Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
go Security Advisories
Loading...
Critical
Ecosystems: go
Packages: github.com/apptainer/sif, github.com/satori/go.uuid
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: about 1 year ago
GSA_kwCzR0hTQS0zM202LXE5djUtNjJyN84AA6Xq
Predictable SIF UUID IdentifiersEcosystems: go
Packages: github.com/apptainer/sif, github.com/satori/go.uuid
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1od2o3LWZyZ2otNzgyOc4AAyM1
Answer vulnerable to Authentication Bypass by Capture-replayEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/pingcap/tidb
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 1 year ago
GSA_kwCzR0hTQS03ZnhqLWZyM3Ytcjlnas4AAvtj
TiDB vulnerable to Use of Externally-Controlled Format StringEcosystems: go
Packages: github.com/pingcap/tidb
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/apache/trafficcontrol
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmOHItNHF3bS1yN2pm
Improper Authentication in Apache Traffic ControlEcosystems: go
Packages: github.com/apache/trafficcontrol
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Critical
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: almost 2 years ago
GSA_kwCzR0hTQS01N2dnLWNqNTUtcTVnMs4AArAN
Token leases could outlive their TTL in HashiCorp VaultEcosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: almost 2 years ago
Critical
Ecosystems: go
Packages: github.com/labstack/echo/v4
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: over 1 year ago
GSA_kwCzR0hTQS1jcnhqLWhybXAtNHJ3Zs4AAvG8
Labstack Echo Open Redirect vulnerabilityEcosystems: go
Packages: github.com/labstack/echo/v4
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/txthinking/brook
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 11 months ago
GSA_kwCzR0hTQS12ZnJqLWZ2NnAtM2NwZs4AAzpG
Brook's tproxy server is vulnerable to a drive-by command injection.Ecosystems: go
Packages: github.com/txthinking/brook
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 11 months ago
Critical
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
GSA_kwCzR0hTQS02NnA4LWo0NTktcnE2M84AAxiH
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host systemEcosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 7 months ago
GSA_kwCzR0hTQS05NHc5LTk3cDMtcDM2OM4AA2gP
CSRF Token Reuse VulnerabilityEcosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 7 months ago
Critical
Ecosystems: go
Packages: tailscale.com
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: over 1 year ago
GSA_kwCzR0hTQS12cXA2LXJjM2gtODNjcM4AAv_L
Tailscale Windows daemon is vulnerable to RCE via CSRFEcosystems: go
Packages: tailscale.com
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 2 months ago
GSA_kwCzR0hTQS1mbWc0LXg4cHctaGpoZ84AA5dK
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with CredentialsEcosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 2 months ago
Critical
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 11 months ago
GSA_kwCzR0hTQS1tcHYzLWc4bTMtM2ZqY84AA0AQ
Grafana vulnerable to Authentication Bypass by SpoofingEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 11 months ago
Critical
Ecosystems: go
Packages: github.com/gofiber/template/django/v3
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 4 months ago
GSA_kwCzR0hTQS00bXEyLWdjNGotY213Ns4AA4Y6
Django Template Engine Vulnerable to XSSEcosystems: go
Packages: github.com/gofiber/template/django/v3
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 4 months ago
Critical
Ecosystems: go
Packages: github.com/russellhaering/goxmldsig, github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05aHAtN3I5OS05NGg1
Critical security issues in XML encoding in github.com/dexidp/dexEcosystems: go
Packages: github.com/russellhaering/goxmldsig, github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Y2otNmp2cS1qd21o
Privilege Escalation in Cloud Native Computing Foundation HarborEcosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: almost 3 years ago
Critical
Ecosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 1 year ago
GSA_kwCzR0hTQS12aDdnLXAyNmMtajJjd84AAvJw
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization codeEcosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS14OXA5LXYzeDYtNjhtcc4AAwra
usememos/memos vulnerable to Cross-site ScriptingEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/zeromicro/go-zero
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
GSA_kwCzR0hTQS1mZ3h2LWd3NTUtcjVmcc4AA5wB
Authorization Bypass Through User-Controlled Key in go-zeroEcosystems: go
Packages: github.com/zeromicro/go-zero
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
Critical
Ecosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v8, github.com/cosmos/ibc-go/v7, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v4
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 28 days ago
GSA_kwCzR0hTQS1qNDk2LWNyZ2gtMzRteM4AA6qW
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooksEcosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v8, github.com/cosmos/ibc-go/v7, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v4
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 28 days ago
Critical
Ecosystems: go
Packages: github.com/whyrusleeping/tar-utils
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 1 year ago
GSA_kwCzR0hTQS1qcGY4LWg3aDctM3Bwbc4AAwoR
tar-utils Path Traversal vulnerabilityEcosystems: go
Packages: github.com/whyrusleeping/tar-utils
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1qNnZ2LXZ2MjYtcmg3Y84AA488
HashiCorp Vault Improper Privilege ManagementEcosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
Ecosystems: go
Packages: github.com/v2fly/v2ray-core, github.com/v2fly/v2ray-core/v4
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 2 years ago
GSA_kwCzR0hTQS00Y3h3LWhxNDQtcjM0NM0uNQ
Off-by-one Error in v2fly/v2ray-coreEcosystems: go
Packages: github.com/v2fly/v2ray-core, github.com/v2fly/v2ray-core/v4
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 2 years ago
Critical
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS02NXB4LTRjcGYtNjk3cs4AAxfH
Cross-site scripting vulnerability found in answerdev/answerEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 1 year ago
GSA_kwCzR0hTQS0zamZxLTc0MncteGc4as4AAxrA
Users with any cluster secret update access may update out-of-bounds cluster secretsEcosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 2 months ago
GSA_kwCzR0hTQS14NXI1LTJxcngtcnFqOM4AA5ik
Transparent TLS may not be applied to Marbles with certain manifest configurationsEcosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 2 months ago
Critical
Ecosystems: go
Packages: github.com/sagernet/sing, github.com/sagernet/sing-box
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago
GSA_kwCzR0hTQS1yNWhtLW1wM2otMjg1Z84AA2C4
sing-box vulnerable to improper authentication in the SOCKS inboundEcosystems: go
Packages: github.com/sagernet/sing, github.com/sagernet/sing-box
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago
Critical
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 year ago
GSA_kwCzR0hTQS00Zzc2LXczeHctMng2d84AAyGN
Full authentication bypass if SASL authorization username is specifiedEcosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 2 years ago
GSA_kwCzR0hTQS1wZm13LXZqNzQtcGg4Z80YjQ
HashiCorp Vault Incorrect Permission Assignment for Critical ResourceEcosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 2 years ago
Critical
Ecosystems: go
Packages: github.com/yi-ge/unzip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1mNWM1LWhtdzktdjhoeM4AAwoX
Unzip vulnerable to path traversalEcosystems: go
Packages: github.com/yi-ge/unzip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/emicklei/go-restful/v2, github.com/emicklei/go-restful, github.com/emicklei/go-restful/v3
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: almost 2 years ago
GSA_kwCzR0hTQS1yNDhxLTlnNXItOHEyaM4AArc1
Authorization Bypass Through User-Controlled Key in go-restfulEcosystems: go
Packages: github.com/emicklei/go-restful/v2, github.com/emicklei/go-restful, github.com/emicklei/go-restful/v3
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: almost 2 years ago
Critical
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 1 year ago
GSA_kwCzR0hTQS03Y2d2LXY4M3YtcnI4N84AAvAP
HashiCorp Vault vulnerable to incorrect metadata accessEcosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/Masterminds/goutils
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 1 year ago
GSA_kwCzR0hTQS0zODM5LTZyNjktbTQ5N84AAwoN
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expectedEcosystems: go
Packages: github.com/Masterminds/goutils
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS05OTRmLTdnODYtcXI1Ns4AArcn
Path Traversal in file editor on Windows in GogsEcosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 12 months ago
GSA_kwCzR0hTQS1wNzQ0LTRxNnAtaHZjMs4AAzSb
Wings vulnerable to escape to host from installation containerEcosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 12 months ago
Critical
Ecosystems: go
Packages: github.com/artdarek/go-unzip
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
GSA_kwCzR0hTQS1ybWo5LXE1OGctOXFnZ84AAwoW
go-unzip vulnerable to Path TraversalEcosystems: go
Packages: github.com/artdarek/go-unzip
