Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Moderate
GSA_kwCzR0hTQS14NDc3LWZxMzctcTV3cs4AAxOX
Initial debug-host handler implementation could leak information and facilitate denial of service
Ecosystems: go
Packages: fortio.org/proxy
Source: GitHub Advisory Database
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1xOWhyLWo0cmYtOGZqY84AAxJD
JWT audience claim is not verified
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS1xcmc3LWhmeDctOTVjNc4AAxJC
Command injection in Git package in Wrangler
Ecosystems: go
Packages: github.com/rancher/wrangler, rancher/github.com/rancher/wrangler
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04ZmNqLWdmNzctNDdtZ84AAxJB
Denial of service (DoS) when processing Git credentials
Ecosystems: go
Packages: github.com/rancher/wrangler
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS02cDRtLWh3MmgtNmdtd84AAxJA
Controller reconciles apps outside configured namespaces when sharding is enabled
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1jNDVjLTM5ZjYtNmd3Oc4AAxI_
Rancher generated tokens not revoked after modifications made to authentication provider
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
Critical
GSA_kwCzR0hTQS1jcTRwLXZwNXEtNDUyMs4AAxI-
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS0zNHA1LWpwNzctZmNyY84AAxI9
Command injection in Rancher Git package
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1nMjVyLWd2cTMtd3JxN84AAxI8
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS03bTcyLW1oNXItNmozcs4AAxI7
Privilege escalation in project role template binding (PRTB) and -promoted roles
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS04YzY5LXIzOGotcnBmas4AAxI6
Rancher cattle-token is predictable
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS0yeDQ4LXA2Y3EtNXhjd84AAxHY
Path Traversal in github.com/go-sonic/sonic
Ecosystems: go
Packages: github.com/go-sonic/sonic
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS03cDhtLTIyaDQtOXBqN84AAxG4
scs-library-client may leak user credentials to third-party service via HTTP redirect
Ecosystems: go
Packages: github.com/sylabs/scs-library-client
Source: GitHub Advisory Database
Published: 15 days ago
High
GSA_kwCzR0hTQS1oajRnLTR3MzYteDhocM4AAxF7
Kraken has arbitrary file read vulnerability via component testfs
Ecosystems: go
Packages: github.com/uber/kraken
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS1wYzk5LXFtZzQtcmNmZs4AAxFv
act vulnerable to arbitrary file upload in artifact server
Ecosystems: go
Packages: github.com/nektos/act
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS03amY1LWZ2Z2YtNDhjNs4AAxEf
Velociraptor subject to Path Traversal
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS1nNXZtLTUyNXEtcjY2Y84AAxET
Velociraptor vulnerable to Missing Authorization
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS1meGc1LXdxNngtdnI0d84AAw-p
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
Ecosystems: go
Packages: golang.org/x/net/http2/h2c
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS1mZ3dwLXB3cXEtZzN3NM4AAw8S
Bloom Uncontrolled Search Path Element vulnerability
Ecosystems: go
Packages: github.com/bits-and-blooms/bloom
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS02cnJyLTc4eHAtNWpwOM4AAw6R
Zitadel RefreshToken invalidation vulnerability
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS0zMjQ0LThtZmYtdzM5OM4AAw3d
Reflected XSS in Gotify's /docs via import of outdated Swagger UI
Ecosystems: go
Packages: github.com/gotify/server
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS1qeGdwLWpnaDMtOGpjOM4AAw1G
KubeOperator allows unauthorized access to system API
Ecosystems: go
Packages: github.com/KubeOperator/KubeOperator
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS12NHc1LXIyeGMtN2Y4aM4AAw1F
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS1ncXg4LWh4bXYtYzR2NM4AAw1E
KubePi may allow unauthorized access to system API
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS04OXFtLXdjbXctM21nZ84AAw0u
Gitops Run insecure communication
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Published: 27 days ago
High
GSA_kwCzR0hTQS13cjNjLWczMjYtNDg2Y84AAw0t
