CVE-2023-31136

PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and...

EUVD-2023-23518

Malicious code in bioql PyPI...

CVE-2024-49765 Bypass of Discourse Connect using other login paths if enabled in Discourse

Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to...

GHSA-9CFH-VX93-84VV PostgresNIO processes unencrypted bytes from man-in-the-middle

Impact Any user of PostgresNIO connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The remaining text in this section is quoted verbatim fr...