Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Loading...
High
GSA_kwCzR0hTQS14djU5LWdjM3ItcmY5Ms4AAtHT
Insufficient Session Expiration in Nakama
Ecosystems: go
Packages: github.com/heroiclabs/nakama
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yM2ZxLWNtbXctY3Btbc4AAg2e
Containous Traefik Exposes Password Hashes
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qeHF2LWpjdmgtN2dyNM4AAtvs
Atlantis Events vulnerable to Timing Attack
Ecosystems: go
Packages: github.com/runatlantis/atlantis
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qOXItd3dtOC03cTUy
Open Redirect in github.com/AndrewBurian/powermux
Ecosystems: go
Packages: github.com/AndrewBurian/powermux
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03ZzN2LTRnZ3IteHZqZs4AA19a
Croc may expose secret to local users
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 8 months ago
High
GSA_kwCzR0hTQS04OXFtLXdjbXctM21nZ84AAw0u
Gitops Run insecure communication
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wZnc0LXhqZ20tMjY3Y84AAuzz
Dendrite signature checks not applied to some retrieved missing events
Ecosystems: go
Packages: github.com/matrix-org/dendrite
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14djZ4LTQ1NnYtMjR4aM4AAwqM
gotify/server vulnerable to Cross-site Scripting in the application image file upload
Ecosystems: go
Packages: github.com/gotify/server
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yaDVmLTJ3NnItcTd2as4AAhfW
Podman Path Traversal Vulnerability leads to arbitrary file read/write
Ecosystems: go
Packages: github.com/containers/podman
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yOTY5LTc4M2YtNmpxcs4AA5Wp
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03amY1LWZ2Z2YtNDhjNs4AAxEf
Velociraptor subject to Path Traversal
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14dnJjLTJ3dmgtNDl2Y84AA3Ht
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.
Ecosystems: go
Packages: github.com/sigstore/gitsign
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNm0tcjhqYy0yZ3A3
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyZzMtOGg4eC01eGZ2
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xcTIyLWpqOHgtNHd3ds4AA7v6
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS05M3h4LWN2bWMtOXczds4AAzM4
On a compromised node, the fluid-csi service account can be used to modify node specs
Ecosystems: go
Packages: github.com/fluid-cloudnative/fluid
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13eDhxLTRnbTktcmoyZ84AA6B0
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Ecosystems: go
Packages: github.com/fluid-cloudnative/fluid
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02Y3A3LWc5NzItdzltOc0wjA
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wMnBmLWc4Y3EtM2dxNc4AAx5T
teler-waf contains detection rule bypass via Entities payload
Ecosystems: go
Packages: github.com/kitabisa/teler-waf
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05Zjk1LWhoZzQtcGc0Zs4AAx5S
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Ecosystems: go
Packages: github.com/kitabisa/teler-waf
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ3d3ItNDI2ai1mcjgy
Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer
Ecosystems: go
Packages: github.com/datacharmer/dbdeployer
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptMzQteG04bS13OTU4
Open Redirect in oauth2_proxy
Ecosystems: go
Packages: github.com/bitly/oauth2_proxy
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nY2o3LWo0MzgtaGpqMs05RQ
Smokescreen SSRF via deny list bypass
Ecosystems: go
Packages: github.com/stripe/smokescreen
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3NTktNHFnZi1qeHI4
Cache Manipulation Attack in Apache Traffic Control
Ecosystems: go
Packages: github.com/apache/trafficcontrol
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xd3JmLWdmcGotcXZqNs4AArBB
Smokescreen SSRF via deny list bypass (square brackets)
Ecosystems: go
