Jul 01 GHSA-mjgf-xj26-9qf9 (pay): pay-rails/pay - non-constant-time HMAC comparison in Paddle Billing webhook signature verifier posted in •
Jun 30 CVE-2026-54696 (json): JSON generator heap buffer overflow when streaming to an IO posted in •
Jun 26 CVE-2026-44161 (fluentd): Fluentd is Vulnerable to Server-Side Request Forgery (SSRF) via Placeholder Expansion in `out_http` posted in •
Jun 26 CVE-2026-44160 (fluentd): Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward` posted in •
Jun 26 CVE-2026-44025 (fluentd): Fluentd is Vulnerable to Exposure of Sensitive Information via Monitor Agent API posted in •
Jun 26 CVE-2026-44024 (fluentd): Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder posted in •
Jun 25 GHSA-wwpr-jff3-395c (crass): A large number of adjacent CSS comments can trigger a SystemStackError posted in •
Jun 25 GHSA-8vfg-2r28-hvhj (crass): Non-ASCII characters cause superlinear CPU consumption posted in •
Jun 25 GHSA-6wmf-3r64-vcwv (crass): Large numeric exponents cause CPU and memory denial of service posted in •