This page collects WhisperX intelligence signals tagged #security-advisory. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical vulnerability, tracked as GHSA-xc9x-jj77-9p9j, has been disclosed within the widely-used Nokogiri gem, a core library for parsing HTML and XML in Ruby applications. The flaw stems from improper handling of unexpected data types, potentially exposing countless Ruby and Rails projects to exploitation. The main...
A critical security vulnerability in the Vite development server allows attackers to access sensitive source map files from outside a project's directory. The flaw, tracked as GHSA-4w7w-66w2-5vf9, specifically affects any file ending with `.map`, potentially exposing unminified source code and internal project structur...
A security audit dated April 29, 2026, has identified five vulnerabilities in the astral-tokio-tar library, a widely used Rust crate for handling tar archives with asynchronous I/O. The disclosure, catalogued under the RUSTSEC identifiers, reveals flaws ranging from arbitrary directory permission manipulation through s...
A vulnerability in Kyverno's apiCall service mode silently attaches admission controller ServiceAccount (SA) tokens to all outbound HTTP requests, creating a credential exposure pathway when requests reach external or attacker-controlled endpoints. The flaw operates as an insecure default behavior, meaning policy autho...
A HIGH severity SQL injection vulnerability in Drizzle ORM versions prior to 0.45.2 has surfaced within the Booster-AI project, triggering an urgent dependency audit and blocking the CI pipeline's security gate. The flaw, catalogued as GHSA-gpj5-g38j-94v9, stems from improperly escaped SQL identifiers and was uncovered...
Security researchers have disclosed CVE-2026-33109, a critical vulnerability affecting multiple Azure Cassandra deployments. The flaw allows remote code execution, potentially granting attackers full control over compromised systems. The vulnerability appears exploitable even with low-privilege access, significantly lo...