GitOps Run allows for Kubernetes workload injection
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Published: 27 days ago
Critical
GSA_kwCzR0hTQS0zaGM3LTJ4Y2MtN3A4Zs4AAwzZ
Squalor SQL Injection vulnerability
Ecosystems: go
Packages: github.com/square/squalor
Source: GitHub Advisory Database
Published: 28 days ago
Critical
GSA_kwCzR0hTQS1nN213LTlwZjktcDJwbc4AAwzR
gosqljson SQL Injection vulnerability
Ecosystems: go
Packages: github.com/elgs/gosqljson
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1yODk0LTVyN3YtN3J4M84AAwy5
easy-scrypt Observable Timing Discrepancy vulnerability
Ecosystems: go
Packages: github.com/agnivade/easy-scrypt
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1wY3ZoLXB4MnAtdm14d84AAwyz
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS04Njg2LTRjcjMtNzZ3as4AAwyw
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS05aDd4LTlwbWgtN2dnOM4AAwyu
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS14MjJ2LXFnbTItN3FjN84AAwyx
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1oMnBoLTlyNzYtMzd2Nc4AAwyv
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1mcGpjLWN4cjYtdzZoOM4AAwyy
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Critical
GSA_kwCzR0hTQS12amhmLTh2cXgtdnFwcc4AAwyJ
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1jNjUzLTZoaGctOXg5Ms4AAwwn
go-ipld-prime/codec/json may panic if asked to encode bytes
Ecosystems: go
Packages: github.com/ipld/go-ipld-prime/codec/json
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS04dzVxLTVmcHEtdjRwbc4AAwrb
usememos/memos Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS14OXA5LXYzeDYtNjhtcc4AAwra
usememos/memos vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1ndmZqLWZ4eDMtajMyM84AAwrY
Mellium vulnerable to authentication failure or insufficient randomness used during authentication
Ecosystems: go
Packages: mellium.im/sasl
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02d2hqLThnOWctNWp2eM4AAwqm
usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00ZnY4LXc2NW0tMzkzMs4AAwqi
efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts
Ecosystems: go
Packages: github.com/kubernetes-sigs/aws-efs-csi-driver
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wMjI4LTRtcmgtd3c3cs4AAwqg
Elrond-GO processing: fallback search of SCRs when not found in the main cache
Ecosystems: go
Packages: github.com/ElrondNetwork/elrond-go
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jd2g3LTI4dmctam1wcs4AAwqd
pastebinit Path Traversal vulnerability
Ecosystems: go
Packages: github.com/jessfraz/pastebinit
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oaHhnLXB4NWgtamMzMs4AAwqY
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
Ecosystems: go
Packages: github.com/go-macaron/csrf
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14djZ4LTQ1NnYtMjR4aM4AAwqM
gotify/server vulnerable to Cross-site Scripting in the application image file upload
Ecosystems: go
Packages: github.com/gotify/server
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ndzltLTJtNXYtYzZ4Nc4AAwp7
usememos/memos Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yN2hnLTJjcHAtOHdxcc4AAwp_
usememos/memos has Incorrectly Specified Destination in a Communication Channel
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12aDQzLWNjNngtcHJwcs4AAwqF
usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jNWhxLTM1aDctcjl4NM4AAwqA
usememos/memos Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wd2hyLXA2OHctMjk2eM4AAwqE
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02NDJxLTJxNjgtOWozcM4AAwp-
usememos/memos Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1neHFmLTRnNHAtcTNoY84AAwqD
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ybWh4LTloNWgtM3hoM84AAwqC
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS01anFwLXdtaGotZzMzZs4AAwqB
usememos/memos Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jd3JtLTMzcXEtNHcyeM4AAwp6
usememos/memos Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00MnEyLW01NGYtamg5Nc4AAwp8
sememos/memos vulnerable to Improper Handling of Values
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS05aDZoLTlnNzgtODZmN84AAwpm