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/square/go-jose, gopkg.in/square/go-jose.v1
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2cjktMzlqOS05OXdw
Elliptic Curve Key Disclosure in go-joseEcosystems: go
Packages: github.com/square/go-jose, gopkg.in/square/go-jose.v1
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 3 years ago
Critical
Ecosystems: go
Packages: code.cloudfoundry.org/archiver, github.com/cloudfoundry/archiver
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
GSA_kwCzR0hTQS0zMnFoLTh2ZzYtOWc0M84AAwop
Cloud Foundry Archiver vulnerable to path traversalEcosystems: go
Packages: code.cloudfoundry.org/archiver, github.com/cloudfoundry/archiver
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3Y3ItNmdyOC03cnI5
Use After Free in HashiCorp NomadEcosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 2 years ago
Critical
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
GSA_kwCzR0hTQS1oNHc5LTZ4NzgtOHZyas4AAs5Z
Argo CD's external URLs for Deployments can include JavaScriptEcosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
Critical
Ecosystems: go
Packages: github.com/nanobox-io/golang-nanoauth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1ocm0zLTN4bTYteDMzaM4AAwoO
golang-nanoauth authentication bypass vulnerabilityEcosystems: go
Packages: github.com/nanobox-io/golang-nanoauth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS03NTdwLXZ4NDMtZnA5cs4AA01i
KubePi Privilege Escalation vulnerabilityEcosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: almost 2 years ago
GSA_kwCzR0hTQS14Z2djLXFwcmcteDZtd84AAs7K
Weave GitOps leaked cluster credentials into logs on connection errorsEcosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: almost 2 years ago
Critical
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 months ago
GSA_kwCzR0hTQS1qd3Y1LThtcXYtZzM4N84AA6CM
Cross-site scripting on application summary componentEcosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 months ago
Critical
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1ybXc4LTc4MjMtd3A3Zs4AAxfE
Answer contains Cross-site Scripting vulnerabilityEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS04dzVxLTVmcHEtdjRwbc4AAwrb
usememos/memos Cross-site Scripting vulnerabilityEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1tY2pqLTJmdnEtbWMzcs4AAvPZ
Gogs vulnerable to Cross-site ScriptingEcosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 1 year ago
GSA_kwCzR0hTQS1qMmpwLXd2cWctd2MyZ84AAwFN
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authenticationEcosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/tharsis/evmos/v5, github.com/tharsis/evmos/v4, github.com/tharsis/evmos/v3, github.com/tharsis/evmos/v2, github.com/tharsis/evmos, github.com/evmos/evmos/v5, github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v16
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 23 days ago
GSA_kwCzR0hTQS0zZnA1LTJ4d2gtZnhtNs4AA657
Evmos transaction execution not accounting for all state transition after interaction with precompilesEcosystems: go
Packages: github.com/tharsis/evmos/v5, github.com/tharsis/evmos/v4, github.com/tharsis/evmos/v3, github.com/tharsis/evmos/v2, github.com/tharsis/evmos, github.com/evmos/evmos/v5, github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v16
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 23 days ago
Critical
Ecosystems: go
Packages: github.com/dutchcoders/transfer.sh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmNTUtcnE4eC1obTZm
Path Traversal in Dutchcoders transfer.shEcosystems: go
Packages: github.com/dutchcoders/transfer.sh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1oam1yLXhtMjUtMzZtaM4AAxfG
Answer subject to Cross-site Scripting vulnerabilityEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS05ampjLWdyZzUtNjdnas4AA3W2
SQL injection vulnerability in MesheryEcosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1wN3dqLWM4NWYteHE5aM4AAxfD
Answer has Cross-site Scripting vulnerabilityEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS1tOHJ3LXJjcHEtMnZwMs4AA3uk
Improper Privilege Management in github.com/sap/cloud-security-client-goEcosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
GSA_kwCzR0hTQS1xOWhyLWo0cmYtOGZqY84AAxJD
JWT audience claim is not verifiedEcosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/tyktechnologies/tyk-identity-broker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5OWgtOHdwai03NXhq
Authentication Bypass in tyk-identity-brokerEcosystems: go
Packages: github.com/tyktechnologies/tyk-identity-broker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
Ecosystems: go
Packages: github.com/evmos/evmos/v11
