GHSA-cwwm-hr97-qfxm: SpiceDB checks involving relations with caveats can result in no permission when permission is expected

GHSA-cvx7-x8pj-x2gw: CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

GHSA-qx7g-fx8q-545g: Para Inserts Sensitive Information into Log File for Facebook authentication

GHSA-jq8x-v7jw-v675: Duplicate Advisory: users may append `root` to group listings

GHSA-c42h-56wx-h85q: laravel-auth0 SDK Deserialization of Untrusted Data vulnerability

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the `phar://` wrapper.

**TCPDF vulnerable to attackers triggering deserialization of arbitrary data**

Critical severity GitHub Reviewed Published Oct 6, 2022 • Updated Oct 6, 2022

Headline

GHSA-5hw4-m7f3-hhx8: TCPDF vulnerable to attackers triggering deserialization of arbitrary data

ghsa: Latest News