GHSA-xffm-g5w8-qvg7: @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser

GHSA-5662-cv6m-63wh: melange's world-writable permissions expose SBOM files to potential image tampering

GHSA-x6ph-r535-3vjw: apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files

GHSA-fm79-3f68-h2fc: Wasmtime CLI  is vulnerable to host panic through its fd_renumber function

GHSA-6v2p-p543-phr9: golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

Cross Site Request Forgery vulnerability in Bagisto before v.1.3.2 allows an attacker to execute arbitrary code via a crafted HTML script.

**Bagisto Cross-Site Request Forgery vulnerability**

Moderate severity GitHub Reviewed Published Feb 27, 2024 to the GitHub Advisory Database • Updated Feb 27, 2024

Headline

GHSA-7p7q-fjfw-v3gf: Bagisto Cross-Site Request Forgery vulnerability

ghsa: Latest News