Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Loading...
High
GSA_kwCzR0hTQS13NXd4LTZnMnItcjc4cc4AA6CJ
Nuclei allows unsigned code template execution through workflows
Ecosystems: go
Packages: github.com/projectdiscovery/nuclei/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS00OTRoLTk5MjQteHd3Oc4AA6B3
Pterodactyl Wings vulnerable to improper isolation of server file access
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13eDhxLTRnbTktcmoyZ84AA6B0
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Ecosystems: go
Packages: github.com/fluid-cloudnative/fluid
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nNjIzLWpjZ2ctbWhtbc4AA6Bz
Users with `create` but not `override` privileges can perform local sync
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1wd3g1LTZ3eGctcHg1aM4AA6Ac
Insecure Variable Substitution in Vela
Ecosystems: go
Packages: github.com/go-vela/worker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS05NXJ4LW05bTUtbTk0ds4AA56u
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tcTR4LXIydzMtajdtcs4AA54b
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14MnZnLTV3cmYtdmo2ds4AA53Z
1Panel is vulnerable to command injection
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oajN2LW02ODQtdjI1Oc4AA52y
JWX vulnerable to a denial of service attack using compressed JWE message
Ecosystems: go
Packages: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jNXEyLTdyNGMtbXY2Z84AA51M
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Ecosystems: go
Packages: gopkg.in/go-jose/go-jose.v2, github.com/go-jose/go-jose/v3, github.com/go-jose/go-jose/v4
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01bXhmLTQyZjUtajc4Ms4AA503
Grafana's users with permissions to create a data source can CRUD all data sources
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01cGY2LTJxd3gtcHhtMs4AA5zw
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
Ecosystems: go
Packages: github.com/cloudevents/sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yNnczLXE0ajgtNHhqcM4AA5zI
1Panel open source panel project has an unauthorized vulnerability.
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jNjl4LTV4bXctdjQ0eM4AA5zG
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jOTY3LTI2NTItZ2Zqbc4AA5zF
CasaOS Username Enumeration
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oNWdmLWNtbTgtY2c3Y84AA5zE
CasaOS-UserService allows unauthorized access to any file
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04cjNmLTg0NGMtbWMzN84AA5yO
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Ecosystems: go
Packages: google.golang.org/protobuf/internal/encoding/json, google.golang.org/protobuf/encoding/protojson, google.golang.org/protobuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS12NjI3LTY5djIteHgzN84AA5xb
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yM3c3LW1mcG0tYzJ2d84AA5wI
Incorrect TLS certificate auth method in Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 2 months ago
High
GSA_kwCzR0hTQS03Y2MyLXI2NTgtN3hwZs4AA5wH
Coder's OIDC authentication allows email with partially matching domain to register
Ecosystems: go
Packages: github.com/coder/coder, github.com/coder/coder/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03andoLTN2cnEtcTNtOM4AA5wG
pgproto3 SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tcnd3LTI3dmMtZ2dods4AA5wA
pgx SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1mZ3h2LWd3NTUtcjVmcc4AA5wB
Authorization Bypass Through User-Controlled Key in go-zero
Ecosystems: go
Packages: github.com/zeromicro/go-zero
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tN3dyLTJ4ZjctY205cM4AA5v_
pgx SQL Injection via Line Comment Creation
Ecosystems: go
Packages: github.com/jackc/pgx/v4, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qdzQ0LTRmM2otcTM5Ns4AA5uc
Helm shows secrets in clear text
