oss-security

Messages by Date

2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Jan Schaumann
2025/05/16 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/15 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Yogesh Mittal
2025/05/15 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0004 Adrian Perez de Castro
2025/05/15 [oss-security] Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed
2025/05/15 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Stuart Henderson
2025/05/14 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
2025/05/14 [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
2025/05/14 [oss-security] Multiple vulnerabilities in Jenkins plugins Kevin Guerroudj
2025/05/14 [oss-security] Re: EU Vulnerability Database gmane.io
2025/05/14 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/14 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/13 [oss-security] CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication Haonan Hou
2025/05/13 [oss-security] CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver Haonan Hou
2025/05/13 [oss-security] CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function Haonan Hou
2025/05/13 Re: [oss-security] EU Vulnerability Database Solar Designer
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Mark Esler
2025/05/13 Re: [oss-security] EU Vulnerability Database Rolf Reintjes
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Simon McVittie
2025/05/13 Re: [oss-security] EU Vulnerability Database Stuart Henderson
2025/05/13 Re: [oss-security] EU Vulnerability Database Stuart Henderson
2025/05/13 [oss-security] EU Vulnerability Database Graeme Fowler
2025/05/13 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Dave Hart
2025/05/13 Re: [oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Marco Benatto
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis
2025/05/13 [oss-security] Xen Security Notice 3 (CVE-2024-45332) Intel Branch Privilege Injection Andrew Cooper
2025/05/13 Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis
2025/05/13 [oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed
2025/05/13 [oss-security] CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression Dongjoon Hyun
2025/05/13 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli
2025/05/12 Re: [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Solar Designer
2025/05/12 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Matt Johnston
2025/05/12 Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli
2025/05/12 [oss-security] CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover Daniel Gaspar
2025/05/12 [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools VMware PSIRT
2025/05/12 [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
2025/05/09 [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Alan Coopersmith
2025/05/09 [oss-security] CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation Alan Coopersmith
2025/05/09 [oss-security] CVE-2025-46392: Apache Commons Configuration: StackOverflowError loading untrusted configuration Arnout Engelen
2025/05/09 [oss-security] CVE-2025-1948 & CVE-2024-13009: DoS and infoleak in Jetty Valtteri Vuorikoski
2025/05/08 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Jeremy Reeder
2025/05/08 Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
2025/05/08 [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
2025/05/08 [oss-security] OSSA-2025-001 / CVE-2025-44021: OpenStack Ironic fails to restrict paths used for file:// image URLs Jay Faulkner
2025/05/07 [oss-security] CVE-2025-32873: Django: Denial-of-service possibility in strip_tags() Natalia Bidart
2025/05/06 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Alan Coopersmith
2025/05/06 [oss-security] Go 1.24.3 fixes CVE-2025-22873: os: Root permits access to parent directory Alan Coopersmith
2025/05/06 [oss-security] CVE-2025-27533: Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Christopher L. Shannon
2025/05/02 [oss-security] CVE-2025-47153: out-of-bounds access in some 32-bit builds of Node.js Alan Coopersmith
2025/05/02 [oss-security] CVE-2025-46762: Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu
2025/04/29 [oss-security] PowerDNS Security Advisory 2025-02: Denial of service via crafted DoH exchange Remi Gacogne
2025/04/28 [oss-security] CVE-2025-31651: Apache Tomcat: Bypass of rules in Rewrite Valve Mark Thomas
2025/04/28 [oss-security] CVE-2025-31650: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame Mark Thomas
2025/04/28 Re: [oss-security] Re: Trailing dot in Cygwin filenames [was: failed to clone iptables,ipset,nftables] Werner Koch
2025/04/25 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Demi Marie Obenour
2025/04/25 Re: [oss-security] CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c Solar Designer
2025/04/25 [oss-security] CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c xiaolin
2025/04/25 [oss-security] Re: Trailing dot in Cygwin filenames [was: failed to clone iptables,ipset,nftables] Jan Engelhardt
2025/04/25 [oss-security] CVE-2024-56430: openfhe: OpenFHE through 1.2.3 has a NULL pointer dereference bug xiaolin
2025/04/25 Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jacob Bachmeyer
2025/04/24 Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer
2025/04/24 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Solar Designer
2025/04/24 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Demi Marie Obenour
2025/04/24 Re: [oss-security] CVE-2025-0395: Buffer overflow in the GNU C Library's assert() Qualys Security Advisory
2025/04/24 Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jakub Wilk
2025/04/24 Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer
2025/04/24 [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow 田世林
2025/04/24 [oss-security] Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
2025/04/24 [oss-security] Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
2025/04/24 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Albert Veli
2025/04/23 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso
2025/04/23 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso
2025/04/23 [oss-security] CVE-2025-23016: Integer & buffer overflow in fastcgi < 2.4.5 Alan Coopersmith
2025/04/23 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Jakub Wilk
2025/04/23 Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ricardo Branco
2025/04/23 [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
2025/04/22 [oss-security] CVE-2025-26413: Apache Kvrocks: The server was crashed by the negative offset Hulk Lin
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Jim P.
