Node.js Security Advisories
Table of Contents
OpenSSL update assessment, and Node.js project plans
Adobe Security Bulletins and Advisories
Adobe Security Bulletin APSB22-31
Security Update Available for Adobe InDesign | APSB20-66 APSB22-30
Security Update Available for Adobe InCopy | APSB21-05 APSB22-29
Security Updates Available for Adobe Bridge | APSB21-23 APSB22-25
Security Updates Available for Adobe Animate | APSB21-21 APSB22-24
Cisco Security Advisory
Cisco FirePOWER Software for ASA FirePOWER Module Command Injection Vulnerability
Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability
Cisco AppDynamics Controller Authorization Bypass Vulnerability
Cisco IP Phone Duplicate Key Vulnerability
Cisco Email Security Appliance and Cisco Secure Email and Web Manager Information Disclosure Vulnerability
Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Remote Command Execution and Denial of Service Vulnerability
Cisco Email Security Appliance and Cisco Secure Email and Web Manager External Authentication Bypass Vulnerability
Cisco Identity Services Engine Authentication Bypass Vulnerability
Mozilla Security Advisories
Security Vulnerabilities fixed in Firefox for iOS 101 mfsa2022-23
Security Vulnerabilities fixed in Thunderbird 91.10 mfsa2022-22
Security Vulnerabilities fixed in Firefox ESR 91.10 mfsa2022-21
Security Vulnerabilities fixed in Firefox 101 mfsa2022-20
Ubuntu Security Notices
USN-5487-3: Apache HTTP Server regression
USN-5492-1: Vim vulnerability
USN-5487-2: Apache HTTP Server regression
USN-5491-1: Squid vulnerability
USN-5490-1: Protocol Buffers vulnerability
USN-5489-1: QEMU vulnerabilities
USN-5488-1: OpenSSL vulnerability
USN-5487-1: Apache HTTP Server vulnerabilities
USN-5486-1: Intel Microcode vulnerabilities
USN-5485-1: Linux kernel vulnerabilities
USN-5484-1: Linux kernel vulnerabilities
USN-5482-1: SPIP vulnerabilities
USN-5483-1: Exempi vulnerabilities
LSN-0087-1: Kernel Live Patch Security Notice
USN-5481-1: BlueZ vulnerabilities
USN-5479-1: PHP vulnerabilities
USN-5478-1: util-linux vulnerability
USN-5477-1: ncurses vulnerabilities
USN-5359-2: rsync vulnerability
USN-5476-1: Liblouis vulnerabilities
USN-5475-1: Firefox vulnerabilities
USN-5396-2: Ghostscript vulnerability
USN-5474-1: Varnish Cache vulnerabilities
USN-5472-1: FFmpeg vulnerabilities
USN-5473-1: ca-certificates update
USN-5471-1: Linux kernel (OEM) vulnerabilities
USN-5469-1: Linux kernel vulnerabilities
USN-5470-1: Linux kernel (OEM) vulnerabilities
USN-5468-1: Linux kernel vulnerabilities
USN-5467-1: Linux kernel vulnerabilities
USN-5466-1: Linux kernel vulnerabilities
USN-5465-1: Linux kernel vulnerabilities
USN-5464-1: E2fsprogs vulnerability
USN-5463-1: NTFS-3G vulnerabilities
USN-5462-2: Ruby vulnerability
USN-5462-1: Ruby vulnerabilities
USN-5461-1: FreeRDP vulnerabilities
USN-5460-1: Vim vulnerabilities
USN-5459-1: cifs-utils vulnerabilities
USN-5458-1: Vim vulnerabilities
USN-5456-1: ImageMagick vulnerability
LSN-0086-1: Kernel Live Patch Security Notice
USN-5457-1: WebKitGTK vulnerabilities
USN-5443-2: Linux kernel vulnerabilities
USN-5442-2: Linux kernel vulnerabilities
USN-5454-2: CUPS vulnerabilities
USN-5451-1: InfluxDB vulnerability
USN-5454-1: CUPS vulnerabilities
USN-5446-2: dpkg vulnerability
USN-5453-1: FreeType vulnerability
USN-5452-1: NTFS-3G vulnerability
USN-5431-1: GnuPG vulnerability
Red Hat Security Advisory
(RHSA-2022:5187) Important: Red Hat OpenShift GitOps security update
(RHSA-2022:5192) Important: Red Hat OpenShift GitOps security update
(RHSA-2022:5188) Important: RHACS 3.69 security update
(RHSA-2022:5029) Moderate: Red Hat build of Eclipse Vert.x 4.2.7 security update
(RHSA-2022:5116) Moderate: Red Hat OpenStack Platform 16.2 (puppet-firewall) security update
(RHSA-2022:5115) Moderate: Red Hat OpenStack Platform 16.2 (python-django20) security update
(RHSA-2022:5114) Moderate: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update
(RHSA-2022:5163) Low: httpd:2.4 security update
(RHSA-2022:5162) Important: postgresql security update
(RHSA-2022:5157) Important: kernel security and bug fix update
(RHSA-2022:5153) Important: Red Hat OpenShift GitOps security update
(RHSA-2022:5152) Important: Red Hat OpenShift GitOps security update
(RHSA-2022:4999) Moderate: OpenShift Container Platform 3.11.715 packages and security update