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1oM203LXJxYzQtN2g5cM4AA5sZ
Integer overflow in chunking helper causes dispatching to miss elements or panic
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zZzM1LXY1M3ItZ3B4Y84AA5qJ
Mattermost race condition
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1od2pmLTQ2NjctZ3F3eM4AA5qF
Mattermost allows attackers access to posts in channels they are not a member of
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1yNGZtLWc2NWgtY3I1NM4AA5qG
Mattermost incorrectly allows access individual posts
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12bTltLTU3anItNHB4aM4AA5qH
Mattermost fails to limit the number of role names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wZnc2LTVyeDMteGgzY84AA5p-
Mattermost fails to check the "invite_guest" permission
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1meDQ4LXh2NnEtNmdwM84AA5p9
Mattermost post fetching without auditing in compliance export
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03djN2LTk4NHYtaDc0cs4AA5p_
Mattermost leaks details of AD/LDAP groups of a teams
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02bXgzLTlxZmgtNzdnas4AA5qA
Mattermost denial of service through long emoji value
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS14Z3hqLWo5OGMtNTlyds4AA5p6
Mattermost fails to properly restrict the access of files attached to posts
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00OXc3LTVyMzMtam05bc4AA5ok
http-swagger XSS via PUT requests
Ecosystems: go
Packages: github.com/swaggo/http-swagger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02Mjk0LTZyZ3AtZnI3cs4AA5mt
jose2go vulnerable to denial of service via large p2c value
Ecosystems: go
Packages: github.com/dvsekhvalnov/jose2go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS01NTVwLW00djYtY3F4ds4AA5lr
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS04Nmg1LXhjcHgtY2ZxY84AA5jS
ASA-2024-005: Potential slashing evasion during re-delegation
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS14NXI1LTJxcngtcnFqOM4AA5ik
Transparent TLS may not be applied to Marbles with certain manifest configurations
Ecosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xNmg4LTRqMnYtcGpnNM4AA5gv
Minder trusts client-provided mapping from repo name to upstream ID
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mdnY1LWgyOWctZjZ3Nc4AA5dq
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1yNTNoLWp2MmctdnB4Ns4AA5dg
Helm's Missing YAML Content Leads To Panic
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1mbWc0LXg4cHctaGpoZ84AA5dK
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1
Apache Answer Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0yNTU3LXg5bWctNzZ3OM4AA5Zz
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00ajkzLWZtOTItcnA0bc4AA5Zy
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14OTg5LTUyZmMtNHZyNM4AA5Zr
Unencrypted traffic between pods when using Wireguard and an external kvstore
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03NDk2LWZndjkteHc4Ms4AA5Zq
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yOTY5LTc4M2YtNmpxcs4AA5Wp
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04aHAzLXJtcjcteGg4OM4AA5Wv
Open Redirect in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05M3g4LTY2ajItd3dyNc4AA5Wo
Server-Side Request Forgery in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12ZnBoLWhqZnYtY3B2Ms4AA5Wx
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mZjcyLWZmNDItYzNnd84AA5Wm
Cross-site Scripting in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jN3ZmLW0zOTQtbTR4NM4AA5Wn
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12cDY2LWdmN3ctOW00eM4AA5Wu
Insufficient Session Expiration in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12ajM2LTNjY3ItNjU2M84AA5Wr
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04aDk1LWpjcDUtcGpwcs4AA5Wt