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Russ Allbery
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Mats Wichmann
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Thomas Ward
2025/04/21 Re: [oss-security] 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski
2025/04/21 [oss-security] 3 new CVE's in old branch of GNU mailman Alan Coopersmith
2025/04/19 Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
2025/04/18 Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Solar Designer
2025/04/18 [oss-security] libarchive 3.7.8 fixed CVE-2024-57970, CVE-2025-1632, & CVE-2025-25724 Alan Coopersmith
2025/04/18 [oss-security] A bowlful of bugs in GNOME's libsoup Alan Coopersmith
2025/04/18 [oss-security] CVE-2025-29953: Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass Arnout Engelen
2025/04/18 Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
2025/04/17 Re: [oss-security] Multiple vulnerabilities in libxml2 Nick Wellnhofer
2025/04/17 Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Solar Designer
2025/04/17 Re: [oss-security] Multiple vulnerabilities in libxml2 Solar Designer
2025/04/17 [oss-security] Multiple vulnerabilities in libxml2 Nick Wellnhofer
2025/04/17 Re: [oss-security] CVE program averts swift end Jan Klopper
2025/04/16 Re: [oss-security] CVE program averts swift end Marco Moock
2025/04/16 [oss-security] CVE program averts swift end Rolf Reintjes
2025/04/16 Re: [oss-security] CVE program averts swift end Alan Coopersmith
2025/04/16 Re: [oss-security] CVE program averts swift end Brian Behlendorf
2025/04/16 [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
2025/04/16 [oss-security] CVE-2024-56736: Apache HertzBeat (incubating): Server-Side Request Forgery (SSRF) in Api Config Oss Chao Gong
2025/04/13 Re: [oss-security] CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist
2025/04/13 Re: [oss-security] CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Solar Designer
2025/04/13 [oss-security] CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist
2025/04/12 Re: [oss-security] Security audit of PHP Solar Designer
2025/04/12 Re: [oss-security] CVE-2025-0395: Buffer overflow in the GNU C Library's assert() Solar Designer
2025/04/12 [oss-security] Security audit of PHP Alan Coopersmith
2025/04/12 [oss-security] CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access Hailin Wang
2025/04/11 [oss-security] CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change David M. Johnson
2025/04/10 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer
2025/04/10 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer
2025/04/10 Re: [oss-security] CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Demi Marie Obenour
2025/04/10 [oss-security] Re: Announce: OpenSSH 10.0 released Damien Miller
2025/04/10 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Hanno Böck
2025/04/10 [oss-security] CVE-2025-31498: c-ares use-after-free Brad House
2025/04/10 [oss-security] Vulnerabilities in Jenkins Docker images Daniel Beck
2025/04/10 Re: [oss-security] CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Greg KH
2025/04/10 [oss-security] CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() ake...@akendo.eu
2025/04/10 Re: [oss-security] CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. LinkinStar
2025/04/09 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping
2025/04/09 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping
2025/04/09 [oss-security] xmlrpc-c bundles a (very old and) vulnerable copy of libexpat Sebastian Pipping
2025/04/09 [oss-security] CVE-2025-27391: Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log Domenico Francesco Bruscino
2025/04/09 [oss-security] CVE-2025-30677: Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors Lari Hotari
