Martinbasti

**Name of the Vulnerable Software and Affected Versions** Cachi2 versions prior to 0.14.0 **Description** Cachi2 is a command-line interface tool used to pre-fetch a project's dependencies, aiding in making the project's build process network-isolated. The issue arises when an unhandled exception is triggered, potentially showing secrets in logs because the tool logs locals of each function. This could uncover secrets, particularly if the tool is used in CI/build pipelines, which is its main use case. **Recommendations** For versions prior to 0.14.0, update to version 0.14.0 to resolve the issue. At the moment, there is no information about other workarounds for this issue.

Name of the Vulnerable Software and Affected Versions: osbs-client versions 0.46 through 0.56.0 Description: A flaw was found in the `yaml.load()` function, allowing insecure use that enables loading of suspicious objects for code execution via parsing of malicious YAML files. Recommendations: For osbs-client versions 0.46 through 0.56.0, update to version 0.56.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of the `yaml.load()` function until a patch is available. Restrict access to parsing YAML files to minimize the risk of exploitation.