CVE-2023-31130 affecting package grpc for versions less than 1.62.0-2

CVE-2023-31130 affecting package grpc for versions less than 1.62.0-2. An upgraded version of the package is available that resolves this issue...

@hubbleprotocol/hubble-sdk (>=1.0.48 <=2.0.24), @streamflow/stream (>=3.0.14-dev <=3.0.19) +1 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.42.0)

@solana/web3.js NPM version =1.42.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @hubbleprotocol/hubble-sdk =1.0.48, =3.0.14-dev, =2.0.0, =2.0.2 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J...

AZL-31520 CVE-2023-44487 affecting package grpc for versions less than 1.42.0-7

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

PT-2023-9454 · Mongodb · Mongodb Compass

Name of the Vulnerable Software and Affected Versions: MongoDB Compass versions 1.35.0 through 1.42.0 Description: The issue is related to the acceptance and use of insufficiently validated input from an untrusted external source by MongoDB Compass. This may cause unintended application behavior,...

Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...