Progfay

**Name of the Vulnerable Software and Affected Versions** reg-keygen-git-hash-plugin versions 0.10.15 and earlier **Description** The issue allows remote attackers to execute arbitrary commands. **Recommendations** Upgrade to version 0.10.16 or later to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** @progfay/scrapbox-parser versions prior to 6.0.3 @progfay/scrapbox-parser versions prior to 7.0.2 **Description** A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package for Node.js. This issue allows an attacker to cause the application to consume an excessive amount of CPU by parsing specially crafted text. **Recommendations** For versions prior to 6.0.3, upgrade to version 6.0.3 or later. For versions prior to 7.0.2, upgrade to version 7.0.2 or later. As a temporary workaround, avoid parsing text with a lot of `[` characters to minimize the risk of exploitation.