-
### Finding Description
Your application is using `addJavascriptInterface()`. This may allow an attacker to execute arbitrary code on Android devices. The vulnerability is exploited by injecting Java…
-
Package version (if known): v1.2.7 & current (2022-02-16) [InvenioRDM demo](https://inveniordm.web.cern.ch/) install
## Describe the bug
Posting to the REST api (e.g. https://inveniordm.web.cern.…
-
### Vite Plugin Version
1.1
### Laravel Version
11 via `laravel new`
### Node Version
18.18.2
### NPM Version
10.4
### Operating System
macOS
### OS Version
15.1.1
…
-
```
We're running on 64-bit Ubuntu with the following versions installed (as part
of the script):
eventlog_0.2.12.tar.gz
syslog-ng_3.2.2.tar.gz
elsa-0.1.1.tar.gz
We're trying to write a new parser…
-
### Pitch
Version number information from lib/mastodon/version.rb is currently displayed to web site visitors, and via the API. I'd rather not advertise the version number of Mastodon that I'm runn…
-
So I think a security vulnerability would be if a malicious website sent a request to localhost:port, as flask-desktop is connected to python that has a higher amount of user access(such as modifying …
-
### Specifics
In an Atom feed, when an entry’s link to the article’s web page is a site-relative URL (starts with `/`, like ``), NNW misinterprets this as a filesystem path and in its GUI makes the…
-
@johnnyreilly trying this out as trying to create a Static Web app for our charity to host our website, hopefully in a way that other members can post news articles etc.
Firstly - I hope that as it t…
-
The docs, and almost every Tornado code example on the internet adds handlers to an `Application` via the `handlers` argument to the constructor. That means the application accepts requests for any ho…
-
CVE-2023-5217 is a heap buffer overflow in libvpx's VP8 encoder, as many things such as electron and more are being tracked in this issue, so we can fix them in nixpkgs.
This vulnerability is yet t…