(RHSA-2022:5132) Important: RHACS 3.68 security update
(RHSA-2022:4947) Important: OpenShift Container Platform 4.6.59 security update
(RHSA-2022:4951) Moderate: OpenShift Container Platform 4.8.43 packages and security update
(RHSA-2022:5101) Important: Red Hat AMQ Broker 7.10.0 release and security update
(RHSA-2022:5099) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
(RHSA-2022:5100) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
(RHSA-2022:5095) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
(RHSA-2022:5096) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
(RHSA-2022:5098) Important: grub2, mokutil, and shim security update
(RHSA-2022:4965) Moderate: OpenShift Container Platform 4.7.53 packages and security update
(RHSA-2022:5061) Moderate: .NET Core 3.1 security and bugfix update
(RHSA-2022:5056) Important: cups security and bug fix update
(RHSA-2022:5057) Important: cups security update
(RHSA-2022:5055) Important: cups security update
(RHSA-2022:5054) Important: cups security update
(RHSA-2022:5050) Moderate: .NET 6.0 security and bugfix update
(RHSA-2022:5052) Important: xz security update
(RHSA-2022:5053) Important: log4j security update
(RHSA-2022:5046) Moderate: .NET 6.0 security and bugfix update
(RHSA-2022:5047) Moderate: .NET 6.0 on RHEL 7 security and bugfix update
(RHSA-2022:5026) Moderate: OpenShift Virtualization 4.10.2 Images security and bug fix update
(RHSA-2022:4972) Moderate: OpenShift Container Platform 4.9.38 packages and security update
(RHSA-2022:4943) Moderate: OpenShift Container Platform 4.10.18 packages and security update
(RHSA-2022:5006) Important: Red Hat OpenShift Service Mesh 2.1.3 Containers security update
(RHSA-2022:5004) Critical: Red Hat OpenShift Service Mesh 2.1.3 security update
(RHSA-2022:5003) Important: Red Hat OpenShift Service Mesh 2.0.10 security update
(RHSA-2022:5002) Moderate: virt:av and virt-devel:av security and bug fix update
(RHSA-2022:4991) Important: xz security update
(RHSA-2022:4993) Important: xz security update
(RHSA-2022:4992) Important: xz security update
(RHSA-2022:4990) Important: cups security update
(RHSA-2022:4994) Important: xz security update
(RHSA-2022:4909) Important: OpenShift Container Platform 4.7.52 paackages and security update
(RHSA-2022:4985) Moderate: Cryostat 2.1.1: new Cryostat on RHEL 8 container images
(RHSA-2022:4959) Moderate: java-1.8.0-ibm security update
(RHSA-2022:4957) Moderate: java-1.7.1-ibm security update
(RHSA-2022:4956) Important: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes
(RHSA-2022:4941) Important: subversion:1.14 security update
(RHSA-2022:4940) Important: xz security update
(RHSA-2022:4942) Important: kpatch-patch security update
(RHSA-2022:4932) Important: Red Hat Fuse 7.10.2.P1 security update
(RHSA-2022:4931) Moderate: RHV Appliance (rhvm-appliance) security update [ovirt-4.5.0]
(RHSA-2022:4930) Important: python-twisted-web security update
(RHSA-2022:4929) Important: rh-postgresql13-postgresql security update
(RHSA-2022:4924) Important: kernel security and bug fix update
(RHSA-2022:4922) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update
(RHSA-2022:4918) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7
(RHSA-2022:4919) Moderate: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8
(RHSA-2022:4913) Important: rh-postgresql10-postgresql security update
(RHSA-2022:4915) Important: rh-postgresql12-postgresql security update
(RHSA-2022:4914) Moderate: rh-nodejs12-nodejs security, bug fix, and enhancement update
(RHSA-2022:4893) Important: postgresql:12 security update
(RHSA-2022:4891) Important: thunderbird security update
(RHSA-2022:4895) Important: postgresql:10 security update
(RHSA-2022:4899) Important: compat-openssl11 security and bug fix update
(RHSA-2022:4888) Important: thunderbird security update
(RHSA-2022:4890) Important: thunderbird security update
(RHSA-2022:4892) Important: thunderbird security update
(RHSA-2022:4894) Important: postgresql:10 security update
(RHSA-2022:4889) Important: thunderbird security update
(RHSA-2022:4887) Important: thunderbird security update
(RHSA-2022:4896) Important: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0]
(RHSA-2022:4880) Moderate: ACS 3.70 enhancement and security update
(RHSA-2022:4871) Important: firefox security update
