Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
go Security Advisories
Loading...
High
Ecosystems: go
Packages: github.com/brokercap/Bifrost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1wNmZoLXhjNnItZzVod84AAvFp
Brokercap Bifrost subject to authentication bypass when using HTTP basic authenticationEcosystems: go
Packages: github.com/brokercap/Bifrost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/containers/podman
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1yaDVmLTJ3NnItcTd2as4AAhfW
Podman Path Traversal Vulnerability leads to arbitrary file read/writeEcosystems: go
Packages: github.com/containers/podman
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: almost 2 years ago
High
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 months ago
GSA_kwCzR0hTQS02OG1qLTlwanEtbWM4Nc4AA6Gk
Intermittent HTTP policy bypassEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 months ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
GSA_kwCzR0hTQS05NmdxLTZjaDUtbW01NM4AA1nF
usememos/memos vulnerable to improper input validationEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 2 years ago
GSA_kwCzR0hTQS12cmNjLWc2dmotbWg1d800DQ
Denial of service in go-ethereumEcosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us
Cosmos packet-forward-middleware vulnerable to chain-haltEcosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
Ecosystems: go
Packages: k8s.io/apiextensions-apiserver
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1mcDM3LWM5MnEtNHB3cc4AAh7F
Kubernetes kube-apiserver unauthorized accessEcosystems: go
Packages: k8s.io/apiextensions-apiserver
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: almost 2 years ago
High
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 20 days ago
GSA_kwCzR0hTQS05ZjhjLXBmdnYtcDRnbc4AA7Sm
Buffer Overflow in giteaEcosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 20 days ago
High
Ecosystems: go
Packages: github.com/apache/servicecomb-service-center
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2anYtNXZmZy1nbTd4
Path traversal in ServiceCenterEcosystems: go
Packages: github.com/apache/servicecomb-service-center
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 2 years ago
High
Ecosystems: go
Packages: github.com/docker/distribution
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: about 1 year ago
GSA_kwCzR0hTQS1ocXh3LWY4bXgtY3Btd84AAzSg
distribution catalog API endpoint can lead to OOM via malicious user inputEcosystems: go
Packages: github.com/docker/distribution
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: about 1 year ago
High
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 1 year ago
GSA_kwCzR0hTQS04OXFtLXdjbXctM21nZ84AAw0u
Gitops Run insecure communicationEcosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 2 years ago
GSA_kwCzR0hTQS02M3F4LXg3NGctamNyN80oiQ
Path traversal and dereference of symlinks in Argo CDEcosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 2 years ago
High
Ecosystems: go
Packages: github.com/notaryproject/notation-go
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
GSA_kwCzR0hTQS14aGc1LTQycmYtMjk2cs4AAzr4
notation-go's verification bypass can cause users to verify the wrong artifactEcosystems: go
Packages: github.com/notaryproject/notation-go
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
High
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS1mcjJnLTloam0td3IyM84AA2kD
NATS.io: Adding accounts for just the system account adds auth bypassEcosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS01bXhoLTJxZnYtNGc3as0XIA
NUL character in ROA causes OctoRPKI to crashEcosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS01cjV3LWg3NnAtbTcyNs0ftQ
Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov MaddyEcosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 3 months ago
GSA_kwCzR0hTQS14Zmo3LXFmOHctMmdjcs4AA5Kp
Rancher 'Audit Log' leaks sensitive informationEcosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 3 months ago
High
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2aDUtcjRxdy12M3Z2
Improper Resource Shutdown or Release in HashiCorp VaultEcosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: over 2 years ago
GSA_kwCzR0hTQS1tdmZmLWgzY2otd2o5Y80g4w
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinuxEcosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: over 2 years ago
High
Ecosystems: go
Packages: github.com/free5gc/free5gc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS02OTQ0LTZwbXYtNm1wMs4AA3M9
free5gc Buffer Overflow vulnerabilityEcosystems: go
Packages: github.com/free5gc/free5gc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/square/go-jose