Packages: github.com/stripe/smokescreen
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yODk0LTVyN3YtN3J4M84AAwy5
easy-scrypt Observable Timing Discrepancy vulnerability
Ecosystems: go
Packages: github.com/agnivade/easy-scrypt
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00dzUzLTZqdnAtZ2c1Ms4AA8Ez
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Ecosystems: go
Packages: github.com/tg123/sshpiper
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1ycDR2LWhobTYtcmN2Oc4AAulK
Pinniped Supervisor Insufficient Session Expiration vulnerability
Ecosystems: go
Packages: go.pinniped.dev
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNmotMjI2OC1maGNt
Improper Certificate Handling
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ndzk3LWY2aDgtZ205NM0WjQ
Email relay in Apache Traffic Control
Ecosystems: go
Packages: github.com/apache/trafficcontrol
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04ZjI1LXc3cWotcjdoY84AA6i3
Temporal UI Server cross-site scripting vulnerability
Ecosystems: go
Packages: github.com/temporalio/ui-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oZjU0LWZxMm0tcDl2Ns4AA8Eb
dotmesh arbitrary file read and/or write
Ecosystems: go
Packages: github.com/dotmesh-io/dotmesh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1xNXFqLXgyaDUtMzk0Nc4AA7eF
Zitadel exposing internal database user name and host information
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1mODNwLXBnODYtcDkyMs4AAwpB
usememos/memos has Insufficient Granularity of Access Control
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS13NTd2LTZ4cDQtcm0yds4AAwkT
usememos/memos vulnerable to account takeover due to improper access control
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tanE2LXB2OWMtcXBwcc4AA2i8
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS12d2c0LTg0NngtZjk0ds4AAwkW
usememos/memos vulnerable to improper authorization
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS05YzV3LTlxM2YtM2h2N84AA70G
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS14ZmpqLWY2OTktcmM3Oc4AA70K
tiagorlampert CHAOS vulnerable to arbitrary code execution
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Critical
GSA_kwCzR0hTQS00ajV4LWYzOTQteHg3Oc4AArAh
gitjacker arbitrary code execution
Ecosystems: go
Packages: github.com/liamg/gitjacker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03ajdqLTY2Y3YtbTIzOc4AA7UD
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1mNHc2LTNyaDYtNnE0cc4AAi3b
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
Ecosystems: go
Packages: github.com/kubernetes-csi/external-resizer, github.com/kubernetes-csi/external-snapshotter/v6, github.com/kubernetes-csi/external-provisioner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tOTc5LXc5d2otcWZqOc4AA489
HashiCorp Vault Improper Privilege Management
Ecosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1nNDdoLWZnY3ctZzRwaM4AAzi1
Algernon engine and themes vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/xyproto/algernon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05eDdoLWdnYzMteGc0N84AAzHz
imgproxy is vulnerable to Server-Side Request Forgery
Ecosystems: go
Packages: github.com/imgproxy/imgproxy/v3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nbWhqLXhqZmgtY2Y2bc4AAvAc
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
Ecosystems: go
Packages: github.com/mohammed90/caddy-ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14OXA5LXYzeDYtNjhtcc4AAwra
usememos/memos vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qY2YyLW14cjItZ21xcM4AA1gZ
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1yeDJtLXhyNHgtNTRoaM4AAwpA
usememos/memos vulnerable to Improper Authorization
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12OTJwLXBobXAteGZmcs4AAwno
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1
Apache Answer Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jbWY0LWgzeGMtanc4d84AA4-7
Grafana Cross Site Request Forgery (CSRF)
Ecosystems: go
Packages: github.com/grafana/grafana/pkg/web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05eGZ3LWpqcTItN3Y4aM4AA5Eg
1Panel set-cookie is missing the Secure keyword
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05dzh4LTVodjUtcjZnd84AAxpQ
Cross Site Scripting in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ocjlyLThwaHEtNXg4as4AA0IN
OpenFGA vulnerable to denial of service due to circular relationship
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xdzM2LXJ3NXEtZ3hjcc4AAwpI
usememos/memos Improper Authorization vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS05Y3d2LWNwcHgtbXFqbc0uMA
Improper Authentication in Capsule Proxy
Ecosystems: go
Packages: github.com/clastix/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jMnY0LThyOWctZzV4as4AAwnt
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xNmg4LTRqMnYtcGpnNM4AA5gv
Minder trusts client-provided mapping from repo name to upstream ID
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12NjI3LTY5djIteHgzN84AA5xb
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qMmdqLWczcDktN21ycs4AA1nC
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1jOTY3LTI2NTItZ2Zqbc4AA5zF
CasaOS Username Enumeration
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS13eHdxLTUyNXctaGNxeM4AAx7Y
Yapscan Denial of Service vulnerability in report server
Ecosystems: go
Packages: github.com/fkie-cad/yapscan
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01NHE0LTc0cDMtbWdjd84AAxqd
rttys SQL Injection vulnerability
Ecosystems: go
Packages: github.com/zhaojh329/rttys
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02Zng5LTI5eDItZm1mas4AAwpG
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1qNnZ2LXZ2MjYtcmg3Y84AA488
HashiCorp Vault Improper Privilege Management
Ecosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS05NmdxLTZjaDUtbW01NM4AA1nF
usememos/memos vulnerable to improper input validation
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1oZnJnLTRqd3ItamZwas4AA6Gn
Improper HTML sanitization in ZITADEL
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1ocjRmLTZqaDgtZjJ2cc4AA2i_
OpenFGA DoS vulnerability
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS00Y3g2LWZqN2otcGp4Oc0xMw
Code injection in Stripe CLI on windows
Ecosystems: go
Packages: github.com/stripe/stripe-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qcGo1LWhnMjYtNmpnY80yfw
Cross-site Scripting in Alist
Ecosystems: go
Packages: github.com/Xhofe/alist
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04dzVxLTVmcHEtdjRwbc4AAwrb
usememos/memos Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zM204LWY0aHctd20zcc4AAwne
usememos/memos Denial of Service vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ocjV3LWN3d3EtMnY0bc4AA6as
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ncDhnLWY0MmYtOTVxMs4AA6ar
ZITADEL's actions can overload reserved claims
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oY3cyLTJyOWMtZ2M2cM4AA6gM
CasaOS Username Enumeration - Bypass of CVE-2024-24766
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2MjItcjYzNi1xZnFo
SQL Injection in Couchbase Sync Gateway
Ecosystems: go
Packages: github.com/couchbase/sync_gateway
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05djQ4LTJoNXgtZnZwbc4AAwkS
usememos/memos vulnerable to improper access control
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13bXhjLXYzOXItcDl3Zs4AA6nq
Temporal Server Denial of Service
Ecosystems: go
Packages: github.com/temporalio/temporal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jNjl4LTV4bXctdjQ0eM4AA5zG
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0yaG05LWg4NzMtcGdxaM4AA2IH
OpenFGA Vulnerable to DoS from circular relationship definitions
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05eGZxLThqM3IteHA1Z84AA2Hb
Consensys gnark-crypto allows Signature Malleability
Ecosystems: go
Packages: github.com/Consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS01aGpoLWMyNm0teHc4d83X2w
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
Ecosystems: go
Packages: github.com/hoppscotch/proxyscotch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12eDc0LWY1MjgtZnhxZ84AA2Va
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset
Ecosystems: go
Packages: github.com/nghttp2/nghttp2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS01ajZwLTU5Y2otajZjcM4AA1nE
usememos/memos vulnerable to privilege escalation
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS00eDVxLXE3d2MtcTIycM4AA2i7
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS14MnZnLTV3cmYtdmo2ds4AA53Z
1Panel is vulnerable to command injection
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1qajU0LTVxMm0tcTdwas4AA8Ef
NATS server TLS missing ciphersuite settings when CLI flags used
Ecosystems: go
Packages: https://pkg.go.dev/github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1tNWpjLXI0Z2YtYzZwOM4AA2i-
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS03NWo3LXc3OTgtY3d3eM4AA2i9
Arduino Create Agent path traversal - local privilege escalation vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1obXE0LWMycjQtNXE4aM4AA2kJ
Artifact Hub arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qNTkzLWg1djMtNDV4Ns4AAwny
usememos/memos may leak user information to an authenticated user
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI
Artifact Hub allows unsafe rego built-in
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05N3JjLW1tNWotZjZyas4AAwnr
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nNnBxLXg1MzktN3c0as4AA2kH
Artifact Hub has Incorrect Docker Hub registry check
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wOTc2LWg1MmMtMjZwNs4AAzpQ
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
Ecosystems: go
Packages: rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0zNmYyLWZjcngtZnA0as4AAyJ4
Authelia allows open redirects on the logout endpoint
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jOGZqLTRwbTgtbXAyY84AAui6
Broken Authorization in ZITADEL Actions
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 547
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
github.com/usememos/memos 59 github.com/grafana/grafana 44 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 github.com/hashicorp/consul 26 github.com/hashicorp/nomad 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 github.com/docker/docker 20 github.com/ethereum/go-ethereum 20 code.gitea.io/gitea 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/containerd/containerd 14 github.com/nats-io/nats-server/v2 13 github.com/traefik/traefik/v2 13 github.com/mattermost/mattermost-server 13 github.com/opencontainers/runc 12 github.com/moby/moby 12 github.com/go-gitea/gitea 12 github.com/1Panel-dev/1Panel 11 github.com/cloudflare/cfrpki 11 github.com/openfga/openfga 11 github.com/zitadel/zitadel 11 github.com/greenpau/caddy-security 10 github.com/cosmos/cosmos-sdk 9 github.com/sylabs/singularity 9 github.com/cri-o/cri-o 9 github.com/kubernetes/kubernetes 9 golang.org/x/crypto 9 istio.io/istio 8 github.com/kubeedge/kubeedge 8 github.com/pterodactyl/wings 8 go.etcd.io/etcd 8 github.com/containers/podman/v4 8 github.com/pomerium/pomerium 8 github.com/google/fscrypt 7 k8s.io/ingress-nginx 7 github.com/traefik/traefik 7 github.com/nats-io/jwt 7 github.com/beego/beego 7 github.com/hashicorp/go-getter 7 helm.sh/helm 7 github.com/russellhaering/gosaml2 6 github.com/gravitl/netmaker 6 github.com/pion/dtls 6 github.com/russellhaering/goxmldsig 6 github.com/apache/trafficcontrol 6 github.com/sigstore/cosign 6 github.com/hyperledger/fabric 6 github.com/authzed/spicedb 6 github.com/fluxcd/flux2 6 github.com/treeverse/lakefs 6 github.com/cubefs/cubefs 6 github.com/beego/beego/v2 6 kubevirt.io/kubevirt 6 github.com/schollz/croc/v9 5 github.com/hashicorp/go-getter/v2 5 github.com/mattermost/mattermost-server/v5 5 github.com/foxcpp/maddy 5 go.etcd.io/etcd/v3 5 github.com/tendermint/tendermint 5 github.com/kyverno/kyverno 5 github.com/kiali/kiali 5 github.com/cometbft/cometbft 5 github.com/stacklok/minder 5 github.com/moby/buildkit 5 github.com/traefik/traefik/v3 5 github.com/gofiber/fiber/v2 5 github.com/fluxcd/kustomize-controller 5 github.com/ipfs/go-ipfs 5 github.com/apache/incubator-answer 5 github.com/IBAX-io/go-ibax 5 github.com/KubeOperator/kubepi 5 github.com/containers/buildah 5 github.com/0xJacky/Nginx-UI 5 github.com/pion/dtls/v2 5 github.com/gophish/gophish 5 github.com/arduino/arduino-create-agent 4 github.com/crewjam/saml 4 github.com/free5gc/free5gc 4 golang.org/x/net/http2 4 github.com/dexidp/dex 4 github.com/dhowden/tag 4 github.com/ory/fosite 4 github.com/alist-org/alist/v3 4 github.com/concourse/concourse 4 github.com/containers/podman/v3 4 github.com/git-lfs/git-lfs 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/casdoor/casdoor 4 github.com/argoproj/argo-workflows/v3 4 github.com/tidwall/gjson 4 github.com/aws/aws-sdk-go 4 github.com/coredns/coredns 4 github.com/open-policy-agent/opa 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/lestrrat-go/jwx 4 github.com/lestrrat-go/jwx/v2 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/gin-gonic/gin 4 github.com/docker/distribution 3 github.com/apache/servicecomb-service-center 3 github.com/hashicorp/vault/vault 3 github.com/quic-go/quic-go 3 gopkg.in/yaml.v2 3 github.com/tiagorlampert/CHAOS 3 k8s.io/client-go 3 github.com/syncthing/syncthing 3 github.com/crossplane/crossplane 3 github.com/flyteorg/flyteadmin 3 github.com/openshift/origin 3 github.com/ory/oathkeeper 3 github.com/ElrondNetwork/elrond-go 3 github.com/lightningnetwork/lnd 3 github.com/libp2p/go-libp2p 3 github.com/cheqd/cheqd-node 3 github.com/minio/minio 3 go.etcd.io/etcd/client/v3 3 github.com/sigstore/cosign/v2 3 github.com/fluxcd/helm-controller 3 golang.org/x/text 3 github.com/nats-io/jwt/v2 3 github.com/navidrome/navidrome 3 github.com/crypto-org-chain/cronos 3 github.com/owncast/owncast 3 github.com/heketi/heketi 3 github.com/mholt/archiver 3 vitess.io/vitess 3 github.com/consensys/gnark 3 github.com/projectcalico/calico 3 github.com/notaryproject/notation 3 github.com/miekg/dns 3 github.com/tharsis/evmos 3 github.com/dutchcoders/transfer.sh 3 github.com/edgelesssys/constellation/v2 3 github.com/weaveworks/weave-gitops 3 github.com/caddyserver/caddy 3 github.com/authelia/authelia/v4 3 github.com/phachon/mm-wiki 3 github.com/cortexproject/cortex 3 github.com/square/go-jose 3 github.com/go-vela/server 3 github.com/jackc/pgx/v4 3 github.com/artifacthub/hub 3 github.com/hashicorp/boundary 3 golang.org/x/image 3 github.com/buildkite/elastic-ci-stack-for-aws/v6 2 Google.Protobuf 2 google/protobuf 2 github.com/protocolbuffers/protobuf 2 github.com/gphper/ginadmin 2 github.com/sigstore/rekor 2 github.com/woodpecker-ci/woodpecker 2 github.com/projectcapsule/capsule-proxy 2 github.com/theupdateframework/go-tuf 2 google.golang.org/grpc 2 github.com/karmada-io/karmada 2 github.com/go-git/go-git/v5 2 protobuf 2 github.com/ansible-semaphore/semaphore 2 github.com/siderolabs/talos 2 github.com/go-yaml/yaml 2 github.com/clastix/capsule-proxy 2 github.com/etcd-io/etcd 2 github.com/openshift/apiserver-library-go 2 github.com/mattermost/mattermost-plugin-jira 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/bytebase/bytebase 2 gopkg.in/src-d/go-git.v4 2 github.com/u-root/u-root 2 github.com/apptainer/apptainer 2 github.com/multiversx/mx-chain-go 2 github.com/labring/sealos 2 github.com/jaegertracing/jaeger 2 rancher/rancher 2 github.com/influxdata/influxdb 2 github.com/imgproxy/imgproxy/v3 2 k8s.io/apimachinery 2 github.com/minio/console 2 github.com/dvsekhvalnov/jose2go 2 mellium.im/xmpp 2 github.com/google/exposure-notifications-verification-server 2 github.com/prometheus/prometheus 2 github.com/talos-systems/talos 2 github.com/pingcap/tidb 2 github.com/microcosm-cc/bluemonday 2 github.com/sap/cloud-security-client-go 2 github.com/hashicorp/terraform 2 github.com/argoproj/argo-events 2 github.com/bitly/oauth2_proxy 2 github.com/flipped-aurora/gin-vue-admin/server 2
Filter by Repository
https://github.com/usememos/memos 59 https://github.com/kubernetes/kubernetes 49 https://github.com/grafana/grafana 37 https://github.com/argoproj/argo-cd 37 https://github.com/answerdev/answer 34 https://github.com/go-gitea/gitea 31 https://github.com/rancher/rancher 25 https://github.com/gogs/gogs 20 https://github.com/cilium/cilium 20 https://github.com/helm/helm 19 https://github.com/hashicorp/consul 19 https://github.com/hashicorp/vault 16 https://github.com/ethereum/go-ethereum 16 https://github.com/etcd-io/etcd 16 https://github.com/goharbor/harbor 15 https://github.com/moby/moby 14 https://github.com/mattermost/mattermost 14 https://github.com/containerd/containerd 14 https://github.com/hashicorp/nomad 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/openfga/openfga 11 https://github.com/containers/podman 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/greenpau/caddy-security 10 https://github.com/cosmos/cosmos-sdk 9 https://github.com/cri-o/cri-o 9 https://github.com/istio/istio 8 https://github.com/kubeedge/kubeedge 8 https://github.com/docker/docker 8 https://github.com/pterodactyl/wings 8 https://github.com/pomerium/pomerium 8 https://github.com/hpcng/singularity 7 https://github.com/beego/beego 7 https://github.com/hashicorp/go-getter 7 https://github.com/kubernetes/ingress-nginx 7 https://github.com/google/fscrypt 7 https://github.com/schollz/croc 6 https://github.com/moby/buildkit 6 https://github.com/cubefs/cubefs 6 https://github.com/fluxcd/flux2 6 https://github.com/hyperledger/fabric 6 https://github.com/containers/buildah 6 https://github.com/treeverse/lakeFS 6 https://github.com/authzed/spicedb 6 https://github.com/gravitl/netmaker 6 https://github.com/pion/dtls 6 https://github.com/sigstore/cosign 6 https://github.com/russellhaering/gosaml2 5 https://github.com/stacklok/minder 5 https://github.com/kyverno/kyverno 5 https://github.com/ipfs/go-ipfs 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/gophish/gophish 5 https://github.com/gofiber/fiber 5 https://github.com/free5gc/free5gc 5 https://github.com/foxcpp/maddy 5 https://github.com/crewjam/saml 5 https://github.com/cometbft/cometbft 5 https://github.com/argoproj/argo-workflows 5 https://github.com/0xJacky/nginx-ui 5 https://github.com/tendermint/tendermint 5 https://github.com/open-policy-agent/opa 4 https://github.com/arduino/arduino-create-agent 4 https://github.com/grafana/bugbounty 4 https://github.com/dhowden/tag 4 https://github.com/dexidp/dex 4 https://github.com/tidwall/gjson 4 https://github.com/siderolabs/talos 4 https://github.com/containous/traefik 4 https://github.com/gin-gonic/gin 4 https://github.com/lestrrat-go/jwx 4 https://github.com/git-lfs/git-lfs 4 https://github.com/IceWhaleTech/CasaOS-UserService 4 https://github.com/oauth2-proxy/oauth2-proxy 4 https://github.com/concourse/concourse 4 https://github.com/kubevirt/kubevirt 4 https://github.com/aws/aws-sdk-go 4 https://github.com/nats-io/jwt 4 https://github.com/ory/fosite 4 https://github.com/casdoor/casdoor 4 https://github.com/tailscale/tailscale 3 https://github.com/ipfs/boxo 3 https://github.com/quic-go/quic-go 3 https://github.com/edgelesssys/constellation 3 https://github.com/coredns/coredns 3 https://github.com/dutchcoders/transfer.sh 3 https://github.com/ElrondNetwork/elrond-go 3 https://github.com/cortexproject/cortex 3 https://github.com/cheqd/cheqd-node 3 https://github.com/kiali/kiali 3 https://github.com/libp2p/go-libp2p 3 https://github.com/openshift/origin 3 https://github.com/KubeOperator/KubePi 3 https://github.com/weaveworks/weave-gitops 3 https://github.com/phachon/mm-wiki 3 https://github.com/crossplane/crossplane 3 https://github.com/kubernetes-sigs/secrets-store-csi-driver 3 https://github.com/caddyserver/caddy 3 https://github.com/open-telemetry/opentelemetry-go-contrib 3 https://github.com/vitessio/vitess 3 https://github.com/go-vela/server 3 https://github.com/flyteorg/flyteadmin 3 https://github.com/syncthing/syncthing 3 https://github.com/go-yaml/yaml 3 https://github.com/apache/trafficcontrol 3 https://github.com/minio/minio 3 https://github.com/moby/libnetwork 3 https://github.com/flipped-aurora/gin-vue-admin 3 https://github.com/sylabs/singularity 3 https://github.com/alist-org/alist 3 https://github.com/navidrome/navidrome 3 https://github.com/evmos/evmos 3 https://github.com/Consensys/gnark 3 https://github.com/tiagorlampert/CHAOS 3 https://github.com/gogits/gogs 3 https://github.com/artifacthub/hub 3 https://github.com/heketi/heketi 3 https://github.com/u-root/u-root 3 https://github.com/square/go-jose 3 https://github.com/authelia/authelia 3 https://github.com/ory/oathkeeper 3 https://github.com/Consensys/gnark-crypto 2 https://github.com/cosmos/ethermint 2 https://github.com/codenotary/immudb 2 https://github.com/multiversx/mx-chain-go 2 https://github.com/minio/console 2 https://github.com/miekg/dns 2 https://github.com/microcosm-cc/bluemonday 2 https://github.com/lightningnetwork/lnd 2 https://github.com/coreos/etcd 2 https://github.com/mholt/archiver 2 https://github.com/Masterminds/goutils 2 https://github.com/containers/image 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/woodpecker-ci/woodpecker 2 https://github.com/containers/libpod 2 https://github.com/mellium/xmpp 2 https://github.com/heroiclabs/nakama 2 https://github.com/envoyproxy/envoy 2 https://github.com/hashicorp/terraform 2 https://github.com/facebook/fbthrift 2 https://github.com/fkie-cad/yapscan 2 https://github.com/fleetdm/fleet 2 https://github.com/fluid-cloudnative/fluid 2 https://github.com/gphper/ginadmin 2 https://github.com/flynn/noise 2 https://github.com/gotify/server 2 https://github.com/goreleaser/goreleaser 2 https://github.com/ulikunitz/xz 2 https://github.com/unknwon/cae 2 https://github.com/google/exposure-notifications-verification-server 2 https://github.com/go-git/go-git 2 https://github.com/golang/crypto 2 https://github.com/go-jose/go-jose 2 https://github.com/gohugoio/hugo 2 https://github.com/labstack/echo 2 https://github.com/labring/sealos 2 https://github.com/temporalio/temporal 2 https://github.com/crypto-org-chain/cronos 2 https://github.com/kitabisa/teler-waf 2 https://github.com/kitabisa/teler 2 https://github.com/distribution/distribution 2 https://github.com/drakkan/sftpgo 2 https://github.com/jackc/pgproto3 2 https://github.com/ipld/go-codec-dagpb 2 https://github.com/dvsekhvalnov/jose2go 2 https://github.com/ecnepsnai/web 2 https://github.com/edgelesssys/marblerun 2 https://github.com/influxdata/influxdb 2 https://github.com/imgproxy/imgproxy 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/elastic/beats 2 https://github.com/theupdateframework/go-tuf 2 https://github.com/cloudflare/circl 2 https://github.com/bottlerocket-os/bottlerocket 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/rancher/wrangler 2 https://github.com/projectcapsule/capsule-proxy 2 https://github.com/sigstore/rekor 2 https://github.com/atredispartners/advisories 2 https://github.com/swaggo/http-swagger 2 https://github.com/openshift/apiserver-library-go 2 https://github.com/brokercap/Bifrost 2 https://github.com/stripe/smokescreen 2 https://github.com/argoproj/argo-events 2 https://github.com/zalando/skipper 2 https://github.com/owncast/owncast 2 https://github.com/russellhaering/goxmldsig 2 https://github.com/buger/jsonparser 2 https://github.com/peterzen/goresolver 2 https://github.com/pingcap/tidb 2 https://github.com/supranational/blst 2 https://github.com/apptainer/apptainer 2 https://github.com/pires/go-proxyproto 2