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS12NnJ3LWhoZ2ctd2M0eM4AA7I5
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploitEcosystems: go
Packages: github.com/evmos/evmos/v11
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: go
Packages: github.com/moov-io/signedxml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS1qcXZyLWoydmctZ2pyds4AAzg5
Signature validation bypass in github.com/moov-io/signedxmlEcosystems: go
Packages: github.com/moov-io/signedxml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Critical
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS05dm0zLXI4Z3EtY3I2eM4AAusJ
Casdoor arbitrary file write vulnerabilityEcosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS05MmNnLWdocTYtOTU4N84AA3r1
Privilege escalation in sap/cloud-security-client-goEcosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
Ecosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnNWYtZjVwbS1tanJn
Istio may not check inbound TCP connections against istio-policyEcosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 1 year ago
GSA_kwCzR0hTQS13cjNjLWczMjYtNDg2Y84AAw0t
GitOps Run allows for Kubernetes workload injectionEcosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1yM3AzLTVmMzUtaDZtZs4AAwpF
usememos/memos Improper Privilege Management vulnerabilityEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/nats-streaming-server
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: about 2 years ago
GSA_kwCzR0hTQS1nNnc2LXI3NmMtMjhqN80psA
Incorrect Authorization in NATS nats-serverEcosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/nats-streaming-server
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 7 months ago
GSA_kwCzR0hTQS1tdjczLWY2OXgtNDQ0cM4AA2gQ
Go Fiber CSRF Token Validation VulnerabilityEcosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/gravitl/netmaker
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 8 months ago
GSA_kwCzR0hTQS04MjZqLTh3cDItNHg2cc4AA1gX
Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin UserEcosystems: go
Packages: github.com/gravitl/netmaker
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
GSA_kwCzR0hTQS0zMnJwLXEzN3Atamc2d809eQ
Insecure plugin handling in MattermostEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS1mNnhwLTU5anEtcjM1Y84AAyiT
Phachon mm-wiki Cross Site Request Forgery vulnerabilityEcosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1tZm1wLThtcWctcTR3bc4AAwpD
usememos/memos Improper Access Control vulnerabilityEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/ollama/ollama
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
GSA_kwCzR0hTQS01ang1LWhxeDUtMnZyas4AA6uv
Ollama DNS rebinding vulnerabilityEcosystems: go
Packages: github.com/ollama/ollama
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
High
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 12 months ago
GSA_kwCzR0hTQS03ZzJ2LTJmcm0tcmc5NM4AAzTV
Mattermost Incorrect Authorization vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 12 months ago
High
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1qOTdnLTc3ZmotOWM0cM4AAyrA
Answer vulnerable to account takeover because password reset links do not expireEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
GSA_kwCzR0hTQS1xNzhjLWd3cXctamNtY84AA20_
Kubernetes privilege escalation vulnerabilityEcosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
High
Ecosystems: pypi, packagist, go, maven, nuget
Packages: protobuf, google/protobuf, github.com/protocolbuffers/protobuf, com.google.protobuf:protobuf-parent, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 94.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1qd3Z3LXY3YzUtbTgyaM3tlQ
protobuf susceptible to buffer overflowEcosystems: pypi, packagist, go, maven, nuget
Packages: protobuf, google/protobuf, github.com/protocolbuffers/protobuf, com.google.protobuf:protobuf-parent, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 94.2
Published: almost 2 years ago
High
Ecosystems: go
Packages: github.com/open-feature/open-feature-operator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1jd2Y2LXhqNDktd3A4M84AAyu6
OpenFeature Operator vulnerable to Cluster-level Privilege EscalationEcosystems: go
Packages: github.com/open-feature/open-feature-operator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS12d2c0LTg0NngtZjk0ds4AAwkW
usememos/memos vulnerable to improper authorizationEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
GSA_kwCzR0hTQS1ocTZxLWMyeDYtaG1jaM4AA3Ko
Kubernetes Improper Input Validation vulnerabilityEcosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
GSA_kwCzR0hTQS1mOHI4LWg5M20tbWo3N84AAykW
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalationEcosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