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmeDQtN2Y2OS01bW1n
Integer Overflow in go-joseEcosystems: go
Packages: github.com/square/go-jose
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: almost 2 years ago
GSA_kwCzR0hTQS0ybTdoLTg2cXEtZnA0ds4AAs5Y
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC paramsEcosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: almost 2 years ago
High
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 7 months ago
GSA_kwCzR0hTQS1tNDI1LW1xOTQtMjU3Z84AA2sQ
gRPC-Go HTTP/2 Rapid Reset vulnerabilityEcosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2OTUtdjhjOC0zcmg2
Privilege escalation in rbacEcosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
Ecosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 2 years ago
GSA_kwCzR0hTQS12YzdoLWNtcDMtNGh3Nc4AAq_2
Istio vulnerable to denial of serviceEcosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 2 years ago
High
Ecosystems: go
Packages: github.com/albertito/chasquid
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS1nNHgzLW1mcGotZjMzNc4AA4mp
chasquid HTTP Request/Response Smuggling vulnerabilityEcosystems: go
Packages: github.com/albertito/chasquid
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
Ecosystems: go
Packages: github.com/deislabs/oras
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1djQtNXgzOS12d2h4
Zip slip directory exploit in github.com/deislabs/orasEcosystems: go
Packages: github.com/deislabs/oras
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS00cmdjLTVnNnItMnJqZs4AA3q-
lakeFS logs S3 credentials in plain textEcosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
Ecosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: about 2 years ago
GSA_kwCzR0hTQS04NTZxLXh2M2MtN2YyZs0uLQ
Unauthenticated control plane denial of service attack in IstioEcosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/kumahq/kuma
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 7 months ago
GSA_kwCzR0hTQS05d21jLXJnNGgtMjh3ds4AA2gR
github.com/kumahq/kuma affected by CVE-2023-44487Ecosystems: go
Packages: github.com/kumahq/kuma
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 2 years ago
GSA_kwCzR0hTQS1wODN2LTh2bXItcWZ2Oc4AAUVh
Sylabs Singularity Improper Input ValidationEcosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 2 years ago
High
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 3 months ago
GSA_kwCzR0hTQS0yeGhxLWd2NmMtcDIyNM4AA49C
Etcd Gateway can include itself as an endpoint resulting in resource exhaustionEcosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 3 months ago
High
Ecosystems: go
Packages: github.com/siderolabs/talos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1nNXA2LTMyN20tM2Z4eM4AA5Bp
Talos Linux ships runc vulnerable to the escape to the host attackEcosystems: go
Packages: github.com/siderolabs/talos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: maven, pypi, go, packagist, nuget
Packages: com.google.protobuf:protobuf-java, protobuf, github.com/protocolbuffers/protobuf, google/protobuf, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 111.3
Published: over 2 years ago
GSA_kwCzR0hTQS03N3JtLTl4OWgteGozZ80mxQ
NULL Pointer Dereference in Protocol BuffersEcosystems: maven, pypi, go, packagist, nuget
Packages: com.google.protobuf:protobuf-java, protobuf, github.com/protocolbuffers/protobuf, google/protobuf, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 111.3
Published: over 2 years ago
High
Ecosystems: go
Packages: github.com/hakobe/paranoidhttp
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
GSA_kwCzR0hTQS12OW1wLWo4ZzctMnE2bc4AAxPu
Paranoidhttp Server-Side Request Forgery vulnerabilityEcosystems: go
Packages: github.com/hakobe/paranoidhttp
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
Ecosystems: pypi, go
Packages: apache-age-python, github.com/apache/age/drivers/golang
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS02cDVxLWg5NjMtcHd3Zs4AAxa7
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injectionEcosystems: pypi, go
Packages: apache-age-python, github.com/apache/age/drivers/golang
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcycXgtNmdody02N2ht
Denial of Service in GiteaEcosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/hashicorp/boundary
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
GSA_kwCzR0hTQS12aDczLXEzcnctcXg3d84AA5En
Boundary vulnerable to session hijacking through TLS certificate tamperingEcosystems: go
Packages: github.com/hashicorp/boundary
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
High
Ecosystems: go
Packages: github.com/open-policy-agent/opa
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 1 year ago
