GHSA-xffm-g5w8-qvg7: @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser

GHSA-5662-cv6m-63wh: melange's world-writable permissions expose SBOM files to potential image tampering

GHSA-x6ph-r535-3vjw: apko is vulnerable to attack through incorrect permissions in /etc/ld.so.cache and other files

GHSA-fm79-3f68-h2fc: Wasmtime CLI  is vulnerable to host panic through its fd_renumber function

GHSA-6v2p-p543-phr9: golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).

**Ollama DNS rebinding vulnerability**

High severity GitHub Reviewed Published Apr 8, 2024 to the GitHub Advisory Database • Updated Apr 8, 2024

Headline

GHSA-5jx5-hqx5-2vrj: Ollama DNS rebinding vulnerability

ghsa: Latest News