(RHSA-2022:4872) Important: firefox security update
(RHSA-2022:4873) Important: firefox security update
(RHSA-2022:4857) Important: postgresql:13 security update
(RHSA-2022:4856) Important: postgresql:12 security update
(RHSA-2022:4876) Important: firefox security update
(RHSA-2022:4854) Important: postgresql:10 security update
(RHSA-2022:4855) Important: postgresql:13 security update
(RHSA-2022:4866) Important: Satellite Tools 6.10.5 Async Bug Fix Update
(RHSA-2022:4867) Important: Satellite Tools 6.9.9 Async Bug Fix Update
(RHSA-2022:4870) Important: firefox security update
(RHSA-2022:4863) Moderate: Release of OpenShift Serverless Version 1.22.1
(RHSA-2022:4860) Moderate: Release of OpenShift Serverless Client kn 1.22.1
(RHSA-2022:4845) Important: zlib security update
(RHSA-2022:4835) Important: kernel-rt security and bug fix update
(RHSA-2022:4834) Moderate: expat security update
(RHSA-2022:4824) Moderate: fapolicyd security and bug fix update
(RHSA-2022:4816) Important: container-tools:3.0 security update
(RHSA-2022:4818) Moderate: mariadb:10.3 security and bug fix update
(RHSA-2022:4814) Moderate: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update
(RHSA-2022:4807) Important: postgresql:12 security update
(RHSA-2022:2281) Moderate: OpenShift Container Platform 3.11.705 security update
(RHSA-2022:4809) Important: kpatch-patch security update
(RHSA-2022:4808) Important: rsyslog and rsyslog7 security update
(RHSA-2022:2280) Important: OpenShift Container Platform 3.11.705 security update
(RHSA-2022:4805) Important: postgresql:10 security update
(RHSA-2022:4798) Important: maven:3.5 security update
(RHSA-2022:4797) Important: maven:3.6 security update
(RHSA-2022:4796) Important: nodejs:16 security update
(RHSA-2022:4803) Important: rsyslog security update
(RHSA-2022:4799) Important: rsyslog security update
(RHSA-2022:4800) Important: rsyslog security update
(RHSA-2022:4802) Important: rsyslog security update
(RHSA-2022:4795) Important: rsyslog security update
(RHSA-2022:4801) Important: rsyslog security update
(RHSA-2022:4771) Important: postgresql security update
Microsoft Security
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Chromium: CVE-2022-2165 Insufficient data validation in URL formatting
Chromium: CVE-2022-2164 Inappropriate implementation in Extensions API
Chromium: CVE-2022-2163 Use after free in Cast UI and Toolbar
Chromium: CVE-2022-2162 Insufficient policy enforcement in File System API
Chromium: CVE-2022-2161 Use after free in WebApp Provider
Chromium: CVE-2022-2160 Insufficient policy enforcement in DevTools
Chromium: CVE-2022-2158 Type Confusion in V8
Chromium: CVE-2022-2157 Use after free in Interest groups
Chromium: CVE-2022-2156 Use after free in Base
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
AV1 Video Extension Remote Code Execution Vulnerability
Windows SMB Denial of Service Vulnerability
Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability
Microsoft Photos App Remote Code Execution Vulnerability
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Windows Kerberos Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Microsoft SQL Server Remote Code Execution Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
.NET and Visual Studio Information Disclosure Vulnerability
Azure RTOS GUIX Studio Information Disclosure Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Information Disclosure Vulnerability
Microsoft Office Information Disclosure Vulnerability
AV1 Video Extension Remote Code Execution Vulnerability
Kerberos AppContainer Security Feature Bypass Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
Windows Kernel Information Disclosure Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability
Microsoft Office Information Disclosure Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
Windows Kernel Denial of Service Vulnerability
Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Network Address Translation (NAT) Denial of Service Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Desired State Configuration (DSC) Information Disclosure Vulnerability
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows File History Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows iSCSI Discovery Service Remote Code Execution Vulnerability
Azure Service Fabric Container Elevation of Privilege Vulnerability
