[MEDIUM] Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields

PKSA-ndkp-2znf-9m7c CVE-2026-48067 GHSA-7q3w-xqjw-g3cr

Affected version: >=5.0.0,<=5.6.3|>=4.0.0,<=4.11.3

Reported by:
GitHub

[LOW] Filament has exported files stored in default (`public`) filesystem if not reconfigured

PKSA-1ds2-yqqr-64g1 CVE-2024-51758 GHSA-4hxw-gc2q-f6f3

Affected version: >=3.2.0,<3.2.123

Reported by:
GitHub