GHSA-pchf-49fh-w34r: Soft Serve Affected by an Authentication Bypass

GHSA-xxjr-mmjv-4gpg: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions

GHSA-36p8-mvp6-cv38: Wrangler affected by OS Command Injection in `wrangler pages deploy`

GHSA-r92c-9c7f-3pj8: OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format

GHSA-q2x5-4xjx-c6p9: Backstage has a Possible SSRF when reading from allowed URL's in `backend.reading.allow`

code injection in `Wrapper::buildClientWrapperCode` via manipulation of the `$client` argument. It was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url.

**code injection in phpxmlrpc/phpxmlrpc**

High severity GitHub Reviewed Published Nov 28, 2022

Headline

GHSA-3fgr-xjr6-xqm8: code injection in phpxmlrpc/phpxmlrpc

ghsa: Latest News