Improper Validation of Array Index in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12NTNnLTVnanAtMjcycs4AA5Uj
Helm dependency management path traversal
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 3 months ago
High
GSA_kwCzR0hTQS04NHh2LWpmcm0taDRnbc4AA5Rh
registry-support: decompress can delete files outside scope via relative paths
Ecosystems: go
Packages: github.com/devfile/registry-support/registry-library
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zaHY0LXIyZm0taDI3Zs4AA5Rd
Email Validation Bypass And Preventing Sign Up From Email's Owner
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14d212LWN4N3AtZnFmY84AA5Oo
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zMmg3LTdqOTQtOGZjMs4AA5MM
Mattermost vulnerable to denial of service via large number of emoji reactions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1yODMzLXc3NTYtaDVwMs4AA5L7
Mattermost fails to check the required permissions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xcjhmLWNqdzctODM4bc4AA5L-
Mattermost Jira Plugin does not properly check security levels
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS00ZnA2LTU3NHAtZmMzNc4AA5L6
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1jODY2LThncHctcDNtds4AA5K1
HashiCorp Nomad vulnerable to symlink attacks
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 3 months ago
High
GSA_kwCzR0hTQS04MzNtLTM3ZjctanE1Nc4AA5Kr
Rancher API Server Cross-site Scripting Vulnerability
Ecosystems: go
Packages: github.com/rancher/apiserver
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 3 months ago
High
GSA_kwCzR0hTQS1yOGY0LWh2MjMtNnFwNs4AA5Kq
Norman API Cross-site Scripting Vulnerability
Ecosystems: go
Packages: github.com/rancher/norman
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 3 months ago
High
GSA_kwCzR0hTQS14Zmo3LXFmOHctMmdjcs4AA5Kp
Rancher 'Audit Log' leaks sensitive information
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 3 months ago
High
GSA_kwCzR0hTQS1jODVyLWZ3YzctNDV2Y84AA5Ko
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04cjMzLXE1ajUtcmg3Z84AA5Jo
APM Server vulnerable to Insertion of Sensitive Information into Log File
Ecosystems: go
Packages: github.com/elastic/apm-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12aDczLXEzcnctcXg3d84AA5En
Boundary vulnerable to session hijacking through TLS certificate tampering
Ecosystems: go
Packages: github.com/hashicorp/boundary
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05eGZ3LWpqcTItN3Y4aM4AA5Eg
1Panel set-cookie is missing the Secure keyword
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS12amc2LTkzZnYtcXY2NM4AA5Co
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1wbTNtLTMycjMtN21maM4AA5Cn
Etcd embed auto compaction retention negative value causing a compaction loop or a crash
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qODZ2LTJ2anItZmc4Zs4AA5Cm
Etcd Gateway TLS endpoint validation only confirms TCP reachability
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS01eDRnLXE1cmMtMzZqcM4AA5Cl
Etcd pkg Insecure ciphers are allowed by default
Ecosystems: go
Packages: go.etcd.io/etcd/client/pkg/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1nNXA2LTMyN20tM2Z4eM4AA5Bp
Talos Linux ships runc vulnerable to the escape to the host attack
Ecosystems: go
Packages: github.com/siderolabs/talos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14dzczLXJ3MzgtNnZqY84AA4_x
Classic builder cache poisoning
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: 3 months ago
High
GSA_kwCzR0hTQS14eDh3LW1xMjMtMjlnNM4AA4_w
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12Z2gzLW13eHEtcmNwOM4AA4--
Hashicorp Vault may expose sensitive log information
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
High
GSA_kwCzR0hTQS04cGp4LWpqODYtajQ3cM4AA4-8
Grafana path traversal
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jbWY0LWgzeGMtanc4d84AA4-7