Windows Network File System Remote Code Execution Vulnerability
Windows Media Center Elevation of Privilege Vulnerability
Windows Container Manager Service Elevation of Privilege Vulnerability
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
HEVC Video Extensions Remote Code Execution Vulnerability
Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)
Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR)
Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)
Intel: CVE-2022-21166 Device Register Partial Write (DRPW)
Chromium: CVE-2022-2011 Use after free in ANGLE
Chromium: CVE-2022-2010 Out of bounds read in compositing
Chromium: CVE-2022-2008 Out of bounds memory access in WebGL
Chromium: CVE-2022-2007 Use after free in WebGPU
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Chromium: CVE-2022-1853 Use after free in Indexed DB
Chromium: CVE-2022-1854 Use after free in ANGLE
Chromium: CVE-2022-1855 Use after free in Messaging
Chromium: CVE-2022-1856 Use after free in User Education
Chromium: CVE-2022-1857 Insufficient policy enforcement in File System API
Chromium: CVE-2022-1858 Out of bounds read in DevTools
Chromium: CVE-2022-1859 Use after free in Performance Manager
Chromium: CVE-2022-1862 Inappropriate implementation in Extensions
Chromium: CVE-2022-1863 Use after free in Tab Groups
Chromium: CVE-2022-1864 Use after free in WebApp Installs
Chromium: CVE-2022-1865 Use after free in Bookmarks
Chromium: CVE-2022-1867 Insufficient validation of untrusted input in Data Transfer
Chromium: CVE-2022-1868 Inappropriate implementation in Extensions API
Chromium: CVE-2022-1869 Type Confusion in V8
Chromium: CVE-2022-1870 Use after free in App Service
Chromium: CVE-2022-1871 Insufficient policy enforcement in File System API
Chromium: CVE-2022-1872 Insufficient policy enforcement in Extensions API
Chromium: CVE-2022-1873 Insufficient policy enforcement in COOP
Chromium: CVE-2022-1874 Insufficient policy enforcement in Safe Browsing
Chromium: CVE-2022-1875 Inappropriate implementation in PDF
Chromium: CVE-2022-1876 Heap buffer overflow in DevTools
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Github Security Advisories
[GHSA-rh9j-f5f8-rvgc] Authentication bypass vulnerability in Apple Game Center auth adapter
[GHSA-85q9-7467-r53q] XSS Vulnerability in Markdown Editor
[GHSA-r7pq-3x6p-7jcm] Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua
[GHSA-vhfw-v69p-crcw] Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua
[GHSA-fvxf-r9fw-49pc] Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua
[GHSA-6fp8-cxc9-4fr9] Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua
[GHSA-5q2v-6j86-5h9v] Security Update for the OPC UA .NET Standard Stack
[GHSA-77mv-4rg7-r8qv] Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
[GHSA-j562-c3cw-3p5g] Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
[GHSA-wwjw-r3gj-39fq] Insufficient Session Expiration in Admin Tool
[GHSA-h4mx-xv96-2jgm] Cross-Site Scripting in Frontend Login Mailer
[GHSA-3r95-23jp-mhvg] Cross-Site Scripting in Form Framework
[GHSA-fh99-4pgr-8j99] Insertion of Sensitive Information into Log File in typo3/cms-core
[GHSA-8gmv-9hwg-w89g] Information Disclosure via Export Module
[GHSA-hprf-rrwq-jm5c] Plaintext Storage of Keys and Passwords in Rundeck and PagerDuty Process Automation
[GHSA-w3vw-ccc5-qr8v] Use After Free in Context::start_auth_session
[GHSA-7rq4-qcpw-74gq] Formula Injection in Exported Data
[GHSA-fr2w-mp56-g4xp] Unrestricted Attachment Upload
[GHSA-rm89-9g65-4ffr] Insufficient HTML Sanitization
[GHSA-7v28-g2pq-ggg8] Remote code execution in locale setting change
[GHSA-g63h-q855-vp3q] Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users
[GHSA-4jqc-jvh2-pxg9] Path traversal for local publishers in TechDocs backend
[GHSA-qpgx-64h2-gc3c] Insecure path traversal in Git Trigger Source can lead to arbitrary file read
[GHSA-5q86-62xr-3r57] Uses of deprecated API can be used to cause DoS in user-facing endpoints
[GHSA-pgw7-wx7w-2w33] ProxyAgent vulnerable to MITM
[GHSA-75rw-34q6-72cr] Signature forgery in Biscuit
[GHSA-77xc-hjv8-ww97] AutoUpdater module fails to validate certain nested components of the bundle
[GHSA-mq8j-3h7h-p8g7] Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
[GHSA-q874-g24w-4q9g] Token bruteforcing
[GHSA-v7vq-3×77-87vg] Token bruteforcing.
