{"source":"github-security","name":"GitHub Security Advisories","kind":"widget","records":[{"id":"GHSA-9hfw-w3f4-c4p8","title":"OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed....","subtitle":"2026-06-04T06:30:25Z","value":"critical","href":""},{"id":"GHSA-78x5-76fx-mcp6","title":"The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(),...","subtitle":"2026-06-04T06:30:25Z","value":"critical","href":""},{"id":"GHSA-hph7-5jr2-h359","title":"Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local...","subtitle":"2026-06-04T06:30:25Z","value":"high","href":""},{"id":"GHSA-vvpf-h42q-v96v","title":"The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any...","subtitle":"2026-06-04T06:30:25Z","value":"high","href":""},{"id":"GHSA-mgmr-hqww-q343","title":"The hard-coded APK resource files never expire, and the shared scepter leads to information leaks...","subtitle":"2026-06-04T06:30:25Z","value":"high","href":""},{"id":"GHSA-9hqp-cgj3-526j","title":"The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(...","subtitle":"2026-06-04T06:30:25Z","value":"high","href":""},{"id":"GHSA-gmvv-r68v-m7x9","title":"ReleaseJob#unpack builds job_dir = File.join(@release_dir, 'jobs', name) and job_tgz = File.join(...","subtitle":"2026-06-04T06:30:25Z","value":"high","href":""},{"id":"GHSA-96vc-39m3-22w5","title":"PackagePersister.validate_tgz builds \"tar -tf #{tgz} 2>&1\" where tgz = File.join(release_dir, ...","subtitle":"2026-06-04T03:30:22Z","value":"high","href":""},{"id":"GHSA-f9p6-prpf-3757","title":"Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPassword in BOSH...","subtitle":"2026-06-04T03:30:22Z","value":"high","href":""},{"id":"GHSA-fqm2-p6px-f54c","title":"CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redirect UAA token...","subtitle":"2026-06-04T03:30:22Z","value":"high","href":""},{"id":"GHSA-cggw-g858-xx4w","title":"A network man-in-the-middle between nats-sync and the BOSH director can steal the director...","subtitle":"2026-06-04T03:30:22Z","value":"high","href":""},{"id":"GHSA-7ppx-r2wh-w5w3","title":"The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due...","subtitle":"2026-06-04T03:30:22Z","value":"high","href":""},{"id":"GHSA-f9rx-7wf7-jr36","title":"Froxlor's API Authentication bypasses 2FA Authentication","subtitle":"2026-06-03T21:41:12Z","value":"high","href":""},{"id":"GHSA-6vr3-7wcx-v5g5","title":"browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in _log HTTP handler","subtitle":"2026-06-03T21:39:32Z","value":"high","href":""},{"id":"GHSA-8rpw-6cqh-2v9h","title":"browserstack-runner has an unauthenticated arbitrary file read via path traversal in HTTP server","subtitle":"2026-06-03T21:38:40Z","value":"high","href":""},{"id":"GHSA-cfw7-6c5v-2wjq","title":"Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering","subtitle":"2026-06-03T21:37:16Z","value":"critical","href":""},{"id":"GHSA-f49j-v924-fx9w","title":"Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resulting in Remote Code Execution","subtitle":"2026-06-03T21:36:05Z","value":"critical","href":""},{"id":"GHSA-jgh4-c962-w9qg","title":"Local privilege escalation due to excessive permissions assigned to child processes. The...","subtitle":"2026-06-03T21:30:31Z","value":"high","href":""},{"id":"GHSA-769h-95cg-2m99","title":"Local privilege escalation due to DLL hijacking vulnerability. The following products are...","subtitle":"2026-06-03T21:30:31Z","value":"high","href":""},{"id":"GHSA-3w7q-wcq7-c2vr","title":"Local privilege escalation due to DLL hijacking vulnerability. The following products are...","subtitle":"2026-06-03T21:30:31Z","value":"high","href":""},{"id":"GHSA-qgh2-4v7g-2cmc","title":"Local privilege escalation due to EXE hijacking vulnerability. The following products are...","subtitle":"2026-06-03T21:30:31Z","value":"high","href":""},{"id":"GHSA-52pr-7vmf-2w7x","title":"Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the...","subtitle":"2026-06-03T21:30:30Z","value":"high","href":""},{"id":"GHSA-chq7-94j8-cj28","title":"Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass","subtitle":"2026-06-03T21:30:10Z","value":"critical","href":""},{"id":"GHSA-jmmv-h3mp-59v8","title":"Docling Core: Unsafe remote filename resolution","subtitle":"2026-06-03T21:16:25Z","value":"high","href":""},{"id":"GHSA-j5xp-7m2f-49jv","title":"Docling Core: Insufficient validation of image reference URIs","subtitle":"2026-06-03T21:15:31Z","value":"high","href":""},{"id":"GHSA-q29v-xc37-wh5m","title":"Docling: Unsafe URI and Path Handling in HTML Backend","subtitle":"2026-06-03T21:15:02Z","value":"high","href":""},{"id":"GHSA-m88r-rg27-5xfg","title":"Docling: Unsafe XML Entity Expansion in USPTO Patent Backend","subtitle":"2026-06-03T21:14:15Z","value":"high","href":""},{"id":"GHSA-pj2v-ggqh-cmq2","title":"Docling: Unsafe Playwright-based HTML Rendering","subtitle":"2026-06-03T21:09:37Z","value":"high","href":""},{"id":"GHSA-8x6r-g9mw-2r78","title":"React Router vulnerable to DoS via unbounded path expansion in __manifest endpoint","subtitle":"2026-06-03T21:05:17Z","value":"high","href":""},{"id":"GHSA-49rj-9fvp-4h2h","title":"React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE","subtitle":"2026-06-03T21:03:32Z","value":"high","href":""}],"count":30,"generated_at":"2026-06-04T08:35:23.421Z"}