Yapscan's report receiver server vulnerable to path traversal and log injection
Ecosystems: go
Packages: github.com/fkie-cad/yapscan
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jbTl4LWMzcmgtN3JjNM4AAwpl
CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tN3FwLWNqOXAtZ2o4Nc4AAwpR
OpenShift OSIN vulnerable to Observable Timing Discrepancy
Ecosystems: go
Packages: github.com/openshift/osin
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tcTVxLWdwZ3YtcHd4d84AAwpH
usememos/memos Incorrect Use of Privileged APIs vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wcDNwLTZqamgtcm1nN84AAwpC
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02Zng5LTI5eDItZm1mas4AAwpG
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xZjlxLTN3d3gtOHFqds4AAwpE
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yM3AzLTVmMzUtaDZtZs4AAwpF
usememos/memos Improper Privilege Management vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS02dzV3LXd4OHctMmNxOc4AAwpK
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oYzVxLTI2aDgtcjl3Zs4AAwo6
usememos/memos Improper Authorization vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03cXB3LTJqOW0tcnc4Y84AAwpJ
usememos/memos has Insufficient Granularity of Access Control
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tNXByLXdtNnEteDRnMs4AAwpL
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nZmo0LXdnODktbTIycs4AAwo7
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yeDJtLXhyNHgtNTRoaM4AAwpA
usememos/memos vulnerable to Improper Authorization
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xdzM2LXJ3NXEtZ3hjcc4AAwpI
usememos/memos Improper Authorization vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mODNwLXBnODYtcDkyMs4AAwpB
usememos/memos has Insufficient Granularity of Access Control
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qdnE4LXc3cXYtaHFwNs4AAwo-
usememos/memos Improper Authentication vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tZm1wLThtcWctcTR3bc4AAwpD
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tZnZxLW0zamotODg2NM4AAwo8
usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xcnJmLXh2Y2YtcDY0cc4AAwo9
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xY2Y1LW0yYzYtODlmMs4AAwo_
usememos/memos Improper Authorization vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1naHgyLTZ2NGctOXdtbc4AAwo5
usememos/memos makes Incorrect Use of Privileged APIs
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qcjY1LWdwajUtY3c3NM4AAwor
go-resolver's DNSSEC validation not performed correctly
Ecosystems: go
Packages: github.com/peterzen/goresolver
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS04N21tLXF4bTUtY3AzZs4AAwos
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs
Ecosystems: go
Packages: github.com/peterzen/goresolver
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wNmZnLTcyM2YtaGdwd84AAwot
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption
Ecosystems: go
Packages: github.com/shiyanhui/dht
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01cmhnLXhoZ3ItNWhmas4AAwou
go-saml's XML Digital Signatures use SHA-1
Ecosystems: go
Packages: github.com/RobotsAndPencils/go-saml
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mamdxLTIyNGYtZnEzN84AAwoc
Goa vulnerable to path traversal
Ecosystems: go
Packages: goa.design/goa/v3, goa.design/goa, github.com/goadesign/goa
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1qcGY4LWg3aDctM3Bwbc4AAwoR
tar-utils Path Traversal vulnerability
Ecosystems: go
Packages: github.com/whyrusleeping/tar-utils
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zODM5LTZyNjktbTQ5N84AAwoN
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Ecosystems: go
Packages: github.com/Masterminds/goutils
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1neGdqLXhqY3ctZnY5cM4AAwod
socks Infinite Loop vulnerability
Ecosystems: go
Packages: github.com/btcsuitereleases/go-socks/socks, github.com/btcsuite/go-socks/socks
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02anZjLXEyeDctcGNods4AAwom
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
Ecosystems: go
Packages: github.com/aws/aws-sdk-go
