Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Low

GSA_kwCzR0hTQS1xaDU0LTl2YzUtbTlmZ80WgQ

MD5 hash support in github.com/foxcpp/maddy
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 0.9
Published: over 2 years ago

Low

GSA_kwCzR0hTQS1xcTk3LXZtNWgtcnJoZ80psQ

OCI Manifest Type Confusion Issue
Ecosystems: go
Packages: github.com/docker/distribution
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 2 years ago

Low

GSA_kwCzR0hTQS1qbXAyLXdjNHAtd2ZoMs4AAzGL

Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints
Ecosystems: go
Packages: github.com/mutagen-io/mutagen, github.com/mutagen-io/mutagen-compose
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago

Low

GSA_kwCzR0hTQS1jZjZ2LTlqNTctdjZyNs4AA0Nx

code.gitea.io/gitea Open Redirect vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 10 months ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1MmYtcHE0Ny0ycjlq

plugin.yaml file allows for duplicate entries in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: almost 3 years ago

Low

GSA_kwCzR0hTQS1nbTJnLTJ4cjktcHh4as4AA0J6

Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Ecosystems: go
Packages: go.temporal.io/server
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 11 months ago

Low

GSA_kwCzR0hTQS1mOWpnLThwMzItMmY1Nc0hRw

kubectl ANSI escape characters not filtered
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 2 years ago

Low

GSA_kwCzR0hTQS01ajV3LWc2NjUtNW0zNc0XXw

Ambiguous OCI manifest parsing
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 2 years ago

Low

GSA_kwCzR0hTQS03N3ZoLXhwbWctNzJxaM0XWQ

Clarify `mediaType` handling
Ecosystems: go
Packages: github.com/opencontainers/image-spec
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 2 years ago

Low

GSA_kwCzR0hTQS1xdjk1LWczZ20teDU0Ms0Wfg

Hashicorp Vault Privilege Escalation Vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago

Low

GSA_kwCzR0hTQS01cXg5LTlmZmotNXI4Zs4AA7VE

Mattermost fails to fully validate role changes
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 19 days ago

Low

GSA_kwCzR0hTQS01Zmg3LTdtdzctbW14Nc4AA7VJ

Mattermost allows team admins to promote guests to team admins
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 19 days ago

Low

GSA_kwCzR0hTQS1mN3F3LWpqOWMtcnBxOc4AAzkQ

In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Ecosystems: go
Packages: github.com/lima-vm/lima
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 12 months ago

Low

GSA_kwCzR0hTQS1weGh3LTU5NnItcndxNc4AA7Ph

Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 22 days ago

Low

GSA_kwCzR0hTQS05Zm1jLTVmcTQtNWp3aM4AAvx0

HashiCorp Nomad vulnerable to Insufficient Session Expiration
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 1 year ago

Low

GSA_kwCzR0hTQS1ycDY1LWpwYzctOGg4cM4AA2I7

Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 8 months ago

Low

GSA_kwCzR0hTQS1oOHdoLWY3Z3ctZndwcs4AA2I9

Low

GSA_kwCzR0hTQS1wbWpnLTUyaDktNzJxds4AAtUK

Argo CD SSO users vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 2 years ago

Low

GSA_kwCzR0hTQS0zZzM1LXY1M3ItZ3B4Y84AA5qJ

Mattermost race condition
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

Low

GSA_kwCzR0hTQS1tOGNnLXhjMnAtcjNmY84AAydr

rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 1 year ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmMzMtZjRmNS14d2d3

In-band key negotiation issue in AWS S3 Crypto SDK for golang
Ecosystems: go
Packages: github.com/aws/aws-sdk-go
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 2 years ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxYzUtcmdjYy1janFo

Information Disclosure in go.elastic.co/apm
Ecosystems: go
Packages: go.elastic.co/apm
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptNTYtNWg2Ni13NDUz

Repository index file allows for duplicates of the same chart entry in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 3 years ago

Low

GSA_kwCzR0hTQS1qODVxLTQ2aGctMzZwMs4AA658

SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 month ago

Low

GSA_kwCzR0hTQS04d2poLTU5Y3ctOXhoNM4AA8Ej

Grafana Forward OAuth Identity Token can allow users to access some data sources
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 11 hours ago

Low

GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w

Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Ecosystems: go
Packages: github.com/kopia/kopia
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: about 1 month ago

