[MEDIUM] Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields

PKSA-w941-zhwq-2wbm CVE-2026-48067 GHSA-7q3w-xqjw-g3cr

Affected version: >=3.0.0,<=3.3.50

Reported by:
GitHub

[MEDIUM] Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting

PKSA-2xmv-8f99-rg33 CVE-2024-47186 GHSA-9h9q-qhxg-89xr

Affected version: >=3.0.0,<3.2.115

Reported by:
GitHub