GHSA-826p-4gcg-35vw: GeoTools has XML External Entity (XXE) Processing Vulnerability in XSD schema handling

GHSA-f5xg-cfpj-2mw6: taro-css-to-react-native Regular Expression Denial of Service vulnerability

GHSA-79vf-hf9f-j9q8: @vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability

GHSA-g4cf-pp4x-hqgw: HaxCMS-PHP Command Injection Vulnerability

GHSA-f26w-gh5m-qq77: Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)

Function `grcov::covdir::get_coverage` uses the `unsafe` function `get_unchecked_mut` without validating that the index is in bounds.

This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data.

**grcov has an out of bounds write triggered by crafted coverage data**

Moderate severity GitHub Reviewed Published Feb 10, 2025 to the GitHub Advisory Database • Updated Feb 10, 2025

Headline

GHSA-qm2p-4w45-v2vr: grcov has an out of bounds write triggered by crafted coverage data

ghsa: Latest News