High
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 years ago
GSA_kwCzR0hTQS02eDJtLXc0NDktcXd4N80y7g
Code Injection in CRI-OEcosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 9 days ago
GSA_kwCzR0hTQS1mOXhmLWpxNGotdnF3NM4AA7Sr
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resourcesEcosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 9 days ago
High
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
GSA_kwCzR0hTQS01M3BqLTY3bTQtOXc5OM4AAg7q
Rancher code injection via fluentd config commandsEcosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS01ajZwLTU5Y2otajZjcM4AA1nE
usememos/memos vulnerable to privilege escalationEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTableEcosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
High
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnam0tZmo0Mi14OTgz
etcd Cross-site Request Forgery (CSRF)Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS13NTd2LTZ4cDQtcm0yds4AAwkT
usememos/memos vulnerable to account takeover due to improper access controlEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/gagliardetto/binary
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 1 year ago
GSA_kwCzR0hTQS00cDZmLW00ZjktY2g4OM4AAu2R
Binary vulnerable to Slice Memory Allocation with Excessive Size ValueEcosystems: go
Packages: github.com/gagliardetto/binary
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/ansible-semaphore/semaphore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS0zcjMyLWNwN3YtNXdxNM4AA1iW
Code injection in ansible semaphoreEcosystems: go
Packages: github.com/ansible-semaphore/semaphore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 2 years ago
GSA_kwCzR0hTQS00d3AzLThxOTItbWg4d80pxA
Cross Site Request Forgery in GiteaEcosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 2 years ago
High
Ecosystems: go
Packages: github.com/clastix/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS05Y3d2LWNwcHgtbXFqbc0uMA
Improper Authentication in Capsule ProxyEcosystems: go
Packages: github.com/clastix/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
GSA_kwCzR0hTQS1nNXZtLTUyNXEtcjY2Y84AAxET
Velociraptor vulnerable to Missing AuthorizationEcosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
GSA_kwCzR0hTQS1ycW04LXE4ajktNjYyZs4AAyGH
Nomad Job Submitter Privilege Escalation Using Workload IdentityEcosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
High
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: almost 2 years ago
GSA_kwCzR0hTQS02cDh2LThjcTgtdjJyM84AAqwf
Access to Unix domain socket can lead to privileges escalation in CiliumEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: almost 2 years ago
High
Ecosystems: go
Packages: github.com/duke-git/lancet, github.com/duke-git/lancet/v2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 1 year ago
GSA_kwCzR0hTQS1wcDNmLXhydzUtcTVqNM4AAv_J
Lancet vulnerable to path traversal when unzipping filesEcosystems: go
Packages: github.com/duke-git/lancet, github.com/duke-git/lancet/v2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 1 year ago
High
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1ndnJtLXcyZjktZjc3cc4AA2sh
Ingress-nginx path sanitization can be bypassedEcosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS1qNjN4LWY2NTctMm05Z84AA1Ba
Answer has Weak Password RequirementsEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg4amMtam1yZi05aDhm
Argo CD Insecure default administrative passwordEcosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: almost 3 years ago
High
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 1 year ago
GSA_kwCzR0hTQS1jNDVjLTM5ZjYtNmd3Oc4AAxI_
Rancher generated tokens not revoked after modifications made to authentication providerEcosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1xcjUyLTU5cjYtNDlmNM4AAwkX
usememos/memos Improper Access Control vulnerabilityEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 9 days ago
GSA_kwCzR0hTQS1wdnhqLTI1bTYtN3Zxcs4AA7Sq
Rancher Privilege escalation vulnerability via malicious "Connection" headerEcosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 9 days ago
High
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
GSA_kwCzR0hTQS03ZnhtLWY0NzQtaGY4d84AA209
Kubernetes privilege escalation vulnerabilityEcosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2OTUtdjhjOC0zcmg2
Privilege escalation in rbacEcosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Statistics
Advisories: 18,330
Packages: 8,279
Repositories: 534
Ecosystems: 12
Packages: 8,279
Repositories: 534
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
github.com/usememos/memos
59