Grafana Cross Site Request Forgery (CSRF)
Ecosystems: go
Packages: github.com/grafana/grafana/pkg/web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zZnd4LXBqZ3ctMzU1OM4AA4-5
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12NWdxLXF2anEtOHA1M84AA4-4
Grafana Cross-site Scripting (XSS)
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1xcnFyLTN4NWotMnh3Oc4AA4-3
Docker Moby Authentication Bypass
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02ZzJxLXc1ajMtZndoNM4AA4-2
containerd environment variable leak
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1ycTk1LXhmNjYtajY4Oc4AA4-1
Improper Authentication in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02Zmo1LW04MjItcnF4OM4AA4-0
moby docker daemon crash during image pull of malicious image
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03NDUyLXhxcGotNnJwY84AA4-z
moby Access to remapped root allows privilege escalation to real root
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02aHdnLXc1amctOWM2eM4AA4-y
Path Traversal in Moby builder
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ycGdwLTlobWctajI1eM4AA4-x
Enumeration of users in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02bTcyLTQ2N3ctOTRyaM4AA4-w
Privilege Escalation in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 3 months ago
High
GSA_kwCzR0hTQS00OTZnLWZyMzMtd2hyZs4AA4-v
Denial of service in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00cHdwLWN4NjctNWNweM4AA6O3
Grafana Arbitrary File Read
Ecosystems: go
Packages: github.com/grafana/grafana/pkg/tsdb/mysql
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS14cjdyLWY4eHEtdmZ2ds4AA4-u
runc vulnerable to container breakout through process.cwd trickery and leaked fds
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05cDI2LTY5OHItdzRoeM4AA4-t
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
Statistics
Advisories: 18,361
Packages: 8,293
Repositories: 537
Ecosystems: 12
Filter by Severity
Moderate 7,925 High 6,355 Critical 2,807 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,802 pypi 3,711 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
github.com/usememos/memos 59 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/hashicorp/vault 28 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 code.gitea.io/gitea 19 github.com/ethereum/go-ethereum 19 github.com/docker/docker 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/traefik/traefik/v2 13 github.com/mattermost/mattermost-server 13 github.com/containerd/containerd 13 github.com/nats-io/nats-server/v2 13 github.com/opencontainers/runc 12 github.com/go-gitea/gitea 12 github.com/moby/moby 12 github.com/openfga/openfga 11 github.com/cloudflare/cfrpki 11 github.com/zitadel/zitadel 11 github.com/greenpau/caddy-security 10 github.com/cosmos/cosmos-sdk 10 github.com/1Panel-dev/1Panel 10 golang.org/x/crypto 9 github.com/cri-o/cri-o 9 github.com/kubernetes/kubernetes 9 github.com/sylabs/singularity 9 github.com/containers/podman/v4 8 istio.io/istio 8 go.etcd.io/etcd 8 github.com/pomerium/pomerium 8 github.com/pterodactyl/wings 8 github.com/kubeedge/kubeedge 8 k8s.io/ingress-nginx 7 github.com/traefik/traefik 7 github.com/google/fscrypt 7 github.com/nats-io/jwt 7 helm.sh/helm 7 github.com/hashicorp/go-getter 7 github.com/beego/beego 7 github.com/russellhaering/goxmldsig 6 github.com/fluxcd/flux2 6 github.com/authzed/spicedb 6 github.com/treeverse/lakefs 6 github.com/cubefs/cubefs 6 github.com/apache/trafficcontrol 6 github.com/russellhaering/gosaml2 6 github.com/sigstore/cosign 6 github.com/gravitl/netmaker 6 kubevirt.io/kubevirt 6 github.com/beego/beego/v2 6 github.com/hyperledger/fabric 6 github.com/pion/dtls 6 github.com/apache/incubator-answer 5 github.com/hashicorp/go-getter/v2 5 github.com/mattermost/mattermost-server/v5 5 github.com/KubeOperator/kubepi 5 github.com/schollz/croc/v9 5 