This page collects WhisperX intelligence signals tagged #Dependency Update. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability in the Ruby on Rails framework's caching layer has been patched, exposing applications using MemCacheStore or RedisCacheStore to potential remote code execution. The flaw, tracked as CVE-2020-8165, resides in the ActiveSupport component and stems from the unintended deserialization of ...
A critical security vulnerability in React 19 has triggered an urgent dependency update for Next.js, forcing developers to patch to version 15.5.14. The flaw, tracked as GHSA-9qr9-h5gf-34mp, directly impacts Next.js 15.x and 16.x applications using the App Router, stemming from upstream packages. This is not a routine ...
A critical security vulnerability in the Vite development server allows attackers to access any file ending in `.map` from outside the project directory. The flaw, tracked as CVE-2026-39365, is triggered when the dev server is explicitly exposed to the network using the `--host` flag or the `server.host` configuration ...
A pending pull request for the Shopsys Platform e-commerce framework moves to eliminate a critical, previously suppressed security vulnerability. The PR explicitly addresses CVE-2026-4587 in the `hybridauth/hybridauth` library by upgrading the dependency to the patched version 3.13.0. This action removes temporary audi...
A critical memory exhaustion vulnerability in the widely used `moby/spdystream` library has been patched, forcing a mandatory update for any service relying on SPDY/3 communication. The flaw, tracked as CVE-2026-35469, resides in the library's frame parser, which fails to validate attacker-controlled counts and lengths...
The go-git project has released version 5.19.0 to address a security vulnerability that could allow specially crafted Git objects to be parsed differently than upstream Git implementations. The flaw, tracked as CVE-2026-45022 and documented as GHSA-389r-gv7p-r3rp, affects the go-git v5 library's handling of malformed c...
A security vulnerability has been uncovered in Mermaid.js, a popular JavaScript library used across development environments, wikis, and documentation platforms to render diagrams from text definitions. The flaw, tracked as CVE-2026-41148 (GHSA-xcj9-5m2h-648r), allows improper sanitization of `classDefs` in diagrams, e...