@cloudflare/workers-oauth-provider is an OAuth provider for Cloudflare Workers

Affected versions of this package are vulnerable to Open Redirect due to the missing validation of the redirect URI on the authorize endpoint. An attacker can impersonate a user and potentially steal credentials by tricking a victim into visiting a malicious website. This is only exploitable if the OAuth server's authorized callback is designed to auto-approve authorizations that appear to come from an OAuth client that the victim has previously authorized.

llama-index-readers-web is a llama-index readers web integration

Affected versions of this package are vulnerable to Uncontrolled Recursion due to improper handling of the max_depth parameter in the get_article_urls function. An attacker can exhaust system resources and crash the application through repeated function calls, ultimately exceeding Python's recursion limit.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the MyAccountPortlet fields such as First Name, Middle Name, and Last Name. A user can inject malicious scripts that persist within the database and are executed when other users view these modified fields through the search feature.