github.com/mattermost/mattermost/server/v8
38
github.com/mattermost/mattermost-server/v6
37
github.com/answerdev/answer
34
k8s.io/kubernetes
32
github.com/argoproj/argo-cd
29
github.com/hashicorp/vault
28
github.com/grafana/grafana
28
github.com/rancher/rancher
28
github.com/hashicorp/nomad
26
github.com/hashicorp/consul
26
gogs.io/gogs
24
github.com/argoproj/argo-cd/v2
23
github.com/cilium/cilium
20
github.com/ethereum/go-ethereum
19
github.com/docker/docker
19
code.gitea.io/gitea
19
helm.sh/helm/v3
18
golang.org/x/net
17
github.com/goharbor/harbor
15
github.com/nats-io/nats-server/v2
13
github.com/mattermost/mattermost-server
13
github.com/traefik/traefik/v2
13
github.com/containerd/containerd
13
github.com/moby/moby
12
github.com/go-gitea/gitea
12
github.com/opencontainers/runc
12
github.com/zitadel/zitadel
11
github.com/openfga/openfga
11
github.com/cloudflare/cfrpki
11
github.com/1Panel-dev/1Panel
10
github.com/greenpau/caddy-security
10
github.com/cosmos/cosmos-sdk
10
golang.org/x/crypto
9
github.com/kubernetes/kubernetes
9
github.com/cri-o/cri-o
9
github.com/sylabs/singularity
9
istio.io/istio
8
github.com/containers/podman/v4
8
github.com/pomerium/pomerium
8
github.com/kubeedge/kubeedge
8
go.etcd.io/etcd
8
github.com/nats-io/jwt
7
github.com/traefik/traefik
7
github.com/beego/beego
7
k8s.io/ingress-nginx
7
helm.sh/helm
7
github.com/google/fscrypt
7
github.com/hashicorp/go-getter
7
github.com/authzed/spicedb
6
github.com/russellhaering/gosaml2
6
github.com/hyperledger/fabric
6
github.com/cubefs/cubefs
6
github.com/apache/trafficcontrol
6
github.com/gravitl/netmaker
6
github.com/pion/dtls
6
github.com/treeverse/lakefs
6
github.com/beego/beego/v2
6
github.com/russellhaering/goxmldsig
6
github.com/pterodactyl/wings
6
github.com/sigstore/cosign
6
github.com/fluxcd/flux2
6
kubevirt.io/kubevirt
5
github.com/hashicorp/go-getter/v2
5
github.com/tidwall/gjson
5
github.com/containers/buildah
5
github.com/schollz/croc/v9
5
github.com/KubeOperator/kubepi
5
github.com/apache/incubator-answer
5
github.com/mattermost/mattermost-server/v5
5
github.com/fluxcd/kustomize-controller
5
github.com/gofiber/fiber/v2
5
github.com/moby/buildkit
5
github.com/IBAX-io/go-ibax
5
github.com/kyverno/kyverno
5
github.com/pion/dtls/v2
5
go.etcd.io/etcd/v3
5
github.com/cometbft/cometbft
5
github.com/kiali/kiali
5
github.com/0xJacky/Nginx-UI
5
github.com/ipfs/go-ipfs
5
github.com/tendermint/tendermint
5
github.com/foxcpp/maddy
5
github.com/traefik/traefik/v3
5
github.com/gophish/gophish
5
github.com/open-policy-agent/opa
4
github.com/free5gc/free5gc
4
golang.org/x/net/http2
4
github.com/dhowden/tag
4
github.com/aws/aws-sdk-go
4
github.com/crewjam/saml
4
github.com/arduino/arduino-create-agent
4
github.com/concourse/concourse
4
github.com/casdoor/casdoor
4
github.com/containers/podman/v3
4
github.com/argoproj/argo-workflows/v3
4
github.com/dexidp/dex
4
github.com/alist-org/alist/v3
4
github.com/oauth2-proxy/oauth2-proxy
4
github.com/ory/fosite
4
github.com/caddyserver/caddy
4
github.com/lestrrat-go/jwx
4
github.com/lestrrat-go/jwx/v2
4
github.com/hashicorp/go-getter/gcs/v2
4
github.com/IceWhaleTech/CasaOS-UserService
4
github.com/gin-gonic/gin
4
github.com/git-lfs/git-lfs
4
github.com/hashicorp/go-getter/s3/v2
4
github.com/phachon/mm-wiki
3
github.com/hashicorp/vault/vault
3
github.com/flyteorg/flyteadmin
3
github.com/cheqd/cheqd-node
3
github.com/nats-io/jwt/v2
3
github.com/go-vela/server
3
github.com/apache/servicecomb-service-center
3
github.com/docker/distribution
3
github.com/navidrome/navidrome
3
github.com/coredns/coredns
3
github.com/syncthing/syncthing
3
github.com/ElrondNetwork/elrond-go
3
github.com/jackc/pgx/v4
3
gopkg.in/yaml.v2
3
github.com/cortexproject/cortex
3
github.com/minio/minio
3
github.com/consensys/gnark
3
go.etcd.io/etcd/client/v3
3
github.com/projectcalico/calico
3
github.com/lightningnetwork/lnd
3
github.com/ory/oathkeeper
3
github.com/notaryproject/notation
3
github.com/fluxcd/helm-controller
3
golang.org/x/text
3
github.com/sigstore/cosign/v2
3
github.com/quic-go/quic-go
3
github.com/stacklok/minder
3
github.com/heketi/heketi
3
github.com/owncast/owncast
3
github.com/openshift/origin
3
k8s.io/client-go
3
github.com/miekg/dns
3
github.com/libp2p/go-libp2p
3
github.com/tharsis/evmos
3
github.com/authelia/authelia/v4
3
github.com/crossplane/crossplane
3
golang.org/x/image
3
github.com/crypto-org-chain/cronos
3
github.com/hashicorp/boundary
3
github.com/mholt/archiver
3
github.com/dutchcoders/transfer.sh
3
github.com/weaveworks/weave-gitops
3
github.com/edgelesssys/constellation/v2
3
github.com/square/go-jose
3
github.com/artifacthub/hub
3
github.com/cloudflare/circl