github.com/pion/dtls/v2 5 github.com/foxcpp/maddy 5 github.com/tendermint/tendermint 5 github.com/kiali/kiali 5 github.com/ipfs/go-ipfs 5 github.com/cometbft/cometbft 5 go.etcd.io/etcd/v3 5 github.com/kyverno/kyverno 5 github.com/IBAX-io/go-ibax 5 github.com/traefik/traefik/v3 5 github.com/moby/buildkit 5 github.com/0xJacky/Nginx-UI 5 github.com/containers/buildah 5 github.com/gofiber/fiber/v2 5 github.com/fluxcd/kustomize-controller 5 github.com/gophish/gophish 5 github.com/caddyserver/caddy 4 github.com/free5gc/free5gc 4 golang.org/x/net/http2 4 github.com/dhowden/tag 4 github.com/crewjam/saml 4 github.com/ory/fosite 4 github.com/aws/aws-sdk-go 4 github.com/git-lfs/git-lfs 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/argoproj/argo-workflows/v3 4 github.com/dexidp/dex 4 github.com/gin-gonic/gin 4 github.com/open-policy-agent/opa 4 github.com/alist-org/alist/v3 4 github.com/containers/podman/v3 4 github.com/concourse/concourse 4 github.com/casdoor/casdoor 4 github.com/tidwall/gjson 4 github.com/lestrrat-go/jwx 4 github.com/lestrrat-go/jwx/v2 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/arduino/arduino-create-agent 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/syncthing/syncthing 3 github.com/ElrondNetwork/elrond-go 3 github.com/lightningnetwork/lnd 3 github.com/ory/oathkeeper 3 github.com/openshift/origin 3 github.com/crossplane/crossplane 3 github.com/docker/distribution 3 github.com/apache/servicecomb-service-center 3 github.com/flyteorg/flyteadmin 3 github.com/hashicorp/vault/vault 3 k8s.io/client-go 3 github.com/quic-go/quic-go 3 github.com/notaryproject/notation 3 github.com/projectcalico/calico 3 github.com/consensys/gnark 3 gopkg.in/yaml.v2 3 github.com/heketi/heketi 3 github.com/miekg/dns 3 github.com/mholt/archiver 3 github.com/owncast/owncast 3 github.com/stacklok/minder 3 github.com/crypto-org-chain/cronos 3 github.com/navidrome/navidrome 3 github.com/nats-io/jwt/v2 3 github.com/sigstore/cosign/v2 3 github.com/coredns/coredns 3 github.com/cheqd/cheqd-node 3 github.com/libp2p/go-libp2p 3 github.com/minio/minio 3 go.etcd.io/etcd/client/v3 3 github.com/fluxcd/helm-controller 3 golang.org/x/text 3 github.com/square/go-jose 3 github.com/phachon/mm-wiki 3 github.com/jackc/pgx/v4 3 github.com/artifacthub/hub 3 github.com/tharsis/evmos 3 github.com/hashicorp/boundary 3 golang.org/x/image 3 github.com/edgelesssys/constellation/v2 3 github.com/authelia/authelia/v4 3 github.com/cortexproject/cortex 3 github.com/dutchcoders/transfer.sh 3 github.com/weaveworks/weave-gitops 3 github.com/go-vela/server 3 github.com/gphper/ginadmin 2 github.com/woodpecker-ci/woodpecker 2 github.com/sigstore/rekor 2 google.golang.org/protobuf 2 github.com/hashicorp/terraform 2 Google.Protobuf 2 github.com/projectcapsule/capsule-proxy 2 github.com/astaxie/beego 2 google/protobuf 2 google.golang.org/grpc 2 github.com/clastix/capsule-proxy 2 github.com/etcd-io/etcd 2 github.com/protocolbuffers/protobuf 2 github.com/openshift/apiserver-library-go 2 protobuf 2 vitess.io/vitess 2 github.com/mutagen-io/mutagen 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/siderolabs/talos 2 github.com/go-git/go-git/v5 2 gopkg.in/src-d/go-git.v4 2 github.com/unknwon/cae 2 github.com/nats-io/nats-streaming-server 2 github.com/flynn/noise 2 github.com/jaegertracing/jaeger 2 github.com/bitly/oauth2_proxy 2 mellium.im/xmpp 2 github.com/influxdata/influxdb 2 github.com/multiversx/mx-chain-go 2 github.com/dvsekhvalnov/jose2go 2 github.com/minio/console 2 github.com/google/exposure-notifications-verification-server 2 github.com/prometheus/prometheus 2 github.com/karmada-io/karmada 2 github.com/talos-systems/talos 2 github.com/pingcap/tidb 2 github.com/microcosm-cc/bluemonday 2 github.com/sap/cloud-security-client-go 2 github.com/labring/sealos 2 github.com/gohugoio/hugo 2 github.com/apptainer/apptainer 2 github.com/apache/thrift 2 github.com/flipped-aurora/gin-vue-admin/server 2 github.com/codenotary/immudb 2 github.com/kata-containers/runtime 2 github.com/kitabisa/teler-waf 2 github.com/IceWhaleTech/CasaOS 2