GSA_kwCzR0hTQS1mNTI0LXJmMzMtMmpqcs4AAu1k
OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functionsEcosystems: go
Packages: github.com/open-policy-agent/opa
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 1 year ago
High
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4cTgtOTNjdi12Nmg4
Lookup function information discolosure in helmEcosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/binance-chain/tss-lib
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5OWgtY212cC1xZ3g1
Incorrect Default Permissions in Binance tss-libEcosystems: go
Packages: github.com/binance-chain/tss-lib
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3cHYtcTU1ci0yMjJn
Path traversal in github.com/ipfs/go-ipfsEcosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxZ3AtcDVqYy13MnJt
Arbitrary Code Execution in DockerEcosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: about 2 years ago
High
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago
GSA_kwCzR0hTQS00Mzc0LXA2NjctcDZjOM4AA2ZJ
HTTP/2 rapid reset can cause excessive work in net/httpEcosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 8 months ago
GSA_kwCzR0hTQS1tOXhxLTZoMmotNjVyMs4AA2Ar
Markdown vulnerable to Out-of-bounds Read while parsing citationsEcosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/gopistolet/gopistolet
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
GSA_kwCzR0hTQS13cjhoLXc5NjktMzZtOM4AAxwt
GoPistolet vulnerable to Improper Resource Shutdown or ReleaseEcosystems: go
Packages: github.com/gopistolet/gopistolet
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
High
Ecosystems: go
Packages: github.com/free5gc/amf
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 5 months ago
GSA_kwCzR0hTQS1qY3JyLXJyNnctOGM4M84AA3_v
free5GC AMF denial of service vulnerabilityEcosystems: go
Packages: github.com/free5gc/amf
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 5 months ago
High
Ecosystems: go
Packages: github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 2 years ago
GSA_kwCzR0hTQS13cDd3LXZ4ODYtdmo5aM4AARQ2
Podman Elevated Container PrivilegesEcosystems: go
Packages: github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS1qM3JxLTR4ancteGc2M84AA3hy
Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacksEcosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
Ecosystems: go
Packages: github.com/weaveworks/tf-controller
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS02aHZ2LWo0MzItMjNjds4AA0t6
Weave GitOps Terraform Controller Information Disclosure VulnerabilityEcosystems: go
Packages: github.com/weaveworks/tf-controller
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3cHgtNmh3ai1ocGpn
Open Redirect in OAuth2 ProxyEcosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: almost 2 years ago
GSA_kwCzR0hTQS1mY20yLTZjM2gtcGc2as4AArZe
Node DOS by way of memory exhaustion through ExecSync request in CRI-OEcosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: almost 2 years ago
High
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: over 1 year ago
GSA_kwCzR0hTQS0zZm0zLW0yM3YtNXI0Ns4AAwoV
Tendermint Client package vulnerable to Uncontrolled Resource ConsumptionEcosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/libp2p/go-libp2p
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: over 1 year ago
GSA_kwCzR0hTQS1qN3FwLW1meGYtOHhqd84AAwM3
libp2p DoS vulnerability from lack of resource managementEcosystems: go
Packages: github.com/libp2p/go-libp2p
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/justinas/nosurf
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 1 year ago
GSA_kwCzR0hTQS01eDg0LXE1MjMtdnZ3cs4AAwoU
nosurf vulnerable to improper input validationEcosystems: go
Packages: github.com/justinas/nosurf
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/brokercap/Bifrost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1teHJ4LWZnOHAtNXA1as4AAvaq
Bifrost vulnerable to authentication check flaw that leads to authentication bypassEcosystems: go
Packages: github.com/brokercap/Bifrost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/u-root/u-root
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1cWYtd2dmai12NjUy
github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)Ecosystems: go
Packages: github.com/u-root/u-root
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 10 months ago
GSA_kwCzR0hTQS1wajR4LTJ4cjUtdzg3bc4AA08J
Possible image tampering from missing image validation for PackagesEcosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 10 months ago
High
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 3 months ago
GSA_kwCzR0hTQS1yNTNoLWp2MmctdnB4Ns4AA5dg