Low

GSA_kwCzR0hTQS14ODgzLTJ2bWcteHdmN84AA7PJ

Authelia's Group Changes may not have the expected results (YAML file backend)
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago

Moderate

GSA_kwCzR0hTQS0zcHFoLXA3MmMtZmo4Nc0Xhw

Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Ecosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02Z3gtcmh2ai1maDUy

Denial of service in go-ethereum due to CVE-2020-28362
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1mcjJnLTloam0td3IyM84AA2kD

NATS.io: Adding accounts for just the system account adds auth bypass
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS02ZmcyLWh2ajktODMyZs4AA7vf

piraeus-operator allows attacker to impersonate service account
Ecosystems: go
Packages: github.com/piraeusdatastore/piraeus-operator/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago

High

GSA_kwCzR0hTQS1xdjk4LTMzNjktZzM2NM4AAuzr

KubeVirt vulnerable to arbitrary file read on host
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

High

GSA_kwCzR0hTQS1wbWYzLWMzNm0tZzVjZs4AA6JC

Container escape at build time
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Low

GSA_kwCzR0hTQS1xZmM1LTZyM2otamoyMs4AAzmA

Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBycWYteHIyai14ZjY1

Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Ecosystems: go
Packages: github.com/argoproj/argo-workflows/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS00cTYzLW1yMm0tNTdoZs4AA7if

kubevirt allows a local attacker to execute arbitrary code via a crafted command
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago

Moderate

GSA_kwCzR0hTQS0yYzdjLTNtajktOGZxaM4AA3S1

Decryption of malicious PBES2 JWE objects can consume unbounded system resources
Ecosystems: go
Packages: github.com/square/go-jose, github.com/go-jose/go-jose/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

Low

GSA_kwCzR0hTQS04Nmg1LXhjcHgtY2ZxY84AA5jS

ASA-2024-005: Potential slashing evasion during re-delegation
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

High

GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us

Cosmos packet-forward-middleware vulnerable to chain-halt
Ecosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS1qcjhqLTJqaHAtbTY3ds4AAu1Y

nftables binding to an already bound chain
Ecosystems: go
Packages: github.com/siderolabs/talos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Low

GSA_kwCzR0hTQS1yMnh2LXZwcjItNDJtOc4AA2_p

slsa-verifier vulnerable to mproper validation of npm's publish attestations
Ecosystems: go
Packages: github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS05eDRoLTh3Z20tOHhmZ84AAtHx

Malformed CAR panics and excessive memory usage
Ecosystems: go
Packages: github.com/ipld/go-car/v2, github.com/ipld/go-car
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS14eGZ4LXcycnctZ2g2M84AAwVh

csaf-poc/csaf_distribution Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/csaf-poc/csaf_distribution
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS14ZmpqLWY2OTktcmM3Oc4AA70K

tiagorlampert CHAOS vulnerable to arbitrary code execution
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2ODQtZzQ4My0yMjQ5

Signature Validation Bypass
Ecosystems: go
Packages: github.com/russellhaering/gosaml2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS01cGY2LTJxd3gtcHhtMs4AA5zw

Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
Ecosystems: go
Packages: github.com/cloudevents/sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjN3AtZ212aC14Zngy

Attack on Kubernetes via Misconfigured Argo Workflows
Ecosystems: go
Packages: github.com/argoproj/argo-workflows
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx

Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS14OTVoLTk3OXgtY2Yzas0Wmg

Policies not properly enforced in bluemonday
Ecosystems: go, pypi
Packages: github.com/microcosm-cc/bluemonday, pybluemonday
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct

Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago

High

GSA_kwCzR0hTQS1tY3EyLXc1NnItNXcyd805eA

Daemon panics when processing certain blocks
Ecosystems: go
Packages: github.com/ipld/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago

High

GSA_kwCzR0hTQS1yMmg1LTNoZ3ctOGozNM4AAxt2

User data in TPM attestation vulnerable to MITM
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS13NGY4LWZ4cTItajM1ds0vfw

Possible privilege escalation via bash completion script
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS1oZ3Y2LXc3cjMtdzRxd84AAzhi

Kyverno vulnerable due to usage of insecure cipher
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago

Low

GSA_kwCzR0hTQS1wajk2LTRqaHYtdjc5Ms4AArT9

Cross site scripting via cookies in gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1qMzR2LTM1NTItNXI3as0vhA

Multiple security issues in Pomerium's embedded envoy
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago

High

GSA_kwCzR0hTQS05NzYzLTRmOTQtZ2ZjaM4AA4Ql

CIRCL's Kyber: timing side-channel (kyberslash2)
Ecosystems: go
Packages: github.com/cloudflare/circl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3eG0tbTltNC1jcHJq

Import of incorrectly embargoed keys could cause early publication
Ecosystems: go
Packages: github.com/google/exposure-notifications-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1YzcteDdtMi1yaG1m

Local directory executable lookup in sops (Windows-only)
Ecosystems: go
Packages: go.mozilla.org/sops/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1tN3dyLTJ4ZjctY205cM4AA5v_

pgx SQL Injection via Line Comment Creation
Ecosystems: go
Packages: github.com/jackc/pgx/v4, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0Z2ctcG1xci00NjY5

Access Restriction Bypass in Docker
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS14d212LWN4N3AtZnFmY84AA5Oo

caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2d2YtOXZncC1wajd3

Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang
Ecosystems: go
Packages: github.com/aws/aws-sdk-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago

High

GSA_kwCzR0hTQS1tN3ZwLWhxd3YtN201eM0hTg

Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
Ecosystems: go
Packages: github.com/spiffe/spire
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago

Low

GSA_kwCzR0hTQS01eDRnLXE1cmMtMzZqcM4AA5Cl

Etcd pkg Insecure ciphers are allowed by default
Ecosystems: go
Packages: go.etcd.io/etcd/client/pkg/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

Low

GSA_kwCzR0hTQS1wbTNtLTMycjMtN21maM4AA5Cn

Etcd embed auto compaction retention negative value causing a compaction loop or a crash
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS1tOTljLXEyNnItbTdtN84AA7I6

Evmos vulnerable to unauthorized account creation with vesting module
Ecosystems: go
Packages: github.com/evmos/evmos/v13, github.com/evmos/evmos/v13/x/vesting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJyZnctaGc5bS1qNDdo

Signature Validation Bypass
Ecosystems: go
Packages: github.com/russellhaering/goxmldsig
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS13Mmo1LTNyY3gtdng3eM0y7Q

Sysctls applied to containers with host IPC or host network namespaces can affect the host
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago

High

GSA_kwCzR0hTQS1nOGZjLXZyY2ctOHZqZ84AA7BP

Constallation has pods exposed to peers in VPC
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 30 days ago

Low

GSA_kwCzR0hTQS12amc2LTkzZnYtcXY2NM4AA5Co

Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

Low

GSA_kwCzR0hTQS03Yzk0LWd2dmotcjNtZ84AAzot

cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cheqd/cheqd-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago

Moderate

GSA_kwCzR0hTQS13cGZyLTYyOTctOXY1N80p2w

User object created with invalid provider data in GoTrue
Ecosystems: go
Packages: github.com/netlify/gotrue
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1NjMteGgyNS14NTRx

Workflow re-write vulnerability using input parameter
Ecosystems: go
Packages: github.com/argoproj/argo-workflows/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Low

GSA_kwCzR0hTQS05Z3A3LTY4MzMtd3Y4Oc4AAvLw

etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
Ecosystems: go
Packages: go.etcd.io/etcd/client/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS03djRwLTMyOHYtOHY1Z84AA2fi

Traefik vulnerable to HTTP/2 request causing denial of service
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS04cjNmLTg0NGMtbWMzN84AA5yO

Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Ecosystems: go
Packages: google.golang.org/protobuf/internal/encoding/json, google.golang.org/protobuf/encoding/protojson, google.golang.org/protobuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3cTctcnhxcS03dmdw

On Windows, `git-sizer` might run a `git` executable within the repository being analyzed
Ecosystems: go
Packages: github.com/github/git-sizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2NnctaHE1Ni00cTk3

Network policy may be bypassed by some ICMP Echo Requests
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS14NDc3LWZxMzctcTV3cs4AAxOX

Initial debug-host handler implementation could leak information and facilitate denial of service
Ecosystems: go
Packages: fortio.org/proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1mMmdyLTcyOTktNDg3aM4AAtH1

DOS and excessive memory usage when passing untrusted user input to to dag import
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Low

GSA_kwCzR0hTQS01MjhqLTlyNzgtd2ZmeM4AAvLv

etcd user credentials are stored in WAL logs in plaintext
Ecosystems: go
Packages: go.etcd.io/etcd/client/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

