GHSA-92vj-g62v-jqhh: Hono has Body Limit Middleware Bypass

GHSA-q7pg-9pr4-mrp2: httpsig-rs: HMAC verification is vulnerable to timing attack

GHSA-wgpv-6j63-x5ph: Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover

GHSA-vcqx-v2mg-7chx:  Neo4j Cypher MCP server is vulnerable to DNS rebinding 

GHSA-7vm2-j586-vcvc: SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions

All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization.

**Command Injection in puppet-facter**

Moderate severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 27, 2023

Headline

GHSA-g5qr-xgg7-8q2w: Command Injection in puppet-facter

Related news

ghsa: Latest News