- CVE-2023-41054: LibreY Server-Side Request Forgery (SSRF) vulnerability in image_proxy.php
- CVE-2023-41055: LibreY Server-Side Request Forgery (SSRF) vulnerability via wikipedia_language cookie
- CVE-2023-4913: Reflected Cross-Site Scripting (XSS) vulnerability in the dynamic 404 page in cecilapp/cecil
- CVE-2023-4914: Relative Path Traversal vulnerability in the serve command in cecilapp/cecil
- Gravity Wiz Weekly 201: Gravity Wiz Cache Buster Reflected XSS vulnerability
- GHSA-mp92-hmg2-j362: OpenFlights SQL Injection vulnerability in php/helper.php
- GHSA-95xg-2f23-q3wm: OpenFlights active debug code in password resetting
- GHSA-gg5q-54c9-rx5g: OpenFlights Reflected XSS vulnerability in routes.php
- GHSA-wprq-99w6-j4gh: OpenFlights Stored XSS in airport and airline attributes
- GHSA-2m59-c483-c8qj: OpenFlights Unchecked Input for Loop Condition vulnerability in submit.php
- GHSA-jc52-8p3x-9p7x: OpenFlights Cookie SameSite attribute not always set
- GHSA-hq94-gm7j-7cmc: OpenFlights Insecure Temporary File vulnerability in import.php
- CVE-2024-27927: RSSHub SSRF vulnerabilities in /mastodon, /zjoi, and /m4
- CVE-2024-41812: txtdot SSRF vulnerability in /get
- CVE-2024-41813: txtdot SSRF vulnerability in /proxy
- GHSA-99hj-2wwx-78m3: txtdot Reflected XSS vulnerability in /proxy
- CVE-2024-29415: NPM ip package still incorrectly identifies some private IP addresses as public
- CVE-2024-24789: Go
archive/zipEOCDR comment length handling is inconsistent with other ZIP implementations - CVE-2024-37661: TP-LINK router TL-7DR5130 is vulnerable to forged ICMP redirect message attacks
- CVE-2024-37662: TP-LINK router TL-7DR5130 is vulnerable to TCP DoS or hijacking attacks
- CVE-2024-37663: Redmi router RB03 is vulnerable to forged ICMP redirect message attacks
- CVE-2024-37664: Redmi router RB03 is vulnerable to TCP DoS or hijacking attacks
- CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader
- CVE-2024-7788: Signature Forgery vulnerability in LibreOffice document repair mode
- CVE-2024-50346: WebFeed HTML injection vulnerabilities leading to CSRF and UI spoofing