2025/04/09 [oss-security] Announce: OpenSSH 10.0 released Damien Miller
2025/04/08 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Andrew Cooper
2025/04/08 [oss-security] CVE-2025-30215: nats-server: Missing access controls for JS API Phil Pennock
2025/04/08 [oss-security] CVE-2025-31672: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names PJ Fanning
2025/04/08 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰
2025/04/07 Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Mingcong Bai
2025/04/07 [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰
2025/04/07 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0003 Adrian Perez de Castro
2025/04/07 [oss-security] PowerDNS Recursor Security Advisory 2025-01 regarding PowerDNS Recusor 5.2.0 Otto Moerbeek
2025/04/06 Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Jeffrey Walton
2025/04/06 Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Solar Designer
2025/04/06 Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Hanno Böck
2025/04/05 [oss-security] CVE-2025-2704 - OpenVPN 2.6.1 through 2.6.13 with possible DoS David Sommerseth
2025/04/05 [oss-security] use-after-free (maybe?) in libspf2 Hanno Böck
2025/04/05 [oss-security] CVE-2025-30232: UAF in Exim 4.96 to 4.98.1 Valtteri Vuorikoski
2025/04/05 Re: [oss-security] XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
2025/04/04 [oss-security] CVE-2025-22871 : Go net/http: request smuggling through invalid chunked data Alan Coopersmith
2025/04/04 [oss-security] pgAdmin 4 v9.2 fixes CVE-2025-2945 & CVE-2025-2946 Alan Coopersmith
2025/04/04 [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Elad Kalif
2025/04/04 [oss-security] CVE-2025-3155 GNOME Yelp: Arbitrary file read by abusing ghelp scheme Alan Coopersmith
2025/04/04 [oss-security] CVE-2025-30474: Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message Gary D. Gregory
2025/04/04 [oss-security] CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. Enxin Xie
2025/04/03 [oss-security] XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
2025/04/03 [oss-security] Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
2025/04/02 [oss-security] Multiple vulnerabilities in Jenkins and Jenkins plugins Kevin Guerroudj
2025/04/02 [oss-security] [ANNOUNCE] ATS is vulnerable to request smuggling via chunked messages Masakazu Kitajo
2025/04/02 [oss-security] CVE-2025-27556: Django: Potential DoS in LoginView, LogoutView, and set_language() on Windows Natalia Bidart
2025/04/01 Re: [oss-security] CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. Jacob Bachmeyer
2025/04/01 Re: [oss-security] Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol Solar Designer
2025/04/01 [oss-security] CVE-2025-30676: Apache OFBiz: Stored XSS Vulnerability Jacques Le Roux
2025/04/01 [oss-security] CVE-2025-30177: Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering Andrea Cosentino
2025/04/01 [oss-security] Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol Arthur Mongodin
2025/03/31 [oss-security] CVE-2025-30065: Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu
2025/03/31 [oss-security] CVE-2025-27427: Apache ActiveMQ Artemis: Address routing-type can be updated by user without the createAddress permission Justin Bertram
2025/03/29 [oss-security] CVE-2025-31160 Atop 2.11 heap problems Gerlof Langeveld
2025/03/28 Re: [oss-security] atop: Heap corruption Alan Coopersmith
2025/03/27 [oss-security] CVE-2024-56325: Apache Pinot: Authentication bypass issue. If the path does not contain / and contain . authentication is not required siddharth teotia
2025/03/27 [oss-security] wait3() system call as a side-channel in setuid programs (nvidia-modprobe CVE-2024-0149) Wolfgang Frisch
2025/03/27 [oss-security] Three bypasses of Ubuntu's unprivileged user namespace restrictions Qualys Security Advisory
