GHSA-rvqx-wpfh-mfx7: Langflow Unauth RCE

GHSA-9ghp-w2hm-vfpf: wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile`

GHSA-f7gq-h8jv-h3cq: ash_authentication_phoenix has Insufficient Session Expiration

GHSA-7pr5-w74r-jjj7: Mezzanine CMS has a Stored Cross-Site Scripting (XSS) vulnerability in the displayable_links_js function

GHSA-rp38-pj7h-r8q2: python-a2a has a path traversal in the create_workflow function

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking `shell.exec` without sanitization nor parametrization while concatenating the current directory as part of the command string.

**SketchSVG Arbitrary Code Injection vulnerability**

Moderate severity GitHub Reviewed Published Mar 6, 2023 to the GitHub Advisory Database • Updated Mar 7, 2023

Headline

GHSA-6722-xvq8-3254: SketchSVG Arbitrary Code Injection vulnerability

Related news

ghsa: Latest News