GHSA-ggmv-j932-q89q: Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout

GHSA-r7fm-3pqm-ww5w: Chall-Manager's scenario decoding process does not check for zip bombs

GHSA-3gv2-v3jx-r9fh: Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive

GHSA-54xv-94qv-2gfg: @pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation

GHSA-275g-g844-73jh: Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.




**JavaScript execution via malicious molfiles (XSS)**

Moderate severity GitHub Reviewed Published Jan 19, 2024 to the GitHub Advisory Database • Updated Jan 23, 2024

Headline

GHSA-wc6f-qjxc-622v: JavaScript execution via malicious molfiles (XSS)

ghsa: Latest News