GHSA-j47q-rc62-w448: fastapi-guard is vulnerable to ReDoS through inefficient regex

GHSA-36rg-gfq2-3h56: Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes

GHSA-489j-g2vx-39wf: Transformers vulnerable to ReDoS attack through its SETTING_RE variable

GHSA-fmrf-6jv9-qjc7: LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class

GHSA-w42r-mrx7-c633: LlamaIndex has an XML Entity Expansion vulnerability in its sitemap parser

diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.

**diffoscope Path Traversal vulnerability**

Moderate severity GitHub Reviewed Published Feb 27, 2024 to the GitHub Advisory Database • Updated Feb 27, 2024

Headline

GHSA-33w6-hvmq-gh4x: diffoscope Path Traversal vulnerability

ghsa: Latest News