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1qY3I2LW1tamotcGNod84AAwoZ
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
Ecosystems: go
Packages: github.com/gorilla/handlers
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS12cDU2LXI3cXYtNzgzds4AAwog
ahh vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/go-aah/aah
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS01eDg0LXE1MjMtdnZ3cs4AAwoU
nosurf vulnerable to improper input validation
Ecosystems: go
Packages: github.com/justinas/nosurf
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yODhyLWdtcmgtN2o4M84AAwoS
YAML Go package vulnerable to denial of service
Ecosystems: go
Packages: gopkg.in/yaml.v2
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS02Y3I2LWZtdmMtdncycM4AAwoT
Noise vulnerable to uncontrolled resource consumption
Ecosystems: go
Packages: github.com/flynn/noise
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1ocm0zLTN4bTYteDMzaM4AAwoO
golang-nanoauth authentication bypass vulnerability
Ecosystems: go
Packages: github.com/nanobox-io/golang-nanoauth
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1ybWo5LXE1OGctOXFnZ84AAwoW
go-unzip vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/artdarek/go-unzip
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS01dnc0LXY1ODgtcGd2OM4AAwob
robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison
Ecosystems: go
Packages: github.com/robbert229/jwt
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zMnFoLTh2ZzYtOWc0M84AAwop
Cloud Foundry Archiver vulnerable to path traversal
Ecosystems: go
Packages: code.cloudfoundry.org/archiver, github.com/cloudfoundry/archiver
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oZ2dyLXA3djYtNzNwNc4AAwoQ
revel is vulnerable to resource exhaustion
Ecosystems: go
Packages: github.com/revel/revel
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS00d3AyLThybTItamdtaM4AAwoa
LZ4 vulnerable to Out-of-bounds Write
Ecosystems: go
Packages: github.com/cloudflare/golz4
Source: GitHub Advisory Database
Published: about 1 month ago
Low
GSA_kwCzR0hTQS00MzQ4LXgyOTItaDQzN84AAwoe
GoBase Race Condition vulnerability
Ecosystems: go
Packages: github.com/ntbosscher/gobase
Source: GitHub Advisory Database
Published: about 1 month ago
Filter by Package
github.com/usememos/memos 54 gogs.io/gogs 21 github.com/argoproj/argo-cd 16 github.com/hashicorp/nomad 14 github.com/ethereum/go-ethereum 14 github.com/goharbor/harbor 13 helm.sh/helm/v3 12 github.com/rancher/rancher 12 github.com/hashicorp/consul 10 github.com/hashicorp/vault 10 github.com/argoproj/argo-cd/v2 10 github.com/containerd/containerd 9 code.gitea.io/gitea 9 k8s.io/kubernetes 9 github.com/docker/docker 9 github.com/kubeedge/kubeedge 8 github.com/nats-io/nats-server/v2 8 github.com/opencontainers/runc 7 github.com/traefik/traefik/v2 7 github.com/cri-o/cri-o 7 github.com/cloudflare/cfrpki/cmd/octorpki 7 github.com/go-gitea/gitea 7 github.com/pomerium/pomerium 7 github.com/sylabs/singularity 6 github.com/fluxcd/flux2 6 github.com/beego/beego 6 github.com/google/fscrypt 6 github.com/fluxcd/kustomize-controller 5 github.com/moby/moby 5 github.com/cilium/cilium 5 github.com/hashicorp/go-getter 5 istio.io/istio 5 github.com/mattermost/mattermost-server/v6 5 github.com/openfga/openfga 5 github.com/cloudflare/cfrpki 5 github.com/beego/beego/v2 5 helm.sh/helm 4 github.com/ory/fosite 4 github.com/russellhaering/gosaml2 4 github.com/containers/podman/v4 4 github.com/pion/dtls 4 github.com/hyperledger/fabric 4 github.com/ipfs/go-ipfs 4 github.com/tidwall/gjson 4 github.com/open-policy-agent/opa 4 github.com/nats-io/jwt 4 github.com/foxcpp/maddy 4 github.com/argoproj/argo-workflows/v3 4 github.com/kiali/kiali 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/miekg/dns 3 github.com/nats-io/nats-server/v2/server 3 github.com/go-gitea/gitea/models 3 go.etcd.io/etcd/client/v3 3 github.com/russellhaering/goxmldsig 3 github.com/alist-org/alist/v3 3 github.com/cortexproject/cortex 3 github.com/casdoor/casdoor 3 github.com/mattermost/mattermost-server 3 go.etcd.io/etcd/v3 3 github.com/fluxcd/helm-controller 3 github.com/lightningnetwork/lnd 