Helm's Missing YAML Content Leads To PanicEcosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 3 months ago
High
Ecosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace, go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron, go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho, go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 7 months ago
GSA_kwCzR0hTQS1yY2p2LW1ncDgtcXZtcs4AA2eX
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metricsEcosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace, go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron, go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho, go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzeG0tcHZnNy1naDdy
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfsEcosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 3 years ago
High
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
GSA_kwCzR0hTQS0zOXFjLTk2aDctOTU2Zs4AAhsE
golang.org/x/net/http vulnerable to a reset floodEcosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
High
Ecosystems: go
Packages: github.com/go-vela/sdk-go
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 2 months ago
GSA_kwCzR0hTQS12OG14LWhwMnEtZ3c4Nc4AA6CR
Golang SDK for Vela Insecure Variable SubstitutionEcosystems: go
Packages: github.com/go-vela/sdk-go
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 2 months ago
High
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 2 years ago
GSA_kwCzR0hTQS13M3g0LTk4NTQtOTV4OM3o2A
Rancher Access Control VulnerabilityEcosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 years ago
GSA_kwCzR0hTQS02eDJtLXc0NDktcXd4N80y7g
Code Injection in CRI-OEcosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/go-vela/compiler
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2MmgtZ2Y4bS1yNjhq
Exposure of server configuration in github.com/go-vela/serverEcosystems: go
Packages: github.com/go-vela/compiler
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/go-macaron/csrf
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 1 year ago
GSA_kwCzR0hTQS1oaHhnLXB4NWgtamMzMs4AAwqY
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attributeEcosystems: go
Packages: github.com/go-macaron/csrf
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 1 year ago
High
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 2 years ago
GSA_kwCzR0hTQS1wNWY5LWM5ajktZzhxeM4AAX7W
Shell command injection in giteaEcosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 2 years ago
High
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 7 months ago
GSA_kwCzR0hTQS1tdjczLWY2OXgtNDQ0cM4AA2gQ
Go Fiber CSRF Token Validation VulnerabilityEcosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5dnctd3I1Ny14anYz
Information Exposure in HeketiEcosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 11 months ago
GSA_kwCzR0hTQS04dmhjLWh3aGMtY3BqNM4AAzpO
Rancher users retain access after moving namespaces into projects they don't have access toEcosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 11 months ago
High
Ecosystems: go
Packages: goa.design/goa/v3, goa.design/goa, github.com/goadesign/goa
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: over 1 year ago
GSA_kwCzR0hTQS1mamdxLTIyNGYtZnEzN84AAwoc
Goa vulnerable to path traversalEcosystems: go
Packages: goa.design/goa/v3, goa.design/goa, github.com/goadesign/goa
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/bytom/bytom
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjM3gtZ3g2Yy1nOTlm
Denial of Service in BytomEcosystems: go
Packages: github.com/bytom/bytom
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 2 years ago
High
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 2 years ago
GSA_kwCzR0hTQS1nN3A3LXg2dzctdzZxZ83dKg
Arbitrary file deletion in giteaEcosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/syncthing/syncthing
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: about 2 years ago
GSA_kwCzR0hTQS0yOHhwLWc3ZjYtN21oZs4AAXir
Syncthing vulnerable to symlink traversal and arbitrary file overwriteEcosystems: go
Packages: github.com/syncthing/syncthing
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 1 year ago
GSA_kwCzR0hTQS1xajZyLWZocmMtamo1cs4AAvUB
Remote denial of service in Hyperledger Fabric GatewayEcosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 2 years ago
GSA_kwCzR0hTQS1wNWdjLTk1N3gtZ2Z3Oc4AAWV1
Go Ethereum LES protocol implementation vulnerable to Denial of ServiceEcosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtcXItMnYzcS12Mndt
Ory fosite contains Improper Handling of Exceptional ConditionsEcosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1yMmg1LTNoZ3ctOGozNM4AAxt2
