GHSA-9rcw-c2f9-2j55: OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

GHSA-76c9-3jph-rj3q: on-headers is vulnerable to http response header manipulation

GHSA-fjgf-rc76-4x9p: Multer vulnerable to Denial of Service via unhandled exception from malformed request

GHSA-29cq-5w36-x7w3: Livewire is vulnerable to remote command execution during component property update hydration

GHSA-hfj7-542q-8fvv: DiracX-Web is vulnerable to attack through an Open Redirect on its login page

All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.

**Cross-site Scripting (XSS) in serve-lite**

Moderate severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 30, 2023

Headline

GHSA-j8x7-qcw4-xx85: Cross-site Scripting (XSS) in serve-lite

ghsa: Latest News