3 github.com/dexidp/dex 3 github.com/weaveworks/weave-gitops 3 github.com/traefik/traefik 3 github.com/openshift/origin 3 github.com/KubeOperator/kubepi 3 github.com/containers/buildah 3 gopkg.in/yaml.v2 3 github.com/gravitl/netmaker 3 github.com/dutchcoders/transfer.sh 3 github.com/sigstore/cosign 3 github.com/ElrondNetwork/elrond-go 3 github.com/crypto-org-chain/cronos 3 github.com/git-lfs/git-lfs 3 github.com/apache/trafficcontrol 3 github.com/aws/aws-sdk-go/service/s3/s3crypto 3 github.com/containers/podman/v3 3 github.com/kubernetes/kubernetes 3 github.com/tendermint/tendermint 2 github.com/netlify/gotrue 2 gopkg.in/square/go-jose.v1 2 github.com/sajari/docconv 2 google/protobuf 2 github.com/protocolbuffers/protobuf 2 com.google.protobuf:protobuf-parent 2 Google.Protobuf 2 protobuf 2 github.com/argoproj/argo-events 2 github.com/kubernetes/kubernetes/pkg/kubectl/cmd/cp 2 github.com/buger/jsonparser 2 github.com/bitly/oauth2_proxy 2 github.com/Masterminds/goutils 2 github.com/goharbor/harbor/src/core/api 2 github.com/kata-containers/runtime 2 github.com/cosmos/ethermint/rpc/namespaces/eth 2 github.com/cosmos/ethermint 2 helm.sh/helm/v3/pkg/plugin 2 github.com/ecnepsnai/web 2 github.com/google/exposure-notifications-verification-server 2 github.com/gin-gonic/gin 2 github.com/prometheus/prometheus 2 github.com/owncast/owncast 2 github.com/codenotary/immudb/pkg/client 2 github.com/pingcap/tidb 2 github.com/free5gc/free5gc 2 github.com/go-vela/server 2 kubevirt.io/kubevirt 2 github.com/labstack/echo/v4 2 github.com/brokercap/Bifrost 2 github.com/theupdateframework/go-tuf 2 github.com/talos-systems/talos 2 golang.org/x/crypto/ssh 2 github.com/flyteorg/flyteadmin 2 github.com/caddyserver/caddy 2 golang.org/x/net/http2 2 www.velocidex.com/golang/velociraptor 2 github.com/zalando/skipper 2 github.com/rancher/wrangler 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/coreos/ignition/v2 2 github.com/gphper/ginadmin 2 github.com/mattermost/mattermost-server/v5 2 github.com/stripe/smokescreen 2 github.com/ipld/go-codec-dagpb 2 github.com/concourse/concourse 2 github.com/flynn/noise 2 github.com/nats-io/nats-streaming-server 2 github.com/tharsis/evmos 2 golang.org/x/text/language 2 github.com/hashicorp/nomad/client/allocrunner/taskrunner/template 2 github.com/crewjam/saml 2 github.com/fleetdm/fleet/v4 2 github.com/matrix-org/dendrite 2 github.com/treeverse/lakefs 2 github.com/microcosm-cc/bluemonday 2 github.com/gotify/server 2 github.com/peterzen/goresolver 2 github.com/zitadel/zitadel 2 github.com/pires/go-proxyproto 2 github.com/ory/oathkeeper 2 github.com/pterodactyl/wings 2 github.com/ulikunitz/xz 2 github.com/hashicorp/consul/agent/consul 1 github.com/hashicorp/nomad/command/agent 1 github.com/elastic/cloud-on-k8s 1 github.com/hashicorp/terraform/backend/remote-state/azure 1 github.com/kata-containers/agent 1 github.com/grafana/grafana/pkg/middleware 1 github.com/hashicorp/consul/agent/config 1 github.com/containers/podman 1 github.com/spiffe/spire 1 github.com/couchbase/sync_gateway/db 1 k8s.io/kubernetes/pkg/apiserver 1 github.com/mholt/archiver/cmd/arc 1 code.cloudfoundry.org/gorouter/common/secure 1 github.com/keycloak/keycloak-gatekeeper 1 github.com/proglottis/gpgme 1 github.com/documize/community 1 github.com/documize/community/domain/section/markdown 1 github.com/tendermint/tendermint/rpc/client 1 github.com/shiyanhui/dht 1 github.com/kubernetes/kubernetes/pkg/apiserver 1 github.com/elastic/beats/packetbeat/protos/pgsql 1 github.com/square/go-jose 1 github.com/robbert229/jwt 1 github.com/apache/servicecomb-service-center 1 github.com/opencontainers/umoci 1 github.com/google/exposure-notifications-server 1 github.com/github/hub 1 github.com/appc/docker2aci 1 github.com/kubernetes-sigs/aws-efs-csi-driver 1 github.com/pomerium/pomerium/authenticate 1 github.com/Bytom/bytom 1 github.com/grafana/grafana/pkg/api 1 github.com/in-toto/in-toto-golang 1 github.com/go-vela/compiler 1 github.com/gohugoio/hugo 1 github.com/ethereum/go-ethereum/core 1 github.com/pion/webrtc/v3 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/seccomp/libseccomp-golang 