User data in TPM attestation vulnerable to MITMEcosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
Ecosystems: go
Packages: github.com/dablelv/go-huge-util
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
GSA_kwCzR0hTQS01ZzM5LXBwd2ctNnh4OM4AAyJ9
Go-huge-util vulnerable to path traversal when unzipping filesEcosystems: go
Packages: github.com/dablelv/go-huge-util
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
High
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS1oaDU0LTUzbTctN2Zmas4AAzuZ
alist Incorrect Access Control vulnerabilityEcosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS13NTd2LTZ4cDQtcm0yds4AAwkT
usememos/memos vulnerable to account takeover due to improper access controlEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS1mNnhwLTU5anEtcjM1Y84AAyiT
Phachon mm-wiki Cross Site Request Forgery vulnerabilityEcosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTableEcosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/lxc/lxd
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: almost 2 years ago
GSA_kwCzR0hTQS04bXBxLWZtcjMtNmp4ds4AAgfq
LXD vulnerable to Race ConditionEcosystems: go
Packages: github.com/lxc/lxd
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: almost 2 years ago
High
Ecosystems: go
Packages: gogs.io/gogs, code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 2 years ago
GSA_kwCzR0hTQS1mZzN4LXJ3cTktNzRjd84AAVV9
Gogs and Gitea SSRF VulnerabilityEcosystems: go
Packages: gogs.io/gogs, code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: about 2 years ago
GSA_kwCzR0hTQS1xNmg3LTRxZ3ctMmo5cM09kw
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vectorEcosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
GSA_kwCzR0hTQS1nOGZjLXZyY2ctOHZqZ84AA7BP
Constallation has pods exposed to peers in VPCEcosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
High
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS1tMzU4LWc0cnAtNTMzcs0n5A
SQL Injection in CasdoorEcosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 7 months ago
GSA_kwCzR0hTQS03ZnhtLWY0NzQtaGY4d84AA209
Kubernetes privilege escalation vulnerabilityEcosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/gogo/protobuf
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: about 2 years ago
GSA_kwCzR0hTQS1jM2g5LTg5NnItODZqbc02IA
Improper Input Validation in GoGo ProtobufEcosystems: go
Packages: github.com/gogo/protobuf
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/go-vela/server
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 2 months ago
GSA_kwCzR0hTQS02OXA0LWo1djUteDIzNM4AA6CQ
Server/API for Vela Insecure Variable SubstitutionEcosystems: go
Packages: github.com/go-vela/server
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 2 months ago
High
Ecosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS0zamhtLTg3bTYteDk1Oc4AAs_O
Path traversal mitigation bypass in OctoRPKIEcosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: over 1 year ago
GSA_kwCzR0hTQS1meGc1LXdxNngtdnI0d84AAw-p
golang.org/x/net/http2/h2c vulnerable to request smuggling attackEcosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2OWMtdzc0cS02NzYy
Insecure permissions on build temporary rootfs in SingularityEcosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/ory/oathkeeper
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmdmYtNmd4NS1tcXY2
Incorrect Authorization in ORY OathkeeperEcosystems: go
Packages: github.com/ory/oathkeeper
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/theupdateframework/go-tuf
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: almost 2 years ago
GSA_kwCzR0hTQS02NngzLTZjdzMtdjVnas4AAqwc
Improper Validation of Integrity Check Value in go-tufEcosystems: go
Packages: github.com/theupdateframework/go-tuf
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: almost 2 years ago
High
Ecosystems: go
Packages: github.com/ory/oathkeeper
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cDQtcnBtci14d3Jy
Possible bypass of token claim validation when OAuth2 Introspection caching is enabledEcosystems: go
Packages: github.com/ory/oathkeeper
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/cosmos/ethermint
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzcDUtOGZxdy13angz
Authentication bypass by capture-replay in github.com/cosmos/ethermintEcosystems: go
Packages: github.com/cosmos/ethermint
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: about 1 year ago
GSA_kwCzR0hTQS12cHZtLTN3cTItMnd2bc4AAx7I
Opencontainers runc Incorrect Authorization vulnerabilityEcosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: about 1 year ago
Statistics
Advisories: 18,459
Packages: 8,320
Repositories: 540
Ecosystems: 12
Packages: 8,320
Repositories: 540
