George Alexopoulos

drizzlepac is causally affected by scipy CVE-2023-25399

1

## Summary We have causal proof that `drizzlepac==3.9.1`, as well as the latest build from source, are both transitively affected by `CVE-2023-25399` [1]. This means that drizzlepac actively calls the...

thumbor is causally affected by CVE-2024-28219 (Buffer Overflow)

1

## Summary We have causal proof that `thumbor==7.7.4`, as well as the latest build from source, are both transitively affected by `CVE-2024-28219` [1]. This means that thumbor actively calls the...

## Summary We have causal proof that `oggm==1.5.1`, as well as the latest build from source, are both transitively affected by `CVE-2023-25399` [1]. This means that oggm actively calls the...

Could someone list some projects that utilize v8pp so I can have a look? Thanks, George

Fix a Segmentation Fault caused when calling openDbi on a non-open environment: Reproducer: ``` var lmdb = require('./index.js') var env = new lmdb.Env(); var dbi = env.openDbi({name: "myPrettyDatabase", create: true})...

We should bump the libxmljs dependency to >=0.19.8 to avoid versions that are affected by CVE-2022-21144 [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-21144

bump the libxmljs dependency to >=0.19.8

1

We should bump the libxmljs dependency to >=0.19.8 to avoid versions that are affected by CVE-2022-21144 [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-21144