This page collects WhisperX intelligence signals tagged #GHSA. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability in React 19 has triggered an urgent dependency update for Next.js, forcing developers to patch to version 15.5.14. The flaw, tracked as GHSA-9qr9-h5gf-34mp, directly impacts Next.js 15.x and 16.x applications using the App Router, stemming from upstream packages. This is not a routine ...
A critical security vulnerability in PHPUnit, the widely-used testing framework for PHP, exposes systems to potential command injection. The flaw, tracked as GHSA-qrr6-mg7r-m243, stems from how PHPUnit forwards PHP INI settings to child processes during isolated test execution. The framework passes these settings as `-...
A critical authorization bypass vulnerability in Appsmith's App Viewer allowed datasource configurations to potentially leak through the import helper function, according to a recently disclosed GitHub Security Advisory (GHSA-93mf-9h52-gfxp). The flaw stemmed from a null permission check that effectively disabled acces...
Appsmith has released a security fix addressing a path traversal vulnerability (GHSA-m4hv-9p7g-56vm) that exposed git file read and delete operations to directory escape attacks. The flaw, tracked as APP-15180, stemmed from incomplete path validation coverage in the `FileUtilsCEImpl` class, which originally enforced bo...
A security vulnerability has been identified in fast-xml-parser, a widely-used XML parsing library, enabling attackers to inject XML comments and CDATA sections through unescaped delimiters. Tracked as CVE-2026-41650 and GHSA-gh4j-gqv2-49f6, the flaw resides specifically in the XMLBuilder component of the parser. The v...