1 github.com/cloudflare/tableflip 1 github.com/ntbosscher/gobase/auth/httpauth 1 github.com/moov-io/customers 1 github.com/ethereum/go-ethereum/ethclient 1 helm.sh/helm/v3/pkg/chartutil 1 github.com/ory/fosite/handler/oauth2 1 github.com/argoproj/argo-cd/util/cache 1 helm.sh/helm/v3/pkg/plugin/installer 1 github.com/hashicorp/consul/agent/consul/discoverychain 1 github.com/influxdata/influxdb/services/httpd 1 github.com/hashicorp/consul/agent 1 sigs.k8s.io/secrets-store-csi-driver 1 github.com/ethereum/go-ethereum/core/vm 1 github.com/ory/hydra/oauth2 1 github.com/weaveworks/weave 1 github.com/uber/kraken 1 github.com/tendermint/tendermint/p2p 1 sigs.k8s.io/secrets-store-csi-driver/pkg/secrets-store 1 github.com/kubernetes-csi/external-snapshotter/v3 1 github.com/ovn-org/ovn-kubernetes 1 go.mongodb.org/mongo-driver 1 github.com/studygolang/studygolang 1 github.com/opencontainers/runc/libcontainer 1 github.com/datacharmer/dbdeployer 1 github.com/helm/helm 1 github.com/helm/helm/v3 1 github.com/kubernetes-csi/external-snapshotter/v2 1 github.com/concourse/concourse/atc/db 1 github.com/ory/hydra 1 github.com/heroiclabs/nakama 1 github.com/argoproj/argo-workflows 1 github.com/dgrijalva/jwt-go 1 com.clever-cloud:biscuit-java 1 biscuit-auth 1 github.com/biscuit-auth/biscuit-go 1 github.com/siderolabs/talos 1 github.com/unknwon/cae/zip 1 github.com/gorilla/handlers 1 github.com/ethereum/go-ethereum/consensus 1 github.com/astaxie/beego/session 1 github.com/sylabs/sif/v2 1 github.com/gen2brain/go-unarr 1 github.com/gagliardetto/binary 1 github.com/grafana/grafana 1 github.com/whyrusleeping/tar-utils 1 github.com/cloudfoundry/archiver 1 github.com/jessfraz/pastebinit 1 github.com/goadesign/goa 1 code.cloudfoundry.org/archiver 1 goa.design/goa/v3 1 goa.design/goa 1 github.com/unknwon/cae/tz 1 github.com/jaegertracing/jaeger/pkg/kafka/auth 1 github.com/concourse/concourse/skymarshal/skyserver 1 go.etcd.io/etcd/v3/etcdserver 1 github.com/ethereum/go-ethereum/eth 1 pybluemonday 1 github.com/graph-gophers/graphql-go 1 github.com/gravitational/teleport 1 github.com/hyperledger/fabric/orderer/common/cluster 1 github.com/v2fly/v2ray-core 1 github.com/v2fly/v2ray-core/v4 1 github.com/authzed/spicedb 1 github.com/docker/docker-ce 1 github.com/edgexfoundry/app-functions-sdk-go 1 github.com/opencontainers/distribution-spec 1 github.com/schollz/rwtxt 1 github.com/edgexfoundry/app-service-configurable 1 github.com/btcsuite/btcd 1 github.com/grafana/agent 1 github.com/stripe/stripe-cli 1 github.com/argoproj/argo-cd/util/session 1 github.com/authelia/authelia/v4 1 github.com/sourcegraph/sourcegraph/cmd/frontend/auth 1 github.com/cloudflare/golz4 1 github.com/openshift/osin 1 github.com/clastix/capsule 1 github.com/argoproj/argo 1 github.com/sassoftware/go-rpmutils/cpio 1 go.etcd.io/etcd 1 github.com/tharsis/ethermint 1 github.com/quay/claircore 1 github.com/projectdiscovery/interactsh 1 github.com/navidrome/navidrome 1 github.com/ipld/go-ipld-prime/codec/json 1 github.com/kyverno/kyverno 1 https://pkg.go.dev/github.com/cloudwego/hertz 1 github.com/google/go-attestation 1 github.com/containernetworking/plugins/pkg/ip 1 github.com/pomerium/pomerium/proxy 1 github.com/github/gh-ost 1 github.com/nats-io/jwt/v2 1 github.com/prometheus/client_golang/prometheus/promhttp 1 github.com/benc-uk/kubeview 1 github.com/artdarek/go-unzip 1 github.com/beego/beego/v2/nuget 1 github.com/coredns/coredns 1 mellium.im/xmpp/websocket 1 github.com/kongchuanhujiao/server 1 github.com/grafana/loki 1 github.com/deislabs/oras 1 github.com/drakkan/sftpgo/v2 1 github.com/ThomasLeister/prosody-filer 1 github.com/yi-ge/unzip 1 github.com/aws/aws-sdk-go 1 github.com/AndrewBurian/powermux 1 github.com/ethereum/go-ethereum/les 1 github.com/IceWhaleTech/CasaOS 1 https://pkg.go.dev/github.com/mattermost/mattermost-server/v6 1 go.pinniped.dev 1 github.com/hpcng/singularity 1 github.com/keep-network/keep-ecdsa 1 github.com/bytebase/bytebase 1 github.com/valyala/fasthttp 1 mellium.im/sasl 1 github.com/justinas/nosurf 1 tailscale/tailscale.com/cmd 1 github.com/containerd/imgcrypt 1