High

GSA_kwCzR0hTQS01cjV3LWg3NnAtbTcyNs0ftQ

Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago

Low

GSA_kwCzR0hTQS1oOGc5LTZndmgtNW1yY84AAvLt

etcd vulnerable to TOCTOU of gateway endpoint authentication
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxZmgtNzc4bS0ydjMy

GitHub CLI can execute a git binary from the current directory
Ecosystems: go
Packages: github.com/cli/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS14Mjc5LTY4cnItanA0cM4AAvME

Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function
Ecosystems: go
Packages: github.com/supranational/blst
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1tcnd3LTI3dmMtZ2dods4AA5wA

pgx SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS04YzM3LTdxeDMtNGM0cM4AA1Lt

Blst has logical error in SigValidate in Go bindings
Ecosystems: go
Packages: github.com/supranational/blst
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS03andoLTN2cnEtcTNtOM4AA5wG

pgproto3 SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago

Low

GSA_kwCzR0hTQS14OXFxLTIzNmotZ2o5N84AA3lE

Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Ecosystems: go
Packages: github.com/canonical/lxd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago

Moderate

Advisories: 18,592
Packages: 8,342
Repositories: 543
Ecosystems: 12

Filter by Severity

Moderate 8,063 High 6,401 Critical 2,824 Low 1,012

Filter by Ecosystem

maven 5,572 pypi 3,844 packagist 3,834 npm 3,559 go 1,928 nuget 1,422 rubygems 816 cargo 780 swift 31 hex 30 actions 16 pub 8

