnerable to Command Injection**

High severity GitHub Reviewed Published Mar 27, 2024 to the GitHub Advisory Database • Updated Mar 27, 2024

Headline

GHSA-xcgp-r7r8-2hc9: Gradio's CI vulnerable to Command Injection

ghsa: Latest News