GHSA-CCFQ-2454-F5XW SillyTavern has a SSRF vulnerability in the CORS proxy middleware

Resolution SillyTavern 1.18.0 added a generic server-side request filter Private Request Whitelisting. Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is...

SillyTavern has a SSRF vulnerability in the CORS proxy middleware

Resolution SillyTavern 1.18.0 added a generic server-side request filter Private Request Whitelisting. Since we expect users to use the application in a trusted environment, the filter is disabled by default, however it is strongly advised to be enabled and properly configured when an instance is...

PT-2026-2559

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured...

EUVD-2020-0062

Malware in sbrugna...

PT-2023-24756

Name of the Vulnerable Software and Affected Versions snowflake-connector-net versions prior to 2.0.18 Description The issue is related to command injection via SSO URL authentication. An attacker would need to establish a malicious resource and redirect users to utilize it. The attacker could se...

PYSEC-2020-37

In django-basic-auth-ip-whitelist before 0.3.4, a potential timing attack exists on websites where the basic authentication is used or configured, i.e. BASICAUTHLOGIN and BASICAUTHPASSWORD is set. Currently the string comparison between configured credentials and the ones provided by users is...