2025/03/26 Re: [oss-security] atop: Heap corruption Solar Designer
2025/03/26 [oss-security] CVE-2025-30067: Apache Kylin: The remote code execution via jdbc url Li Yang
2025/03/26 [oss-security] CVE-2024-48944: Apache Kylin: SSRF vulnerability in the diagnosis api Li Yang
2025/03/26 Re: [oss-security] atop: Heap corruption Mark Steward
2025/03/26 Re: [oss-security] atop: Heap corruption Thomas Ward
2025/03/26 Re: [oss-security] atop: Heap corruption Alan Coopersmith
2025/03/26 [oss-security] atop: Heap corruption Solar Designer
2025/03/26 Re: [oss-security] CVE-2025-29927: Authorization Bypass in Next.js Middleware Alan Coopersmith
2025/03/24 [oss-security] CVE-2025-27553: Apache Commons VFS: Possible path traversal issue when using NameScope.DESCENDENT Gary D. Gregory
2025/03/24 [oss-security] [kubernetes] Multiple vulnerabilities in ingress-nginx Tabitha Sable
2025/03/24 Re: [oss-security] [kubernetes] Multiple vulnerabilities in ingress-nginx Kevin Daudt
2025/03/24 [oss-security] CVE-2024-53679: Apache VCL: XSS vulnerability in User Lookup impacting user privileges Josh Thompson
2025/03/24 [oss-security] CVE-2024-53678: Apache VCL: SQL injection vulnerability in New Block Allocation form Josh Thompson
2025/03/23 [oss-security] CVE-2025-29927: Authorization Bypass in Next.js Middleware Alan Coopersmith
2025/03/21 [oss-security] Mercurial 6.9.4 fixes CVE-2025-2361: XSS in hgweb Alan Coopersmith
2025/03/21 [oss-security] CVE-2025-26796: Apache Oozie: XSS in Oozie Web Console Arnout Engelen
2025/03/20 [oss-security] [kubernetes] CVE-2024-7598: Network restriction bypass via race condition during namespace termination Craig Ingram
2025/03/20 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0002 Adrian Perez de Castro
2025/03/19 [oss-security] CVE-2024-54016: compression bomb attack in Apache Seata Server Min Ji
2025/03/19 [oss-security] CVE-2025-27888: Apache Druid: Server-Side Request Forgery and Cross-Site Scripting Adarsh Sanjeev
2025/03/19 [oss-security] CVE-2024-47552: Apache Seata (incubating): Deserialization of untrusted Data in jraft mode in Apache Seata Server Min Ji
2025/03/19 [oss-security] CVE-2025-27018: Apache Airflow MySQL Provider: SQL injection in MySQL provider core function Elad Kalif
2025/03/19 [oss-security] Multiple vulnerabilities in Jenkins plugins Daniel Beck
2025/03/18 Re: [oss-security] tj-action/changed-files GitHub action was compromised Jacob Bachmeyer
2025/03/18 [oss-security] Re: tj-action/changed-files GitHub action was compromised Mark Esler
2025/03/15 [oss-security] tj-action/changed-files GitHub action was compromised Mark Esler
2025/03/15 Re: [oss-security] expat vulnerability CVE-2024-8176 / impact of recursion stack overflow vulnerabilities Qualys Security Advisory
2025/03/15 [oss-security] [SBA-ADV-20241209-02] CVE-2024-13919: Laravel 11.9.0-11.35.1 Reflected XSS via Route Parameter in Debug-Mode Error Page SBA Research Security Advisory
2025/03/15 [oss-security] PHP security releases 8.4.5, 8.3.19, 8.2.28, 8.1.32 Alan Coopersmith
2025/03/14 [oss-security] expat vulnerability CVE-2024-8176 / impact of recursion stack overflow vulnerabilities Hanno Böck
2025/03/14 [oss-security] [CVE-2024-8176] Long linear chains of entities crash Expat with stack overflow due to use of unlimited recursion Alan Coopersmith
2025/03/14 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Michel Lind
2025/03/14 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Marc Deslauriers
2025/03/14 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Marc Deslauriers
2025/03/13 Re: [oss-security] CVE-2025-27363: out of bounds write in FreeType <= 2.13.0 Michel Lind
2025/03/13 [oss-security] [kubernetes] CVE-2025-1767: GitRepo Volume Inadvertent Local Repository Access Vellore Rajakumar, Sri Saran Balaji