[GHSA-g28x-pgr3-qqx6] Octokit gem published with world-writable files
[GHSA-26qj-cr27-r5c4] Octopoller gem published with world-writable files
[GHSA-3885-8gqc-3wpf] Potential leak of NuGet.org API key
[GHSA-xwx5-5c9g-x68x] Ill-formed headers may lead to unexpected behavior in Istio
[GHSA-x9jp-4w8m-4f3c] Cross Site Scripting vulnerability in django-jsonform’s admin form.
[GHSA-x2pg-mjhr-2m5x] Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
[GHSA-64qm-hrgp-pgr9] Authorization header leak on port redirect in mechanize
[GHSA-f2wf-25xc-69c9] Failure to strip the Cookie header on change in host or HTTP downgrade
[GHSA-w248-ffj2-4v5q] Fix failure to strip Authorization header on HTTP downgrade
[GHSA-6vcc-v9vw-g2x5] Path Traversal in Git HTTP endpoints in Gogs
[GHSA-67mx-jc2f-jgjm] OS Command Injection in file editor in Gogs
[GHSA-xq4v-vrp9-vcf2] Cross-site Scripting vulnerability in repository issue list in Gogs
[GHSA-994f-7g86-qr56] Path Traversal in file editor on Windows in Gogs
[GHSA-fqx3-r75h-vc89] Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP
[GHSA-5ffw-gxpp-mxpf] containerd CRI plugin: Host memory exhaustion through ExecSync
[GHSA-fcm2-6c3h-pg6j] Node DOS by way of memory exhaustion through ExecSync request in CRI-O
[GHSA-48f2-m7jg-866x] Failed payment recorded has completed in Silverstripe Omnipay
[GHSA-4w8f-hjm9-xwgf] Path Traversal in django-s3file
[GHSA-4v9q-cgpw-cf38] Multiple evaluation of contract address in call in vyper
[GHSA-4whx-7p29-mq22] TiDB authentication bypass vulnerability
[GHSA-5g4r-2qhx-vqfm] Use of Uninitialized Variable in trilogy
[GHSA-r7v4-jwx9-wx43] Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator
[GHSA-mj46-r4gr-5×83] Unsanitized JavaScript code injection possible in gatsby-plugin-mdx
[GHSA-p9p4-97g9-wcrh] Dev error stack trace leaking into prod in Play Framework
[GHSA-v8x6-59g4-5g3w] Denial of service binding form from JSON in Play Framework
[GHSA-9w9f-6mg8-jp7w] Missing Role Based Access Control for the REST handlers in bleve/http package
[GHSA-w689-557m-2cvq] Server-Side Request Forgery in gogs webhook
[GHSA-2x4v-g8cx-jxrq] Login timing attack in ibexa/core
[GHSA-xfqg-p48g-hh94] Login timing attack in ezsystems/ezpublish-kernel
[GHSA-342c-vcff-2ff2] Login timing attack in ezsystems/ezplatform-kernel
[GHSA-56j7-2pm8-rgmx] OS Command Injection in gogs
[GHSA-958j-443g-7mm7] OS Command Injection in gogs
[GHSA-pj96-4jhv-v792] Cross site scripting via cookies in gogs
[GHSA-f5x9-8jwc-25rw] Uncaught Exception (due to a data race) leads to process termination in Waitress
[GHSA-hj9c-8jmm-8c52] Packing does not respect root-level ignore files in workspaces
[GHSA-c8f7-x2g7-7fxj] All source code and data in extensions folder is publicly available
[GHSA-8639-qx56-r428] CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
[GHSA-xjfw-5vv5-vjq2] Cross-site Scripting in Filter Stream Converter Application in XWiki Platform
[GHSA-gp95-ppv5-3jc5] Possible vulnerability in sharp at ‘npm install’ time if an attacker has control over build environment
[GHSA-9qrp-h7fw-42hg] Path Traversal in XWiki Platform
[GHSA-72p8-v4hg-v45p] Weak private key generation in SSH.NET