Filter by Package

github.com/usememos/memos 59 github.com/grafana/grafana 44 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 github.com/docker/docker 20 github.com/ethereum/go-ethereum 20 code.gitea.io/gitea 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/containerd/containerd 14 github.com/nats-io/nats-server/v2 13 github.com/traefik/traefik/v2 13 github.com/mattermost/mattermost-server 13 github.com/opencontainers/runc 12 github.com/moby/moby 12 github.com/go-gitea/gitea 12 github.com/zitadel/zitadel 11 github.com/1Panel-dev/1Panel 11 github.com/openfga/openfga 11 github.com/cloudflare/cfrpki 11 github.com/greenpau/caddy-security 10 github.com/sylabs/singularity 9 golang.org/x/crypto 9 github.com/cosmos/cosmos-sdk 9 github.com/kubernetes/kubernetes 9 github.com/cri-o/cri-o 9 github.com/pterodactyl/wings 8 istio.io/istio 8 github.com/containers/podman/v4 8 github.com/kubeedge/kubeedge 8 github.com/pomerium/pomerium 8 go.etcd.io/etcd 8 github.com/google/fscrypt 7 k8s.io/ingress-nginx 7 github.com/traefik/traefik 7 github.com/beego/beego 7 github.com/nats-io/jwt 7 github.com/hashicorp/go-getter 7 helm.sh/helm 7 github.com/hyperledger/fabric 6 github.com/apache/trafficcontrol 6 github.com/gravitl/netmaker 6 github.com/russellhaering/gosaml2 6 github.com/pion/dtls 6 github.com/sigstore/cosign 6 github.com/authzed/spicedb 6 github.com/fluxcd/flux2 6 github.com/cubefs/cubefs 6 github.com/treeverse/lakefs 6 github.com/russellhaering/goxmldsig 6 kubevirt.io/kubevirt 6 github.com/beego/beego/v2 6 github.com/gophish/gophish 5 github.com/schollz/croc/v9 5 github.com/foxcpp/maddy 5 github.com/mattermost/mattermost-server/v5 5 github.com/tendermint/tendermint 5 go.etcd.io/etcd/v3 5 github.com/kiali/kiali 5 github.com/kyverno/kyverno 5 github.com/cometbft/cometbft 5 github.com/gofiber/fiber/v2 5 github.com/moby/buildkit 5 github.com/fluxcd/kustomize-controller 5 github.com/traefik/traefik/v3 5 github.com/ipfs/go-ipfs 5 github.com/apache/incubator-answer 5 github.com/IBAX-io/go-ibax 5 github.com/KubeOperator/kubepi 5 github.com/containers/buildah 5 github.com/0xJacky/Nginx-UI 5 github.com/pion/dtls/v2 5 github.com/hashicorp/go-getter/v2 5 github.com/arduino/arduino-create-agent 4 github.com/crewjam/saml 4 github.com/free5gc/free5gc 4 github.com/dexidp/dex 4 golang.org/x/net/http2 4 github.com/dhowden/tag 4 github.com/ory/fosite 4 github.com/alist-org/alist/v3 4 github.com/argoproj/argo-workflows/v3 4 github.com/containers/podman/v3 4 github.com/concourse/concourse 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/open-policy-agent/opa 4 github.com/gin-gonic/gin 4 github.com/git-lfs/git-lfs 4 github.com/casdoor/casdoor 4 github.com/aws/aws-sdk-go 4 github.com/tidwall/gjson 4 github.com/stacklok/minder 4 github.com/coredns/coredns 4 github.com/lestrrat-go/jwx 4 github.com/lestrrat-go/jwx/v2 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/quic-go/quic-go 3 github.com/hashicorp/vault/vault 3 github.com/apache/servicecomb-service-center 3 github.com/notaryproject/notation 3 github.com/projectcalico/calico 3 github.com/docker/distribution 3 k8s.io/client-go 3 github.com/syncthing/syncthing 3 github.com/flyteorg/flyteadmin 3 github.com/crossplane/crossplane 3 github.com/openshift/origin 3 github.com/ory/oathkeeper 3 github.com/ElrondNetwork/elrond-go 3 github.com/cheqd/cheqd-node 3 github.com/libp2p/go-libp2p 3 github.com/minio/minio 3 go.etcd.io/etcd/client/v3 3 github.com/sigstore/cosign/v2 3 github.com/nats-io/jwt/v2 3 github.com/fluxcd/helm-controller 3 golang.org/x/text 3 github.com/navidrome/navidrome 3 github.com/crypto-org-chain/cronos 3 github.com/owncast/owncast 3 github.com/mholt/archiver 3 github.com/heketi/heketi 3 vitess.io/vitess 3 github.com/miekg/dns 3 github.com/consensys/gnark 3 github.com/tiagorlampert/CHAOS 3 gopkg.in/yaml.v2 3 github.com/lightningnetwork/lnd 3 github.com/artifacthub/hub 3 github.com/dutchcoders/transfer.sh 3 github.com/phachon/mm-wiki 3 github.com/go-vela/server 3 github.com/square/go-jose 3 github.com/tharsis/evmos 3 github.com/authelia/authelia/v4 3 github.com/hashicorp/boundary 3 golang.org/x/image 3 github.com/jackc/pgx/v4 3 github.com/edgelesssys/constellation/v2 3 github.com/weaveworks/weave-gitops 3 github.com/cortexproject/cortex 3 github.com/caddyserver/caddy 3 github.com/prometheus/prometheus 2 github.com/pingcap/tidb 2 github.com/microcosm-cc/bluemonday 2 github.com/sap/cloud-security-client-go 2 github.com/dvsekhvalnov/jose2go 2 rancher/rancher 2 github.com/google/exposure-notifications-verification-server 2 mellium.im/xmpp 2 github.com/minio/console 2 github.com/jaegertracing/jaeger 2 github.com/labring/sealos 2 github.com/multiversx/mx-chain-go 2 github.com/apptainer/apptainer 2 github.com/go-git/go-git/v5 2 github.com/karmada-io/karmada 2 github.com/gphper/ginadmin 2 github.com/sigstore/rekor 2 github.com/woodpecker-ci/woodpecker 2 github.com/projectcapsule/capsule-proxy 2 google.golang.org/grpc 2 github.com/theupdateframework/go-tuf 2 github.com/astaxie/beego 2 github.com/notaryproject/notation-go 2 github.com/IceWhaleTech/CasaOS 2 github.com/kata-containers/runtime 2 github.com/codenotary/immudb 2 github.com/kitabisa/teler-waf 2 github.com/swaggo/http-swagger 2 github.com/apache/thrift 2 github.com/gohugoio/hugo 2 github.com/flipped-aurora/gin-vue-admin/server 2 github.com/btcsuite/btcd 2 github.com/cloudflare/circl 2 github.com/pires/go-proxyproto 2 github.com/go-vela/worker 2 github.com/containers/podman 2 github.com/zalando/skipper 2 github.com/containers/podman/v2 2 github.com/go-skynet/LocalAI 2 github.com/jackc/pgx 2 github.com/jackc/pgproto3 2 github.com/jackc/pgproto3/v2 2 tailscale.com 2 github.com/mutagen-io/mutagen 2 github.com/jackc/pgx/v5 2

Filter by Repository