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
github.com/usememos/memos
59
github.com/mattermost/mattermost/server/v8
38
github.com/mattermost/mattermost-server/v6
37
github.com/answerdev/answer
34
k8s.io/kubernetes
32
github.com/argoproj/argo-cd
29
github.com/grafana/grafana
28
github.com/rancher/rancher
28
github.com/hashicorp/vault
28
github.com/hashicorp/consul
26
github.com/hashicorp/nomad
26
gogs.io/gogs
24
github.com/argoproj/argo-cd/v2
23
github.com/cilium/cilium
20
github.com/ethereum/go-ethereum
20
github.com/docker/docker
19
code.gitea.io/gitea
19
helm.sh/helm/v3
18
golang.org/x/net
17
github.com/goharbor/harbor
15
github.com/containerd/containerd
13
github.com/traefik/traefik/v2
13
github.com/nats-io/nats-server/v2
13
github.com/mattermost/mattermost-server
13
github.com/go-gitea/gitea
12
github.com/opencontainers/runc
12
github.com/moby/moby
12
github.com/zitadel/zitadel
11
github.com/openfga/openfga
11
github.com/cloudflare/cfrpki
11
github.com/1Panel-dev/1Panel
11
github.com/greenpau/caddy-security
10
github.com/sylabs/singularity
9
github.com/cosmos/cosmos-sdk
9
golang.org/x/crypto
9
github.com/cri-o/cri-o
9
github.com/kubernetes/kubernetes
9
go.etcd.io/etcd
8
github.com/kubeedge/kubeedge
8
github.com/pterodactyl/wings
8
github.com/pomerium/pomerium
8
istio.io/istio
8
github.com/containers/podman/v4
8
github.com/traefik/traefik
7
github.com/hashicorp/go-getter
7
github.com/beego/beego
7
helm.sh/helm
7
github.com/nats-io/jwt
7
github.com/google/fscrypt
7
k8s.io/ingress-nginx
7
github.com/beego/beego/v2
6
github.com/russellhaering/goxmldsig
6
github.com/apache/trafficcontrol
6
github.com/sigstore/cosign
6
github.com/gravitl/netmaker
6
github.com/treeverse/lakefs
6
github.com/authzed/spicedb
6
github.com/pion/dtls
6
github.com/cubefs/cubefs
6
github.com/russellhaering/gosaml2
6
github.com/fluxcd/flux2
6
github.com/hyperledger/fabric
6
kubevirt.io/kubevirt
6
github.com/apache/incubator-answer
5
github.com/KubeOperator/kubepi
5
github.com/fluxcd/kustomize-controller
5
github.com/foxcpp/maddy
5
github.com/gophish/gophish
5
github.com/0xJacky/Nginx-UI
5
github.com/gofiber/fiber/v2
5
github.com/containers/buildah
5
github.com/mattermost/mattermost-server/v5
5
github.com/hashicorp/go-getter/v2
5
github.com/IBAX-io/go-ibax
5
github.com/traefik/traefik/v3
5
github.com/cometbft/cometbft
5
github.com/kiali/kiali
5
github.com/tendermint/tendermint
5
github.com/moby/buildkit
5
github.com/kyverno/kyverno
5
github.com/ipfs/go-ipfs
5
github.com/schollz/croc/v9
5
go.etcd.io/etcd/v3
5
github.com/pion/dtls/v2
5
github.com/open-policy-agent/opa
4
github.com/gin-gonic/gin
4
github.com/crewjam/saml
4
github.com/arduino/arduino-create-agent
4
github.com/alist-org/alist/v3
4
github.com/hashicorp/go-getter/s3/v2
4
github.com/argoproj/argo-workflows/v3
4
github.com/stacklok/minder
4
github.com/oauth2-proxy/oauth2-proxy
4
github.com/aws/aws-sdk-go
4
github.com/hashicorp/go-getter/gcs/v2
4
github.com/dhowden/tag
4
github.com/casdoor/casdoor
4
golang.org/x/net/http2
4
github.com/git-lfs/git-lfs
4
github.com/concourse/concourse
4
github.com/tidwall/gjson
4
github.com/coredns/coredns
4
github.com/lestrrat-go/jwx
4
github.com/IceWhaleTech/CasaOS-UserService
4
github.com/lestrrat-go/jwx/v2
4
github.com/containers/podman/v3
4
github.com/ory/fosite
4
github.com/free5gc/free5gc
4
github.com/dexidp/dex
4
github.com/edgelesssys/constellation/v2
3
github.com/miekg/dns
3
github.com/tiagorlampert/CHAOS
3
golang.org/x/image
3
gopkg.in/yaml.v2
3
github.com/hashicorp/boundary
3
github.com/caddyserver/caddy
3
k8s.io/client-go
3
vitess.io/vitess
3
github.com/mholt/archiver
3
github.com/owncast/owncast
3
github.com/jackc/pgx/v4
3
github.com/go-vela/server
3
github.com/cortexproject/cortex
3
github.com/cheqd/cheqd-node
3
github.com/libp2p/go-libp2p
3
go.etcd.io/etcd/client/v3
3
golang.org/x/text
3
github.com/phachon/mm-wiki
3
github.com/tharsis/evmos
3
github.com/nats-io/jwt/v2
3
github.com/navidrome/navidrome
3
github.com/sigstore/cosign/v2
3
github.com/crypto-org-chain/cronos
3
github.com/heketi/heketi
3
github.com/minio/minio
3
github.com/consensys/gnark
3
github.com/projectcalico/calico
3
github.com/notaryproject/notation
3
github.com/fluxcd/helm-controller
3
github.com/quic-go/quic-go
3
github.com/hashicorp/vault/vault
3
github.com/apache/servicecomb-service-center
3
github.com/docker/distribution
3
github.com/syncthing/syncthing
3
github.com/dutchcoders/transfer.sh
3
github.com/crossplane/crossplane
3
github.com/authelia/authelia/v4
3
github.com/openshift/origin
3
github.com/lightningnetwork/lnd
3
github.com/ory/oathkeeper
3
github.com/square/go-jose
3
github.com/weaveworks/weave-gitops
3
