Red Hat Security Advisory: Red Hat Ceph Storage

CVE-2019-10790 — taffy: taffydb: Internal Property Tampering CVE-2021-23358 — nodejs-underscore: Arbitrary code execution via the template function CVE-2022-34749 — mistune: catastrophic backtracking CVE-2024-31884 — pybind: Improper use of Pybind CVE-2024-51744 — golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt CVE-2024-55565 — nanoid: nanoid mishandles non-integer values CVE-2025-6176 — Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-7783 — form-data: Unsafe random function in form-data CVE-2025-12816 — node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications CVE-2025-14104 — util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames CVE-2025-26791 — dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling CVE-2025-47907 — database/sql: Postgres Scan Race Condition CVE-2025-47913 — golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS CVE-2025-58183 — golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-66031 — node-forge: node-forge ASN.1 Unbounded Recursion CVE-2025-66418 — urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66471 — urllib3: urllib3 Streaming API improperly handles highly compressed data CVE-2025-68429 — Storybook: Storybook: Information disclosure via unexpected bundling of environment variables