### Impact The gatsby-plugin-mdx plugin prior to versions 3.15.2 and 2.14.1 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configurat ...
Continue Reading
June 03, 2022
Hi, Spring fans! In thi^^^ these installments, we begin a new series introducing the Spring for GraphQL project. In this first installment, GraphQL Java lead [Andi Marek (@andimarek)]() and [ I (@sta ...
Continue Reading
June 02, 2022
The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL quer ...
Continue Reading
May 30, 2022
Gitlab reports: Runner registration token disclosure through Quick Actions Unprivileged users can add other users to groups through an API endpoint Inaccurate display of Snippet contents can be potent ...
Continue Reading
May 30, 2022
At GitHub, we believe in providing developer-first experiences to help you keep your code secure. Since we launched Dependabot alerts nearly four years ago, weve alerted users on over 425 million po ...
Continue Reading
May 30, 2022
**Introduction** The interest for network security occupations is soaring, but the arrangement is at an incredible insufficient. Experts anticipate a 2021 increment of 3,500,000 empty web-based securi ...
Continue Reading
May 30, 2022
_This is part three of GitHub Security Labs [series on the OWASP Top 10 Proactive Controls](), where I provide practical guidance for OSS developers and maintainers on improving your security postur ...
Continue Reading
May 30, 2022
## Summary: i found the /graphql path and /performance_report with the post method. when i will create page with name /graphql i am not allowed on the grounds it is reserved but i can create page with ...
Continue Reading
May 30, 2022
Back to Main
