GHSA-g59r-24g3-h7cm: Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation

GHSA-29xp-372q-xqph: node-tar has a race condition leading to uninitialized memory exposure

GHSA-fj2x-735w-74vq: gnark-crypto allows unchecked memory allocation during vector deserialization

GHSA-cf57-c578-7jvv: Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode

GHSA-xgp7-7qjq-vg47: n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.

**Unsafe tar unpacking in HashiCorp go-slug**

High severity GitHub Reviewed Published Feb 6, 2023 to the GitHub Advisory Database • Updated Feb 6, 2023

Headline

GHSA-2g5j-5x95-r6hr: Unsafe tar unpacking in HashiCorp go-slug

ghsa: Latest News