GHSA-7p73-8jqx-23r8: LangGraph SQLite Checkpoint Filter Key SQL Injection POC for SqliteStore

GHSA-cfjq-28r2-4jv5: Zitadel May Bypass Second Authentication Factor

GHSA-xrw9-r35x-x878: Zitadel allows brute-forcing authentication factors

GHSA-mwmh-7px9-4c23: ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection

GHSA-grjp-54v3-c442: OpenUSD File Parsing Use-After-Free Remote Code Execution Vulnerability

### Impact
Importing a malicious `.mrpack` file can cause path traversal while downloading files.
This can lead to scripts or config files being placed or replaced at arbitrary locations, without the user noticing.

### Patches
No patches yet.

### Workarounds
Avoid importing `.mrpack` files from untrusted sources.

### References
https://docs.modrinth.com/docs/modpacks/format_definition/#files


**mrpack-install vulnerable to path traversal with dependency**

High severity GitHub Reviewed Published Feb 2, 2023 in nothub/mrpack-install • Updated Feb 8, 2023

Headline

GHSA-r887-gfxh-m9rr: mrpack-install vulnerable to path traversal with dependency

Impact

Patches

Workarounds

References

ghsa: Latest News