Faraday has a possible incomplete fix for GHSA-33mh-2634-fwr2 - protocol-relative URI objects still bypass host scoping

Summary Faraday::Connectionbuildexclusiveurl still allows protocol-relative host override when the request target is provided as a URI object instead of a String. This bypasses the February 2026 fix for GHSA-33mh-2634-fwr2 and can redirect a request built from a fixed-base Faraday::Connection to ...

UBUNTU-CVE-2021-23400

The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object...

PSF-2019-16 Email header injection in Address objects

It is possible to inject email headers using CR or LF character. The fix disallows CR and LF characters in email.headerregistry.Address arguments to guard against header injection attacks...

[SECURITY] Fedora 19 Update: perl-Email-Address-1.905-1.fc19

This class implements a regex-based RFC 2822 parser that locates email addresses in strings and returns a list of Email::Address objects found. Alternatively you may construct objects manually. The goal of this software is to be correct, and very very fast...