Viralvaghela

**Name of the Vulnerable Software and Affected Versions** Rollup versions prior to 2.80.0 Rollup versions prior to 3.30.0 Rollup versions prior to 4.59.0 **Description** Rollup, a JavaScript module bundler, contains a flaw due to insecure file name sanitization in its core engine. This allows an attacker to manipulate output filenames using traversal sequences like `../` to overwrite files on the host filesystem where the build process has write access. This could lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. The issue is present in versions 4.x and earlier. **Recommendations** Update to Rollup version 2.80.0 or later. Update to Rollup version 3.30.0 or later. Update to Rollup version 4.59.0 or later.

**Name of the Vulnerable Software and Affected Versions** Parsl versions prior to 2026.01.05 **Description** A SQL Injection issue exists in the parsl-visualize component. The application builds SQL queries using unsafe string formatting with user-supplied input (`workflow id`) taken directly from URL routes. This allows an unauthenticated attacker with access to the visualization dashboard to inject arbitrary SQL commands, potentially leading to data exfiltration or denial of service against the monitoring database. **Recommendations** Update to version 2026.01.05 or later.