GHSA-p22h-3m2v-cmgh: Cosmos SDK's Integer Overflow vulnerability in its Validator Rewards pool can cause a chain halt

GHSA-557j-xg8c-q2mm: Helm vulnerable to Code Injection through malicious chart.yaml content

GHSA-x698-5hjm-w2m5: pyLoad is vulnerable to attacks that bypass localhost restrictions, enabling the creation of arbitrary packages

GHSA-gjv4-ghm7-q58q: MCP Server Kubernetes vulnerable to command injection in several tools

GHSA-rj53-j6jw-7f7g: Babylon vulnerable to chain halt when a message modifies the validator set at the epoch boundary

A vulnerability in the `FAISS.deserialize_from_bytes` function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the `os.system` function. The issue affects versions prior to 0.2.10.

**LangChain pickle deserialization of untrusted data**

Moderate severity GitHub Reviewed Published Sep 17, 2024 to the GitHub Advisory Database • Updated Sep 17, 2024

Headline

GHSA-f2jm-rw3h-6phg: LangChain pickle deserialization of untrusted data

ghsa: Latest News