Filter by Repository
https://github.com/usememos/memos 59 https://github.com/kubernetes/kubernetes 48 https://github.com/argoproj/argo-cd 37 https://github.com/answerdev/answer 34 https://github.com/go-gitea/gitea 31 https://github.com/rancher/rancher 25 https://github.com/grafana/grafana 21 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/hashicorp/vault 16 https://github.com/etcd-io/etcd 16 https://github.com/goharbor/harbor 15 https://github.com/ethereum/go-ethereum 15 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/traefik/traefik 13 https://github.com/hashicorp/nomad 13 https://github.com/containerd/containerd 13 https://github.com/golang/go 13 https://github.com/opencontainers/runc 11 https://github.com/openfga/openfga 11 https://github.com/zitadel/zitadel 11 https://github.com/containers/podman 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/greenpau/caddy-security 10 https://github.com/cri-o/cri-o 9 https://github.com/istio/istio 8 https://github.com/kubeedge/kubeedge 8 https://github.com/pterodactyl/wings 8 https://github.com/pomerium/pomerium 8 https://github.com/docker/docker 8 https://github.com/kubernetes/ingress-nginx 7 https://github.com/beego/beego 7 https://github.com/hashicorp/go-getter 7 https://github.com/google/fscrypt 7 https://github.com/hpcng/singularity 7 https://github.com/schollz/croc 6 https://github.com/sigstore/cosign 6 https://github.com/pion/dtls 6 https://github.com/moby/buildkit 6 https://github.com/hyperledger/fabric 6 https://github.com/treeverse/lakeFS 6 https://github.com/gravitl/netmaker 6 https://github.com/authzed/spicedb 6 https://github.com/containers/buildah 6 https://github.com/fluxcd/flux2 6 https://github.com/cubefs/cubefs 6 https://github.com/0xJacky/nginx-ui 5 https://github.com/argoproj/argo-workflows 5 https://github.com/russellhaering/gosaml2 5 https://github.com/cometbft/cometbft 5 https://github.com/crewjam/saml 5 https://github.com/foxcpp/maddy 5 https://github.com/free5gc/free5gc 5 https://github.com/gofiber/fiber 5 https://github.com/gophish/gophish 5 https://github.com/kyverno/kyverno 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/ipfs/go-ipfs 5 https://github.com/tendermint/tendermint 5 https://github.com/tidwall/gjson 4 https://github.com/casdoor/casdoor 4 https://github.com/IceWhaleTech/CasaOS-UserService 4 https://github.com/caddyserver/caddy 4 https://github.com/oauth2-proxy/oauth2-proxy 4 https://github.com/grafana/bugbounty 4 https://github.com/open-policy-agent/opa 4 https://github.com/git-lfs/git-lfs 4 https://github.com/siderolabs/talos 4 https://github.com/aws/aws-sdk-go 4 https://github.com/gin-gonic/gin 4 https://github.com/concourse/concourse 4 https://github.com/dexidp/dex 4 https://github.com/nats-io/jwt 4 https://github.com/kubevirt/kubevirt 4 https://github.com/arduino/arduino-create-agent 4 https://github.com/dhowden/tag 4 https://github.com/lestrrat-go/jwx 4 https://github.com/ory/fosite 4 https://github.com/containous/traefik 4 https://github.com/ory/oathkeeper 3 https://github.com/open-telemetry/opentelemetry-go-contrib 3 https://github.com/u-root/u-root 3 https://github.com/gogits/gogs 3 https://github.com/phachon/mm-wiki 3 https://github.com/flyteorg/flyteadmin 3 https://github.com/flipped-aurora/gin-vue-admin 3 https://github.com/evmos/evmos 3 https://github.com/ElrondNetwork/elrond-go 3 https://github.com/edgelesssys/constellation 3 https://github.com/openshift/origin 3 https://github.com/go-vela/server 3 https://github.com/go-yaml/yaml 3 https://github.com/heketi/heketi 3 https://github.com/ipfs/boxo 3 https://github.com/kiali/kiali 3 https://github.com/KubeOperator/KubePi 3 