1. CodeQL Flags Unpatched DOM-Based XSS in Homeschool Hero FileUpload Component; Venkman Named Likely Owner
A high-severity cross-site scripting vulnerability has been identified in the frontend infrastructure of homeschool-hero, the open-source project maintained by user x3nc0n. The flaw, detected by GitHub's CodeQL security scanner on May 11, 2026, affects client-side code responsible for handling file uploads and involves...