2
gopkg.in/src-d/go-git.v4
2
github.com/woodpecker-ci/woodpecker
2
github.com/minio/console
2
github.com/go-yaml/yaml
2
github.com/ansible-semaphore/semaphore
2
github.com/pires/go-proxyproto
2
github.com/rancher/wrangler
2
github.com/flynn/noise
2
github.com/gphper/ginadmin
2
mellium.im/xmpp
2
github.com/clastix/capsule-proxy
2
github.com/etcd-io/etcd
2
github.com/mutagen-io/mutagen
2
github.com/unknwon/cae
2
github.com/openshift/apiserver-library-go
2
vitess.io/vitess
2
github.com/bytebase/bytebase
2
github.com/hashicorp/terraform
2
github.com/edgexfoundry/app-functions-sdk-go/v2
2
github.com/influxdata/influxdb
2
github.com/protocolbuffers/protobuf
2
github.com/gotify/server
2
github.com/brokercap/Bifrost
2
github.com/imgproxy/imgproxy/v3
2
github.com/prometheus/prometheus
2
github.com/dvsekhvalnov/jose2go
2
github.com/containers/podman/v2
2
github.com/pingcap/tidb
2
github.com/microcosm-cc/bluemonday
2
github.com/sap/cloud-security-client-go
2
github.com/facebook/fbthrift
2
github.com/talos-systems/talos
2
protobuf
2
github.com/flipped-aurora/gin-vue-admin/server
2
github.com/containers/podman
2
github.com/swaggo/http-swagger
2
github.com/gohugoio/hugo
2
github.com/apache/thrift
2
github.com/labstack/echo/v4
2
github.com/ipld/go-codec-dagpb
2
github.com/codenotary/immudb
2
github.com/kata-containers/runtime
2
github.com/ecnepsnai/web
2
github.com/kitabisa/teler-waf
2
github.com/IceWhaleTech/CasaOS
2
github.com/projectcapsule/capsule-proxy
2
Filter by Repository
https://github.com/usememos/memos
59
https://github.com/kubernetes/kubernetes
48
https://github.com/argoproj/argo-cd
37
https://github.com/answerdev/answer
34
https://github.com/go-gitea/gitea
31
https://github.com/rancher/rancher
25
https://github.com/grafana/grafana
21
https://github.com/cilium/cilium
20
https://github.com/gogs/gogs
20
https://github.com/hashicorp/consul
19
https://github.com/helm/helm
19
https://github.com/hashicorp/vault
16
https://github.com/etcd-io/etcd
16
https://github.com/goharbor/harbor
15
https://github.com/ethereum/go-ethereum
15
https://github.com/mattermost/mattermost
14
https://github.com/moby/moby
14
https://github.com/traefik/traefik
13
https://github.com/hashicorp/nomad
13
https://github.com/containerd/containerd
13
https://github.com/golang/go
13
https://github.com/opencontainers/runc
11
https://github.com/openfga/openfga
11
https://github.com/zitadel/zitadel
11
https://github.com/containers/podman
11
https://github.com/cloudflare/cfrpki
11
https://github.com/nats-io/nats-server
10
https://github.com/cosmos/cosmos-sdk
10
https://github.com/1Panel-dev/1Panel
10
https://github.com/greenpau/caddy-security
10
https://github.com/cri-o/cri-o
9
https://github.com/istio/istio
8
https://github.com/kubeedge/kubeedge
8
https://github.com/pomerium/pomerium
8
https://github.com/docker/docker
8
https://github.com/kubernetes/ingress-nginx
7
https://github.com/beego/beego
7
https://github.com/hashicorp/go-getter
7
https://github.com/google/fscrypt
7
https://github.com/hpcng/singularity
7
https://github.com/pterodactyl/wings
6
https://github.com/schollz/croc
6
https://github.com/sigstore/cosign
6
https://github.com/pion/dtls
6
https://github.com/moby/buildkit
6
https://github.com/hyperledger/fabric
6
https://github.com/treeverse/lakeFS
6
https://github.com/gravitl/netmaker
6
https://github.com/authzed/spicedb
6
https://github.com/containers/buildah
6
https://github.com/fluxcd/flux2
6
https://github.com/cubefs/cubefs
6
https://github.com/0xJacky/nginx-ui
5
https://github.com/argoproj/argo-workflows
5
https://github.com/russellhaering/gosaml2
5
https://github.com/cometbft/cometbft
5
https://github.com/crewjam/saml
5
https://github.com/foxcpp/maddy
5
https://github.com/free5gc/free5gc
5
https://github.com/gofiber/fiber
5
https://github.com/gophish/gophish
5
https://github.com/kyverno/kyverno
5
https://github.com/IBAX-io/go-ibax
5
https://github.com/ipfs/go-ipfs
5
https://github.com/tidwall/gjson
5
https://github.com/tendermint/tendermint
5
https://github.com/casdoor/casdoor
4
https://github.com/IceWhaleTech/CasaOS-UserService
4
https://github.com/caddyserver/caddy
4
https://github.com/oauth2-proxy/oauth2-proxy
4
https://github.com/grafana/bugbounty
4
https://github.com/open-policy-agent/opa
4
https://github.com/git-lfs/git-lfs
4
https://github.com/siderolabs/talos
4
https://github.com/aws/aws-sdk-go
4
https://github.com/gin-gonic/gin
4
https://github.com/concourse/concourse
4
https://github.com/dexidp/dex
4
https://github.com/nats-io/jwt
4
https://github.com/kubevirt/kubevirt
4
https://github.com/arduino/arduino-create-agent
4
https://github.com/dhowden/tag
4
https://github.com/lestrrat-go/jwx