https://github.com/navidrome/navidrome 3 https://github.com/tailscale/tailscale 3 https://github.com/kubernetes-sigs/secrets-store-csi-driver 3 https://github.com/syncthing/syncthing 3 https://github.com/libp2p/go-libp2p 3 https://github.com/sylabs/singularity 3 https://github.com/moby/libnetwork 3 https://github.com/minio/minio 3 https://github.com/stacklok/minder 3 https://github.com/cheqd/cheqd-node 3 https://github.com/Consensys/gnark 3 https://github.com/authelia/authelia 3 https://github.com/artifacthub/hub 3 https://github.com/cortexproject/cortex 3 https://github.com/weaveworks/weave-gitops 3 https://github.com/crossplane/crossplane 3 https://github.com/quic-go/quic-go 3 https://github.com/apache/trafficcontrol 3 https://github.com/alist-org/alist 3 https://github.com/square/go-jose 3 https://github.com/dutchcoders/transfer.sh 3 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/minio/console 2 https://github.com/imgproxy/imgproxy 2 https://github.com/bytebase/bytebase 2 https://github.com/influxdata/influxdb 2 https://github.com/buger/jsonparser 2 https://github.com/brokercap/Bifrost 2 https://github.com/miekg/dns 2 https://github.com/ipld/go-codec-dagpb 2 https://github.com/jackc/pgproto3 2 https://github.com/bottlerocket-os/bottlerocket 2 https://github.com/kitabisa/teler 2 https://github.com/kitabisa/teler-waf 2 https://github.com/temporalio/temporal 2 https://github.com/bitly/oauth2_proxy 2 https://github.com/zinclabs/zinc 2 https://github.com/atredispartners/advisories 2 https://github.com/argoproj/argo-events 2 https://github.com/zalando/skipper 2 https://github.com/microcosm-cc/bluemonday 2 https://github.com/apptainer/apptainer 2 https://github.com/mholt/archiver 2 https://github.com/labring/sealos 2 https://github.com/mellium/xmpp 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/labstack/echo 2 https://github.com/1Panel-dev/KubePi 2 https://github.com/Masterminds/goutils 2 https://github.com/lightningnetwork/lnd 2 https://github.com/go-jose/go-jose 2 https://github.com/gohugoio/hugo 2 https://github.com/cosmos/ethermint 2 https://github.com/go-git/go-git 2 https://github.com/vitessio/vitess 2 https://github.com/crypto-org-chain/cronos 2 https://github.com/flynn/noise 2 https://github.com/fluid-cloudnative/fluid 2 https://github.com/distribution/distribution 2 https://github.com/fleetdm/fleet 2 https://github.com/fkie-cad/yapscan 2 https://github.com/facebook/fbthrift 2 https://github.com/drakkan/sftpgo 2 https://github.com/envoyproxy/envoy 2 https://github.com/elastic/beats 2 https://github.com/edgelesssys/marblerun 2 https://github.com/dvsekhvalnov/jose2go 2 https://github.com/theupdateframework/go-tuf 2 https://github.com/heroiclabs/nakama 2 https://github.com/hashicorp/terraform 2 https://github.com/cloudflare/circl 2 https://github.com/cloudflare/cloudflared 2 https://github.com/codenotary/immudb 2 https://github.com/gphper/ginadmin 2 https://github.com/Consensys/gnark-crypto 2 https://github.com/containers/libpod 2 https://github.com/gotify/server 2 https://github.com/ulikunitz/xz 2 https://github.com/woodpecker-ci/woodpecker 2 https://github.com/coredns/coredns 2 https://github.com/google/exposure-notifications-verification-server 2 https://github.com/coreos/etcd 2 https://github.com/unknwon/cae 2 https://github.com/golang/crypto 2 https://github.com/ecnepsnai/web 2 https://github.com/russellhaering/goxmldsig 2 https://github.com/ntbosscher/gobase 2 https://github.com/stripe/smokescreen 2 https://github.com/projectdiscovery/nuclei 2 https://github.com/Netflix/security-bulletins 2 https://github.com/pingcap/tidb 2 https://github.com/peterzen/goresolver 2 https://github.com/sigstore/rekor 2 https://github.com/multiversx/mx-chain-go 2 https://github.com/mutagen-io/mutagen 2 https://github.com/openshift/apiserver-library-go 2 https://github.com/owncast/owncast 2