github.com/flyteorg/flyteadmin
3
github.com/artifacthub/hub
3
github.com/ElrondNetwork/elrond-go
3
github.com/notaryproject/notation-go
2
github.com/pingcap/tidb
2
github.com/gohugoio/hugo
2
github.com/hpcng/singularity
2
github.com/woodpecker-ci/woodpecker
2
github.com/containers/podman
2
github.com/google/exposure-notifications-verification-server
2
github.com/minio/console
2
github.com/sigstore/rekor
2
github.com/gphper/ginadmin
2
github.com/go-skynet/LocalAI
2
github.com/nats-io/nats-server
2
github.com/labstack/echo/v4
2
github.com/argoproj/argo-events
2
github.com/ipld/go-codec-dagpb
2
mellium.im/xmpp
2
github.com/Masterminds/goutils
2
github.com/stripe/smokescreen
2
github.com/clastix/capsule-proxy
2
github.com/etcd-io/etcd
2
github.com/spiffe/spire
2
tailscale.com
2
github.com/go-vela/worker
2
github.com/projectcapsule/capsule-proxy
2
github.com/zalando/skipper
2
github.com/jackc/pgx
2
github.com/jackc/pgproto3
2
github.com/theupdateframework/go-tuf
2
github.com/sajari/docconv
2
code.sajari.com/docconv
2
github.com/go-jose/go-jose/v3
2
github.com/jaegertracing/jaeger
2
github.com/dvsekhvalnov/jose2go
2
github.com/edgelesssys/marblerun
2
github.com/brokercap/Bifrost
2
github.com/edgexfoundry/app-functions-sdk-go/v2
2
github.com/prometheus/prometheus
2
github.com/flynn/noise
2
github.com/talos-systems/talos
2
github.com/multiversx/mx-chain-go
2
github.com/cosmos/ethermint
2
github.com/elastic/beats
2
github.com/apptainer/apptainer
2
github.com/ulikunitz/xz
2
github.com/IceWhaleTech/CasaOS
2
Filter by Repository
https://github.com/usememos/memos
59
https://github.com/kubernetes/kubernetes
48
https://github.com/argoproj/argo-cd
37
https://github.com/answerdev/answer
34
https://github.com/go-gitea/gitea
31
https://github.com/rancher/rancher
25
https://github.com/grafana/grafana
21
https://github.com/cilium/cilium
20
https://github.com/gogs/gogs
20
https://github.com/hashicorp/consul
19
https://github.com/helm/helm
19
https://github.com/hashicorp/vault
16
https://github.com/etcd-io/etcd
16
https://github.com/ethereum/go-ethereum
16
https://github.com/goharbor/harbor
15
https://github.com/mattermost/mattermost
14
https://github.com/moby/moby
14
https://github.com/traefik/traefik
13
https://github.com/hashicorp/nomad
13
https://github.com/containerd/containerd
13
https://github.com/golang/go
13
https://github.com/opencontainers/runc
11
https://github.com/openfga/openfga
11
https://github.com/zitadel/zitadel
11
https://github.com/containers/podman
11
https://github.com/1Panel-dev/1Panel
11
https://github.com/cloudflare/cfrpki
11
https://github.com/nats-io/nats-server
10
https://github.com/greenpau/caddy-security
10
https://github.com/cri-o/cri-o
9
https://github.com/cosmos/cosmos-sdk
9
https://github.com/istio/istio
8
https://github.com/kubeedge/kubeedge
8
https://github.com/pterodactyl/wings
8
https://github.com/pomerium/pomerium
8
https://github.com/docker/docker
8
https://github.com/kubernetes/ingress-nginx
7
https://github.com/beego/beego
7
https://github.com/hashicorp/go-getter
7
https://github.com/google/fscrypt
7
https://github.com/hpcng/singularity
7
https://github.com/schollz/croc
6
https://github.com/sigstore/cosign
6
https://github.com/pion/dtls
6
https://github.com/moby/buildkit
6
https://github.com/hyperledger/fabric
6
https://github.com/treeverse/lakeFS
6
https://github.com/gravitl/netmaker
6
https://github.com/authzed/spicedb
6
https://github.com/containers/buildah
6
https://github.com/fluxcd/flux2
6
https://github.com/cubefs/cubefs
6
https://github.com/0xJacky/nginx-ui
5
https://github.com/argoproj/argo-workflows
5
https://github.com/russellhaering/gosaml2
5
https://github.com/cometbft/cometbft
5
https://github.com/crewjam/saml
5
https://github.com/foxcpp/maddy
5
https://github.com/free5gc/free5gc
5
https://github.com/gofiber/fiber
5
https://github.com/gophish/gophish
5
https://github.com/kyverno/kyverno
5
https://github.com/IBAX-io/go-ibax
5
https://github.com/ipfs/go-ipfs
5
https://github.com/tendermint/tendermint
5
https://github.com/containous/traefik
4
https://github.com/ory/fosite
4
https://github.com/grafana/bugbounty
4
https://github.com/concourse/concourse
4
https://github.com/open-policy-agent/opa
4
https://github.com/tidwall/gjson
4
https://github.com/stacklok/minder
4
https://github.com/casdoor/casdoor
4
https://github.com/IceWhaleTech/CasaOS-UserService
4
https://github.com/oauth2-proxy/oauth2-proxy
4
https://github.com/git-lfs/git-lfs
4
https://github.com/siderolabs/talos
4
https://github.com/gin-gonic/gin
4
https://github.com/aws/aws-sdk-go
4
https://github.com/dexidp/dex
4
https://github.com/dhowden/tag
4
https://github.com/kubevirt/kubevirt
4