4
https://github.com/ory/fosite
4
https://github.com/containous/traefik
4
https://github.com/ory/oathkeeper
3
https://github.com/open-telemetry/opentelemetry-go-contrib
3
https://github.com/u-root/u-root
3
https://github.com/gogits/gogs
3
https://github.com/phachon/mm-wiki
3
https://github.com/flyteorg/flyteadmin
3
https://github.com/flipped-aurora/gin-vue-admin
3
https://github.com/evmos/evmos
3
https://github.com/ElrondNetwork/elrond-go
3
https://github.com/edgelesssys/constellation
3
https://github.com/openshift/origin
3
https://github.com/go-vela/server
3
https://github.com/go-yaml/yaml
3
https://github.com/heketi/heketi
3
https://github.com/ipfs/boxo
3
https://github.com/kiali/kiali
3
https://github.com/KubeOperator/KubePi
3
https://github.com/navidrome/navidrome
3
https://github.com/tailscale/tailscale
3
https://github.com/kubernetes-sigs/secrets-store-csi-driver
3
https://github.com/syncthing/syncthing
3
https://github.com/libp2p/go-libp2p
3
https://github.com/sylabs/singularity
3
https://github.com/moby/libnetwork
3
https://github.com/minio/minio
3
https://github.com/stacklok/minder
3
https://github.com/cheqd/cheqd-node
3
https://github.com/Consensys/gnark
3
https://github.com/authelia/authelia
3
https://github.com/artifacthub/hub
3
https://github.com/cortexproject/cortex
3
https://github.com/weaveworks/weave-gitops
3
https://github.com/crossplane/crossplane
3
https://github.com/quic-go/quic-go
3
https://github.com/apache/trafficcontrol
3
https://github.com/alist-org/alist
3
https://github.com/square/go-jose
3
https://github.com/dutchcoders/transfer.sh
3
https://github.com/IceWhaleTech/CasaOS
2
https://github.com/minio/console
2
https://github.com/imgproxy/imgproxy
2
https://github.com/bytebase/bytebase
2
https://github.com/influxdata/influxdb
2
https://github.com/buger/jsonparser
2
https://github.com/brokercap/Bifrost
2
https://github.com/miekg/dns
2
https://github.com/ipld/go-codec-dagpb
2
https://github.com/jackc/pgproto3
2
https://github.com/bottlerocket-os/bottlerocket
2
https://github.com/kitabisa/teler
2
https://github.com/kitabisa/teler-waf
2
https://github.com/temporalio/temporal
2
https://github.com/bitly/oauth2_proxy
2
https://github.com/zinclabs/zinc
2
https://github.com/atredispartners/advisories
2
https://github.com/argoproj/argo-events
2
https://github.com/zalando/skipper
2
https://github.com/microcosm-cc/bluemonday
2
https://github.com/apptainer/apptainer
2
https://github.com/mholt/archiver
2
https://github.com/labring/sealos
2
https://github.com/mellium/xmpp
2
https://github.com/mattermost/mattermost-plugin-jira
2
https://github.com/labstack/echo
2
https://github.com/1Panel-dev/KubePi
2
https://github.com/Masterminds/goutils
2
https://github.com/lightningnetwork/lnd
2
https://github.com/go-jose/go-jose
2
https://github.com/gohugoio/hugo
2
https://github.com/cosmos/ethermint
2
https://github.com/go-git/go-git
2
https://github.com/vitessio/vitess
2
https://github.com/crypto-org-chain/cronos
2
https://github.com/flynn/noise
2
https://github.com/fluid-cloudnative/fluid
2
https://github.com/distribution/distribution
2
https://github.com/fleetdm/fleet
2
https://github.com/fkie-cad/yapscan
2
https://github.com/facebook/fbthrift
2
https://github.com/drakkan/sftpgo
2
https://github.com/envoyproxy/envoy
2
https://github.com/elastic/beats
2
https://github.com/edgelesssys/marblerun
2
https://github.com/dvsekhvalnov/jose2go
2
https://github.com/theupdateframework/go-tuf
2
https://github.com/heroiclabs/nakama
2
https://github.com/hashicorp/terraform
2
https://github.com/cloudflare/circl
2
https://github.com/cloudflare/cloudflared
2
https://github.com/codenotary/immudb
2
https://github.com/gphper/ginadmin
2
https://github.com/Consensys/gnark-crypto
2
https://github.com/containers/libpod
2
https://github.com/gotify/server
2
https://github.com/ulikunitz/xz
2
https://github.com/woodpecker-ci/woodpecker
2
https://github.com/coredns/coredns
2
https://github.com/google/exposure-notifications-verification-server
2
https://github.com/coreos/etcd
2
https://github.com/unknwon/cae
2
https://github.com/golang/crypto
2
https://github.com/ecnepsnai/web
2
https://github.com/peterzen/goresolver
2
https://github.com/pingcap/tidb
2
https://github.com/multiversx/mx-chain-go
2
https://github.com/mutagen-io/mutagen
2
https://github.com/stripe/smokescreen
2
https://github.com/ntbosscher/gobase
2
https://github.com/projectdiscovery/nuclei
2
https://github.com/Netflix/security-bulletins
2
https://github.com/notaryproject/notation
2
https://github.com/russellhaering/goxmldsig
2
https://github.com/opencontainers/distribution-spec
2
https://github.com/sigstore/rekor
2