Amooryx

**Name of the Vulnerable Software and Affected Versions** beiyuouo arxiv-daily versions through 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) **Description** A directory traversal vulnerability exists when parsing the `topic.yml` file in the generation logic within `daily arxiv.py`. **Recommendations** Update beiyuouo arxiv-daily to a version beyond 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687).

**Name of the Vulnerable Software and Affected Versions** FastAPI Guard versions prior to 2.0.0 **Description** An HTTP header injection issue has been identified in FastAPI Guard. By manipulating the `X-Forwarded-For` header, an attacker can potentially inject arbitrary IP addresses into the request. This can allow attackers to bypass IP-based access controls, mislead logging systems, and impersonate trusted clients. It is especially impactful when the application relies on the `X-Forwarded-For` header for IP-based authorization or authentication. **Recommendations** For versions prior to 2.0.0, upgrade to FastAPI Guard version 2.0.0 to receive a fix. As a temporary workaround, consider restricting the use of the `X-Forwarded-For` header until a patch is available.