GHSA-6R78-M64M-QWCF Moq v4.20.0-rc to 4.20.1 share hashed user data

Moq v4.20.0-rc to 4.20.1 include support for SponsorLink, which runs an obfuscated DLL at build time that scans local git config data and shares the user's hashed email address with SponsorLink's remote servers. There is no option to disable this. Moq v4.20.2 has removed this functionality...

CVE-2023-27490

NextAuth.js (for Next.js) versions before 4.20.1 are affected. A partial OAuth session failure lets a network observer or social engineer modify the authorization URL to bypass CSRF checks, potentially logging in as the victim. The issue arises from missing/compromised state, PKCE, and nonce hand...