GHSA-9rcw-c2f9-2j55: OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

GHSA-76c9-3jph-rj3q: on-headers is vulnerable to http response header manipulation

GHSA-fjgf-rc76-4x9p: Multer vulnerable to Denial of Service via unhandled exception from malformed request

GHSA-29cq-5w36-x7w3: Livewire is vulnerable to remote command execution during component property update hydration

GHSA-hfj7-542q-8fvv: DiracX-Web is vulnerable to attack through an Open Redirect on its login page

The `spam` project on PyPI was taken over via user account compromise via a phishing attack and a new malicious release made which contained code which some environment variables and downloaded and ran malware at install time

**\`spam\` project on PyPI compromised, malicious releases made**

High severity GitHub Reviewed Published Aug 30, 2024 to the GitHub Advisory Database • Updated Aug 30, 2024

Headline

GHSA-2r6g-7r83-jg72: `spam` project on PyPI compromised, malicious releases made

ghsa: Latest News