GHSA-vfpf-xmwh-8m65: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

GHSA-f83h-ghpp-7wcc: Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc

GHSA-wf5f-4jwr-ppcp: Arbitrary Code Execution in pdfminer.six via Crafted PDF Input

GHSA-46xp-26xh-hpqh: KubeVirt Vulnerable to Arbitrary Host File Read and Write

GHSA-vm2f-46xc-5jc3: AstrBot has an arbitrary file read vulnerability in function _encode_image_bs64

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service (resource exhaustion).

**Ollama DNS rebinding vulnerability**

High severity GitHub Reviewed Published Apr 8, 2024 to the GitHub Advisory Database • Updated Apr 8, 2024

Headline

GHSA-5jx5-hqx5-2vrj: Ollama DNS rebinding vulnerability

ghsa: Latest News