@cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized --workspace Argument
UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()
Concurrent Ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption
Concurrent Ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity
Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`
Oj: Integer Overflow in Oj.load 2GB String Handling
Oj: Use-After-Free in Oj::Parser SAJ Long Key Callback
Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking
Oj: Negative-Size memcpy in Oj::Parser create_id Attribute Handling
CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality
CoreWCF: XML Signature Wrapping in WS-Security endorsing/supporting signature verification allows replay of captured signed messages
CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
CoreWCF: SAML SubjectConfirmation methods and holder-of-key proof keys are not enforced
CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass
CoreWCF: SAML token replay protection is inoperative
CoreWCF: UnixDomainSocket Non-Reentrant POSIX Identity Resolution
CoreWCF NetNamedPipe transport accepts attach to a pre-existing named pipe instance
CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade
CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate