Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Loading...
High
GSA_kwCzR0hTQS14aG1mLW1tdjItNGhoeM4AAu14
Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
Ecosystems: go
Packages: github.com/pandatix/go-cvss
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS04anhtLXhwNDMtcWgzcc4AAz-e
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability
Ecosystems: go
Packages: github.com/bishopfox/sliver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2d2YtOXZncC1wajd3
Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang
Ecosystems: go
Packages: github.com/aws/aws-sdk-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2NnctaHE1Ni00cTk3
Network policy may be bypassed by some ICMP Echo Requests
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yd2NwLXFyd2ctNTZjZ84AAz_T
Casdoor Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS05OTRmLTdnODYtcXI1Ns4AArcn
Path Traversal in file editor on Windows in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05NzYzLTRmOTQtZ2ZjaM4AA4Ql
CIRCL's Kyber: timing side-channel (kyberslash2)
Ecosystems: go
Packages: github.com/cloudflare/circl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02Mjk0LTZyZ3AtZnI3cs4AA5mt
jose2go vulnerable to denial of service via large p2c value
Ecosystems: go
Packages: github.com/dvsekhvalnov/jose2go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNwZ3ctMnd4ci1wd3cz
Open Redirect
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2MzYtcTVmYy00cHI3
accounts: Hash account number using Salt
Ecosystems: go
Packages: github.com/moov-io/customers
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1wbWYzLWMzNm0tZzVjZs4AA6JC
Container escape at build time
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04amczLXJ4NDMtM2Z2NM4AAyq4
Answer vulnerable to Exposure of Sensitive Information Through Metadata
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yYzdjLTNtajktOGZxaM4AA3S1
Decryption of malicious PBES2 JWE objects can consume unbounded system resources
Ecosystems: go
Packages: github.com/square/go-jose, github.com/go-jose/go-jose/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00OXc3LTVyMzMtam05bc4AA5ok
http-swagger XSS via PUT requests
Ecosystems: go
Packages: github.com/swaggo/http-swagger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjNjQtdmo4Zy12d3Jx
Incorrect handling of credential expiry by /nats-io/nats-server
Ecosystems: go
Packages: github.com/nats-io/jwt, github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS14NjIzLWhyOGgtN2c1ds4AAxaj
Path Traversal in gin-vue-admin
Ecosystems: go
Packages: github.com/flipped-aurora/gin-vue-admin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS04Nmg1LXhjcHgtY2ZxY84AA5jS
ASA-2024-005: Potential slashing evasion during re-delegation
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzdzUtdjl4eC1ycDhw
Signature verification failure in Tendermint
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNmZoLXhjNnItZzVod84AAvFp
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
Ecosystems: go
Packages: github.com/brokercap/Bifrost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wdm1nLXhnbXgtOW14aM3kBw
Improper Input Validation in k8s.io/ingress-nginx
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnMmgtd3g5Ni14Z3hy
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
Ecosystems: go
Packages: github.com/Masterminds/goutils
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1xbXF3LXI0eDYtM3cycc4AAzLF
Answer Missing Authorization vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5bXAtOGczaC0zYzVj
flynn/noise has improper nonce handling yielding potential state DoS
Ecosystems: go
Packages: github.com/flynn/noise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oMndnLTgzZmMteHZtOc4AAyMw
Answer vulnerable to Business Logic Errors
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjN20tdnY0Ny03YzY5
Insecure Permissions in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDQtcW03aC14ODRq
Cross-site Scripting in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1nOXdoLTN2cngtcjdoZ80XIw
OctoRPKI crashes when processing GZIP bomb returned via malicious repository
Ecosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wajJoLTg1anEtZzV2Z84AA1v1
Answer Missing Authentication for Critical Function
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02NXY4LTZwdnctand2cc4AAyq3
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01cGY2LTJxd3gtcHhtMs4AA5zw
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
Ecosystems: go
Packages: github.com/cloudevents/sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14OTVoLTk3OXgtY2Yzas0Wmg
Policies not properly enforced in bluemonday
Ecosystems: go, pypi
Packages: github.com/microcosm-cc/bluemonday, pybluemonday
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yMmg1LTNoZ3ctOGozNM4AAxt2
User data in TPM attestation vulnerable to MITM
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oam1yLXhtMjUtMzZtaM4AAxfG
Answer subject to Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtcTItMzlmZi1mNXFn
A failed upgrade may lead to hung goroutines
Ecosystems: go
Packages: github.com/cloudflare/tableflip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1yMnh2LXZwcjItNDJtOc4AA2_p
slsa-verifier vulnerable to mproper validation of npm's publish attestations
Ecosystems: go
Packages: github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tN3dyLTJ4ZjctY205cM4AA5v_
pgx SQL Injection via Line Comment Creation
Ecosystems: go
Packages: github.com/jackc/pgx/v4, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13eDhxLXJnZnItY2Y2ds0XGw
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
Ecosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wN3dqLWM4NWYteHE5aM4AAxfD
Answer has Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05dzk3LTlycXgtOHY0as4AA4Jd
Mattermost allows demoted guests to change group names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qMmNyLWpjMzktd3B4Nc4AA0fr
Barberry Security Advisory - regarding x/auth periodic vesting accounts
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS05aHhnLXc3cWYtaGg5M84AAUTC
Gogs Directory Traversal
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnYtNmdtNi12cHZo
Insecure Permissions in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03djRwLTMyOHYtOHY1Z84AA2fi
Traefik vulnerable to HTTP/2 request causing denial of service
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zamdmLXI2OGgteGZxbc4AA7wZ
btcd susceptible to consensus failures
Ecosystems: go
Packages: github.com/btcsuite/btcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
High
GSA_kwCzR0hTQS1teHJ4LWZnOHAtNXA1as4AAvaq
Bifrost vulnerable to authentication check flaw that leads to authentication bypass
Ecosystems: go
Packages: github.com/brokercap/Bifrost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xeDM0LTQ3ZmMtdnY3Oc4AAxfC
Answer vulnerable to Race Condition
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nOGZjLXZyY2ctOHZqZ84AA7BP
Constallation has pods exposed to peers in VPC
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 30 days ago
Critical
GSA_kwCzR0hTQS1ocm0zLTN4bTYteDMzaM4AAwoO
golang-nanoauth authentication bypass vulnerability
Ecosystems: go
Packages: github.com/nanobox-io/golang-nanoauth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mOTloLXczMzctbXY1Ns4AA0pu
iprange may panic when parsing ranges with invalid masks
Ecosystems: go
Packages: github.com/malfunkt/iprange
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zMmg3LTdqOTQtOGZjMs4AA5MM
Mattermost vulnerable to denial of service via large number of emoji reactions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14cTR2LXZycDktdmNmMs4AArco
Cross-site Scripting vulnerability in repository issue list in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02N214LWpjMmYtamdqbc4AArcq
OS Command Injection in file editor in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ybXc4LTc4MjMtd3A3Zs4AAxfE
Answer contains Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12eGhyLXAydnAtN2dmOM4AAx9y
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00MjQ4LXA2NXAtaGNybc4AA4LV
Insecure random string generator used for sensitive data
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00Y3doLTh3NGctanh4aM4AAxfF
Answer contains Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS13Njg5LTU1N20tMmN2cc4AArY4
Server-Side Request Forgery in gogs webhook
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wajk2LTRqaHYtdjc5Ms4AArT9
Cross site scripting via cookies in gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wd3g1LTZ3eGctcHg1aM4AA6Ac
Insecure Variable Substitution in Vela
Ecosystems: go
Packages: github.com/go-vela/worker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1qNDk0LTd4MnYtdnZ2cM4AA0sO
mx-chain-go's relayed transactions always increment nonce
Ecosystems: go
Packages: github.com/multiversx/mx-chain-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zOTJoLXI0NmotcTI0cM4AA3Ym
OwnCast remote code execution vulnerability
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS01cjV3LWg3NnAtbTcyNs0ftQ
Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03MzlmLWh3NmgtN3dxOM4AAt50
PolicyController before 0.2.1 may bypass attestation verification
Ecosystems: go
Packages: github.com/sigstore/policy-controller
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yOHI2LWptNWgtbXJnZ804tQ
Access control bypass in Beego
Ecosystems: go
Packages: github.com/beego/beego, github.com/beego/beego/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ndnJtLXcyZjktZjc3cc4AA2sh
Ingress-nginx path sanitization can be bypassed
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS13bTJyLXJwOTgtOHBtaM1BTA
Exposure of SSH credentials in Rancher/Fleet
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05OWp2LTgyOTItMmhwbc4AA3pg
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Ecosystems: go
Packages: knative.dev/eventing-gitlab
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS02Y3ZmLW01OHEtaDl3Zs4AAxwk
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1meDVwLWY2NGgtOTN4Y804Iw
Opened exploitable ports in default docker-compose.yaml in go-ipfs
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zcjMyLWNwN3YtNXdxNM4AA1iW
Code injection in ansible semaphore
Ecosystems: go
Packages: github.com/ansible-semaphore/semaphore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1tNXE1LThtZnctcDJocs4AA0vD
CasaOS contains weak JWT secrets
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1wZnZoLXA4cXAtOXd3Oc4AAx3Y
Gogs OS Command Injection vulnerability
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03NTJjLXZmcGYtY3Ayd84AArAR
openark/orchestrator cross-site scripting vulnerability
Ecosystems: go
Packages: github.com/openark/orchestrator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wd3E3LWY3ZjktY20yas4AAvIC
Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload
Ecosystems: go
Packages: github.com/dutchcoders/transfer.sh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qaDYzLTI4Z3gtN3AyNs0xqA
Command Injection in CasaOS
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tcnd3LTI3dmMtZ2dods4AA5wA
pgx SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1mcDlmLTQ0YzItY3cyN84AA2tB
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qMzI3LWM2OWgtNGdoOM4AAzhT
Abstrium Pydio Cells Resource Injection vulnerability
Ecosystems: go
Packages: github.com/pydio/cells/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS02eHY1LTg2cTktN3hyOM4AA1v8
SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced
Ecosystems: go
Packages: github.com/cyphar/filepath-securejoin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00cjV4LXgyODMtd205Ns4AA2oW
Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
Ecosystems: go
Packages: github.com/jumpserver/koko
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jaHhmLWZqY2YtN2Z3cM0vfg
Possible filesystem space exhaustion by local users
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ajZ4LTQybW0tcDdqbc4AA0Rd
Zinc Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/zinclabs/zinc, github.com/zincsearch/zincsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mZjI4LWY0NmctcjlnOM4AAqwa
Cross-site Scripting in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ndjlqLTR3MjQtcTd2eM0vfQ
Improper random number generation in github.com/coredns/coredns
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yM3B4LW13MnAtNDZxbc4AA1vh
Cosmos-SDK Cosmovisor component may be vulnerable to denial of service
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS05djR2LTlmajUtcDk4Ms4AAx90
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03andoLTN2cnEtcTNtOM4AA5wG
pgproto3 SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS13cDc2LWNmMmotcnFxN84AA3Ct
Headscale writes bearer tokens to info-level logs
Ecosystems: go
Packages: github.com/juanfont/headscale
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12ODRoLTY1M3YtNHBxOc4AA7vR
Some CORS middleware allow untrusted origins
Ecosystems: go
Packages: github.com/jub0bs/fcors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS00cTYzLW1yMm0tNTdoZs4AA7if
kubevirt allows a local attacker to execute arbitrary code via a crafted command
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS04M3FyLWM3bTktd21nd84AAyMz
Answer vulnerable to Stored Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3djItMnF4eC13anJ3
Symlink Attack in Libcontainer and Docker Engine
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yOTV3LTdjcHgtaDVteM4AAyMt
Answer vulnerable to Business Logic Errors
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oMjg5LXg1d2MteGN2OM0scA
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Ecosystems: go
Packages: mellium.im/xmpp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00Zmd2LTg0NDgtZ2Y4Ms4AA0Rf
Zinc Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/zinclabs/zinc, github.com/zincsearch/zincsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13Mmo1LTNyY3gtdng3eM0y7Q
Sysctls applied to containers with host IPC or host network namespaces can affect the host
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ndzVoLWg2aGotZjU2Z80ymw
Gogs vulnerable to improper PAM authorization handling
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03OWh4LWc0M3YteGZtcs4AAyMx
Answer vulnerable to Insufficient Session Expiration
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01Z2poLTVqNGYtY3B3ds02Hg
Unrestricted Upload of File with Dangerous Type in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mdnY1LWgyOWctZjZ3Nc4AA5dq
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Statistics
Advisories: 18,592
Packages: 8,342
Repositories: 543
Ecosystems: 12
Filter by Severity
Moderate 8,063 High 6,401 Critical 2,824 Low 1,012
Filter by Ecosystem
maven 5,572 pypi 3,844 packagist 3,834 npm 3,559 go 1,928 nuget 1,422 rubygems 816 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
github.com/usememos/memos 59 github.com/grafana/grafana 44 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 github.com/docker/docker 20 github.com/ethereum/go-ethereum 20 code.gitea.io/gitea 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/containerd/containerd 14 github.com/nats-io/nats-server/v2 13 github.com/traefik/traefik/v2 13 github.com/mattermost/mattermost-server 13 github.com/opencontainers/runc 12 github.com/moby/moby 12 github.com/go-gitea/gitea 12 github.com/zitadel/zitadel 11 github.com/1Panel-dev/1Panel 11 github.com/openfga/openfga 11 github.com/cloudflare/cfrpki 11 github.com/greenpau/caddy-security 10 github.com/sylabs/singularity 9 golang.org/x/crypto 9 github.com/cosmos/cosmos-sdk 9 github.com/kubernetes/kubernetes 9 github.com/cri-o/cri-o 9 github.com/pterodactyl/wings 8 istio.io/istio 8 github.com/containers/podman/v4 8 github.com/kubeedge/kubeedge 8 github.com/pomerium/pomerium 8 go.etcd.io/etcd 8 github.com/google/fscrypt 7 k8s.io/ingress-nginx 7 github.com/traefik/traefik 7 github.com/beego/beego 7 github.com/nats-io/jwt 7 github.com/hashicorp/go-getter 7 helm.sh/helm 7 github.com/hyperledger/fabric 6 github.com/apache/trafficcontrol 6 github.com/gravitl/netmaker 6 github.com/russellhaering/gosaml2 6 github.com/pion/dtls 6 github.com/sigstore/cosign 6 github.com/authzed/spicedb 6 github.com/fluxcd/flux2 6 github.com/cubefs/cubefs 6 github.com/treeverse/lakefs 6 github.com/russellhaering/goxmldsig 6 kubevirt.io/kubevirt 6 github.com/beego/beego/v2 6 github.com/gophish/gophish 5 github.com/schollz/croc/v9 5 github.com/foxcpp/maddy 5 github.com/mattermost/mattermost-server/v5 5 github.com/tendermint/tendermint 5 go.etcd.io/etcd/v3 5 github.com/kiali/kiali 5 github.com/kyverno/kyverno 5 github.com/cometbft/cometbft 5 github.com/gofiber/fiber/v2 5 github.com/moby/buildkit 5 github.com/fluxcd/kustomize-controller 5 github.com/traefik/traefik/v3 5 github.com/ipfs/go-ipfs 5 github.com/apache/incubator-answer 5 github.com/IBAX-io/go-ibax 5 github.com/KubeOperator/kubepi 5 github.com/containers/buildah 5 github.com/0xJacky/Nginx-UI 5 github.com/pion/dtls/v2 5 github.com/hashicorp/go-getter/v2 5 github.com/arduino/arduino-create-agent 4 github.com/crewjam/saml 4 github.com/free5gc/free5gc 4 github.com/dexidp/dex 4 golang.org/x/net/http2 4 github.com/dhowden/tag 4 github.com/ory/fosite 4 github.com/alist-org/alist/v3 4 github.com/argoproj/argo-workflows/v3 4 github.com/containers/podman/v3 4 github.com/concourse/concourse 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/open-policy-agent/opa 4 github.com/gin-gonic/gin 4 github.com/git-lfs/git-lfs 4 github.com/casdoor/casdoor 4 github.com/aws/aws-sdk-go 4 github.com/tidwall/gjson 4 github.com/stacklok/minder 4 github.com/coredns/coredns 4 github.com/lestrrat-go/jwx 4 github.com/lestrrat-go/jwx/v2 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/quic-go/quic-go 3 github.com/hashicorp/vault/vault 3 github.com/apache/servicecomb-service-center 3 github.com/notaryproject/notation 3 github.com/projectcalico/calico 3 github.com/docker/distribution 3 k8s.io/client-go 3 github.com/syncthing/syncthing 3 github.com/flyteorg/flyteadmin 3 github.com/crossplane/crossplane 3 github.com/openshift/origin 3 github.com/ory/oathkeeper 3 github.com/ElrondNetwork/elrond-go 3 github.com/cheqd/cheqd-node 3 github.com/libp2p/go-libp2p 3 github.com/minio/minio 3 go.etcd.io/etcd/client/v3 3 github.com/sigstore/cosign/v2 3 github.com/nats-io/jwt/v2 3 github.com/fluxcd/helm-controller 3 golang.org/x/text 3 github.com/navidrome/navidrome 3 github.com/crypto-org-chain/cronos 3 github.com/owncast/owncast 3 github.com/mholt/archiver 3 github.com/heketi/heketi 3 vitess.io/vitess 3 github.com/miekg/dns 3 github.com/consensys/gnark 3 github.com/tiagorlampert/CHAOS 3 gopkg.in/yaml.v2 3 github.com/lightningnetwork/lnd 3 github.com/artifacthub/hub 3 github.com/dutchcoders/transfer.sh 3 github.com/phachon/mm-wiki 3 github.com/go-vela/server 3 github.com/square/go-jose 3 github.com/tharsis/evmos 3 github.com/authelia/authelia/v4 3 github.com/hashicorp/boundary 3 golang.org/x/image 3 github.com/jackc/pgx/v4 3 github.com/edgelesssys/constellation/v2 3 github.com/weaveworks/weave-gitops 3 github.com/cortexproject/cortex 3 github.com/caddyserver/caddy 3 github.com/prometheus/prometheus 2 github.com/pingcap/tidb 2 github.com/microcosm-cc/bluemonday 2 github.com/sap/cloud-security-client-go 2 github.com/dvsekhvalnov/jose2go 2 rancher/rancher 2 github.com/google/exposure-notifications-verification-server 2 mellium.im/xmpp 2 github.com/minio/console 2 github.com/jaegertracing/jaeger 2 github.com/labring/sealos 2 github.com/multiversx/mx-chain-go 2 github.com/apptainer/apptainer 2 github.com/go-git/go-git/v5 2 github.com/karmada-io/karmada 2 github.com/gphper/ginadmin 2 github.com/sigstore/rekor 2 github.com/woodpecker-ci/woodpecker 2 github.com/projectcapsule/capsule-proxy 2 google.golang.org/grpc 2 github.com/theupdateframework/go-tuf 2 github.com/astaxie/beego 2 github.com/notaryproject/notation-go 2 github.com/IceWhaleTech/CasaOS 2 github.com/kata-containers/runtime 2 github.com/codenotary/immudb 2 github.com/kitabisa/teler-waf 2 github.com/swaggo/http-swagger 2 github.com/apache/thrift 2 github.com/gohugoio/hugo 2 github.com/flipped-aurora/gin-vue-admin/server 2 github.com/btcsuite/btcd 2 github.com/cloudflare/circl 2 github.com/pires/go-proxyproto 2 github.com/go-vela/worker 2 github.com/containers/podman 2 github.com/zalando/skipper 2 github.com/containers/podman/v2 2 github.com/go-skynet/LocalAI 2 github.com/jackc/pgx 2 github.com/jackc/pgproto3 2 github.com/jackc/pgproto3/v2 2 tailscale.com 2 github.com/mutagen-io/mutagen 2 github.com/jackc/pgx/v5 2
Filter by Repository
https://github.com/usememos/memos 59 https://github.com/kubernetes/kubernetes 48 https://github.com/grafana/grafana 37 https://github.com/argoproj/argo-cd 37 https://github.com/answerdev/answer 34 https://github.com/go-gitea/gitea 31 https://github.com/rancher/rancher 25 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/ethereum/go-ethereum 16 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/goharbor/harbor 15 https://github.com/moby/moby 14 https://github.com/mattermost/mattermost 14 https://github.com/containerd/containerd 14 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/traefik/traefik 13 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/containers/podman 11 https://github.com/openfga/openfga 11 https://github.com/opencontainers/runc 11 https://github.com/greenpau/caddy-security 10 https://github.com/cri-o/cri-o 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/istio/istio 8 https://github.com/kubeedge/kubeedge 8 https://github.com/docker/docker 8 https://github.com/pterodactyl/wings 8 https://github.com/pomerium/pomerium 8 https://github.com/kubernetes/ingress-nginx 7 https://github.com/beego/beego 7 https://github.com/hashicorp/go-getter 7 https://github.com/hpcng/singularity 7 https://github.com/google/fscrypt 7 https://github.com/moby/buildkit 6 https://github.com/schollz/croc 6 https://github.com/sigstore/cosign 6 https://github.com/pion/dtls 6 https://github.com/hyperledger/fabric 6 https://github.com/treeverse/lakeFS 6 https://github.com/gravitl/netmaker 6 https://github.com/authzed/spicedb 6 https://github.com/containers/buildah 6 https://github.com/fluxcd/flux2 6 https://github.com/cubefs/cubefs 6 https://github.com/0xJacky/nginx-ui 5 https://github.com/argoproj/argo-workflows 5 https://github.com/russellhaering/gosaml2 5 https://github.com/cometbft/cometbft 5 https://github.com/crewjam/saml 5 https://github.com/foxcpp/maddy 5 https://github.com/free5gc/free5gc 5 https://github.com/gofiber/fiber 5 https://github.com/gophish/gophish 5 https://github.com/kyverno/kyverno 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/ipfs/go-ipfs 5 https://github.com/tendermint/tendermint 5 https://github.com/git-lfs/git-lfs 4 https://github.com/kubevirt/kubevirt 4 https://github.com/concourse/concourse 4 https://github.com/ory/fosite 4 https://github.com/IceWhaleTech/CasaOS-UserService 4 https://github.com/arduino/arduino-create-agent 4 https://github.com/aws/aws-sdk-go 4 https://github.com/lestrrat-go/jwx 4 https://github.com/gin-gonic/gin 4 https://github.com/oauth2-proxy/oauth2-proxy 4 https://github.com/open-policy-agent/opa 4 https://github.com/siderolabs/talos 4 https://github.com/stacklok/minder 4 https://github.com/grafana/bugbounty 4 https://github.com/nats-io/jwt 4 https://github.com/tidwall/gjson 4 https://github.com/dhowden/tag 4 https://github.com/containous/traefik 4 https://github.com/dexidp/dex 4 https://github.com/casdoor/casdoor 4 https://github.com/open-telemetry/opentelemetry-go-contrib 3 https://github.com/tailscale/tailscale 3 https://github.com/authelia/authelia 3 https://github.com/minio/minio 3 https://github.com/quic-go/quic-go 3 https://github.com/flyteorg/flyteadmin 3 https://github.com/cheqd/cheqd-node 3 https://github.com/openshift/origin 3 https://github.com/cortexproject/cortex 3 https://github.com/syncthing/syncthing 3 https://github.com/go-vela/server 3 https://github.com/libp2p/go-libp2p 3 https://github.com/moby/libnetwork 3 https://github.com/flipped-aurora/gin-vue-admin 3 https://github.com/coredns/coredns 3 https://github.com/sylabs/singularity 3 https://github.com/vitessio/vitess 3 https://github.com/square/go-jose 3 https://github.com/caddyserver/caddy 3 https://github.com/u-root/u-root 3 https://github.com/evmos/evmos 3 https://github.com/navidrome/navidrome 3 https://github.com/alist-org/alist 3 https://github.com/kiali/kiali 3 https://github.com/gogits/gogs 3 https://github.com/dutchcoders/transfer.sh 3 https://github.com/ory/oathkeeper 3 https://github.com/heketi/heketi 3 https://github.com/ipfs/boxo 3 https://github.com/edgelesssys/constellation 3 https://github.com/apache/trafficcontrol 3 https://github.com/KubeOperator/KubePi 3 https://github.com/tiagorlampert/CHAOS 3 https://github.com/ElrondNetwork/elrond-go 3 https://github.com/crossplane/crossplane 3 https://github.com/weaveworks/weave-gitops 3 https://github.com/phachon/mm-wiki 3 https://github.com/go-yaml/yaml 3 https://github.com/kubernetes-sigs/secrets-store-csi-driver 3 https://github.com/Consensys/gnark 3 https://github.com/artifacthub/hub 3 https://github.com/minio/console 2 https://github.com/Consensys/gnark-crypto 2 https://github.com/sylabs/sif 2 https://github.com/envoyproxy/envoy 2 https://github.com/codenotary/immudb 2 https://github.com/hashicorp/terraform 2 https://github.com/multiversx/mx-chain-go 2 https://github.com/mutagen-io/mutagen 2 https://github.com/Netflix/security-bulletins 2 https://github.com/distribution/distribution 2 https://github.com/jackc/pgproto3 2 https://github.com/ipld/go-codec-dagpb 2 https://github.com/drakkan/sftpgo 2 https://github.com/kitabisa/teler 2 https://github.com/kitabisa/teler-waf 2 https://github.com/dvsekhvalnov/jose2go 2 https://github.com/ecnepsnai/web 2 https://github.com/crypto-org-chain/cronos 2 https://github.com/influxdata/influxdb 2 https://github.com/temporalio/temporal 2 https://github.com/imgproxy/imgproxy 2 https://github.com/edgelesssys/marblerun 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/cosmos/ethermint 2 https://github.com/labring/sealos 2 https://github.com/labstack/echo 2 https://github.com/coreos/etcd 2 https://github.com/lightningnetwork/lnd 2 https://github.com/theupdateframework/go-tuf 2 https://github.com/elastic/beats 2 https://github.com/Masterminds/goutils 2 https://github.com/woodpecker-ci/woodpecker 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/containers/libpod 2 https://github.com/containers/image 2 https://github.com/mellium/xmpp 2 https://github.com/heroiclabs/nakama 2 https://github.com/mholt/archiver 2 https://github.com/microcosm-cc/bluemonday 2 https://github.com/miekg/dns 2 https://github.com/pingcap/tidb 2 https://github.com/buger/jsonparser 2 https://github.com/pires/go-proxyproto 2 https://github.com/flynn/noise 2 https://github.com/brokercap/Bifrost 2 https://github.com/bottlerocket-os/bottlerocket 2 https://github.com/gotify/server 2 https://github.com/projectcapsule/capsule-proxy 2 https://github.com/bitly/oauth2_proxy 2 https://github.com/projectdiscovery/nuclei 2 https://github.com/prometheus/prometheus 2 https://github.com/atredispartners/advisories 2 https://github.com/rancher/wrangler 2 https://github.com/ulikunitz/xz 2 https://github.com/argoproj/argo-events 2 https://github.com/zalando/skipper 2 https://github.com/google/exposure-notifications-verification-server 2 https://github.com/stripe/smokescreen 2 https://github.com/russellhaering/goxmldsig 2 https://github.com/apptainer/apptainer 2 https://github.com/sajari/docconv 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/go-git/go-git 2 https://github.com/unknwon/cae 2 https://github.com/sigstore/rekor 2 https://github.com/golang/crypto 2 https://github.com/go-jose/go-jose 2 https://github.com/gohugoio/hugo 2 https://github.com/1Panel-dev/KubePi 2 https://github.com/spiffe/spire 2 https://github.com/netlify/gotrue 2 https://github.com/cloudflare/cloudflared 2 https://github.com/cloudflare/circl 2