https://github.com/nats-io/jwt
4
https://github.com/arduino/arduino-create-agent
4
https://github.com/lestrrat-go/jwx
4
https://github.com/edgelesssys/constellation
3
https://github.com/open-telemetry/opentelemetry-go-contrib
3
https://github.com/ElrondNetwork/elrond-go
3
https://github.com/ory/oathkeeper
3
https://github.com/evmos/evmos
3
https://github.com/flipped-aurora/gin-vue-admin
3
https://github.com/flyteorg/flyteadmin
3
https://github.com/u-root/u-root
3
https://github.com/phachon/mm-wiki
3
https://github.com/vitessio/vitess
3
https://github.com/gogits/gogs
3
https://github.com/go-vela/server
3
https://github.com/openshift/origin
3
https://github.com/go-yaml/yaml
3
https://github.com/tiagorlampert/CHAOS
3
https://github.com/heketi/heketi
3
https://github.com/ipfs/boxo
3
https://github.com/kiali/kiali
3
https://github.com/KubeOperator/KubePi
3
https://github.com/tailscale/tailscale
3
https://github.com/navidrome/navidrome
3
https://github.com/kubernetes-sigs/secrets-store-csi-driver
3
https://github.com/syncthing/syncthing
3
https://github.com/libp2p/go-libp2p
3
https://github.com/sylabs/singularity
3
https://github.com/moby/libnetwork
3
https://github.com/square/go-jose
3
https://github.com/alist-org/alist
3
https://github.com/apache/trafficcontrol
3
https://github.com/artifacthub/hub
3
https://github.com/authelia/authelia
3
https://github.com/caddyserver/caddy
3
https://github.com/cheqd/cheqd-node
3
https://github.com/Consensys/gnark
3
https://github.com/coredns/coredns
3
https://github.com/cortexproject/cortex
3
https://github.com/weaveworks/weave-gitops
3
https://github.com/crossplane/crossplane
3
https://github.com/quic-go/quic-go
3
https://github.com/minio/minio
3
https://github.com/dutchcoders/transfer.sh
3
https://github.com/zalando/skipper
2
https://github.com/argoproj/argo-events
2
https://github.com/ecnepsnai/web
2
https://github.com/atredispartners/advisories
2
https://github.com/envoyproxy/envoy
2
https://github.com/bitly/oauth2_proxy
2
https://github.com/temporalio/temporal
2
https://github.com/kitabisa/teler-waf
2
https://github.com/kitabisa/teler
2
https://github.com/bottlerocket-os/bottlerocket
2
https://github.com/jackc/pgproto3
2
https://github.com/ipld/go-codec-dagpb
2
https://github.com/brokercap/Bifrost
2
https://github.com/buger/jsonparser
2
https://github.com/bytebase/bytebase
2
https://github.com/influxdata/influxdb
2
https://github.com/apptainer/apptainer
2
https://github.com/labring/sealos
2
https://github.com/labstack/echo
2
https://github.com/elastic/beats
2
https://github.com/edgelesssys/marblerun
2
https://github.com/lightningnetwork/lnd
2
https://github.com/Masterminds/goutils
2
https://github.com/1Panel-dev/KubePi
2
https://github.com/mattermost/mattermost-plugin-jira
2
https://github.com/mellium/xmpp
2
https://github.com/mholt/archiver
2
https://github.com/microcosm-cc/bluemonday
2
https://github.com/miekg/dns
2
https://github.com/zinclabs/zinc
2
https://github.com/distribution/distribution
2
https://github.com/drakkan/sftpgo
2
https://github.com/crypto-org-chain/cronos
2
https://github.com/go-git/go-git
2
https://github.com/flynn/noise
2
https://github.com/fluid-cloudnative/fluid
2
https://github.com/cosmos/ethermint
2
https://github.com/gohugoio/hugo
2
https://github.com/go-jose/go-jose
2
https://github.com/golang/crypto
2
https://github.com/unknwon/cae
2
https://github.com/google/exposure-notifications-verification-server
2
https://github.com/ulikunitz/xz
2
https://github.com/coreos/etcd
2
https://github.com/fleetdm/fleet
2
https://github.com/gotify/server
2
https://github.com/woodpecker-ci/woodpecker
2
https://github.com/containers/libpod
2
https://github.com/Consensys/gnark-crypto
2
https://github.com/gphper/ginadmin
2
https://github.com/fkie-cad/yapscan
2
https://github.com/codenotary/immudb
2
https://github.com/cloudflare/cloudflared
2
https://github.com/cloudflare/circl
2
https://github.com/hashicorp/terraform
2
https://github.com/facebook/fbthrift
2
https://github.com/heroiclabs/nakama
2
https://github.com/theupdateframework/go-tuf
2
https://github.com/IceWhaleTech/CasaOS
2
https://github.com/dvsekhvalnov/jose2go
2
https://github.com/imgproxy/imgproxy
2
https://github.com/minio/console
2
https://github.com/stripe/smokescreen
2
https://github.com/peterzen/goresolver
2
https://github.com/pingcap/tidb
2
https://github.com/multiversx/mx-chain-go
2
https://github.com/Netflix/security-bulletins
2
https://github.com/mutagen-io/mutagen
2
https://github.com/ntbosscher/gobase
2
https://github.com/netlify/gotrue
2
https://github.com/projectdiscovery/nuclei
2
https://github.com/sigstore/rekor
2
https://github.com/rancher/wrangler
2