Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4OHctbWp2bS1odnBj
Path Traversal in Buildah
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1oM3FtLWpycmYtY2dqM84AAtvz
graphql-go has infinite recursion in the type definition parser
Ecosystems: go
Packages: github.com/graphql-go/graphql
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05MjdoLXg0cWotcjI0Ms4AAUL4
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NDUyLXhxcGotNnJwY84AA4-z
moby Access to remapped root allows privilege escalation to real root
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00ajkzLWZtOTItcnA0bc4AA5Zy
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0ycDZyLTM3cDktODlwMs0Wnw
Authz Module Non-Determinism
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1od2MzLTNxaDYtcjRnZ84AAydO
HashiCorp Vault's PKI mount vulnerable to denial of service
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01OWhoLTY1NmotM3A3ds0WsQ
Geth Node Vulnerable to DoS via maliciously crafted p2p message
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04Y2ZnLXZ4OTMtanZ4d84AAxdQ
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
Ecosystems: go
Packages: k8s.io/client-go
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzOGctNDY5Zy1jbWd4
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0yaDVoLTU5ZjUtYzV4Oc4AAzEu
Rekor's compressed archives can result in OOM conditions
Ecosystems: go
Packages: github.com/sigstore/rekor
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yNjQyLWd2OXAtMndqas4AAqwZ
Argo CD will blindly trust JWT claims if anonymous access is enabled
Ecosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1meDJ2LXFmaHItNGNods4AAx-e
Goutil vulnerable to path traversal when unzipping files
Ecosystems: go
Packages: github.com/gookit/goutil
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14ODRjLXAyZzktcnF2Oc4AA7ME
IPv6 enabled on IPv4-only network interfaces
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 26 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5d2YtdnZtNi00cjl3
Unverified Ownership in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qMnJwLWdtcXYtZnJods4AA6pX
HashiCorpVault does not correctly validate OCSP responses
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1md3IyLTY0dnIteHY5bc4AA1yv
Argo CD cluster secret might leak in cluster details page
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhocXEteDQ0Zi05Zmdn
Authentication Bypass in github.com/russellhaering/gosaml2
Ecosystems: go
Packages: github.com/russellhaering/gosaml2
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS01bXFqLXhjNDktMjQ2cM4AAyO-
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NnZ3LXYyeDktaHc3Nc1RLw
Podman publishes a malicious image to public registries
Ecosystems: go
Packages: github.com/containers/podman/v3, github.com/containers/psgo/internal/proc, github.com/containers/psgo
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04eG14LWg4cnEtaDk0as4AAoNj
HashiCorp Consul Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nM3Z2LWcyajUtNDVmMs05dw
ipld/go-codec-dagpb panics when processing certain blocks
Ecosystems: go
Packages: github.com/ipld/go-codec-dagpb
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS01eDg0LXE1MjMtdnZ3cs4AAwoU
nosurf vulnerable to improper input validation
Ecosystems: go
Packages: github.com/justinas/nosurf
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS04NDQ5LTdnYzItcHdycM4AAuFF
HashiCorp Consul Template could reveal Vault secret contents in error messages
Ecosystems: go
Packages: github.com/hashicorp/consul-template
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01bThmLWNocnYtN3J3Nc0XiA
Denial of Service in Go-Ethereum
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yN3JxLTQ5NDMtcWN3cM1Bgg
Insertion of Sensitive Information into Log File in Hashicorp go-getter
Ecosystems: go
Packages: github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yaGg0LXJoN2MtN3I1ds4AA6r1
Archiver Path Traversal vulnerability
Ecosystems: go
Packages: github.com/mholt/archiver, github.com/mholt/archiver/v3
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 1 month ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3Y3ItNmdyOC03cnI5
Use After Free in HashiCorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS00d2h4LTdwMjktbXEyMs4AArZa
TiDB authentication bypass vulnerability
Ecosystems: go
Packages: github.com/pingcap/tidb
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3Z2MtZmo5OC02NjVo
Go JOSE Signature Validation Bypass
Ecosystems: go
Packages: gopkg.in/square/go-jose.v1
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02Zmo1LW04MjItcnF4OM4AA4-0
moby docker daemon crash during image pull of malicious image
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oY3czLWo3NG0tcWM1OM0p2Q
Incorrect Calculation in github.com/open-policy-agent/opa
Ecosystems: go
Packages: github.com/open-policy-agent/opa
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02anZjLXEyeDctcGNods4AAwom
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field
Ecosystems: go
Packages: github.com/aws/aws-sdk-go
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zZjJxLTYyOTQtZm1xNc4AA3P8
Inefficient Regular Expression Complexity in git-urls
Ecosystems: go
Packages: github.com/whilp/git-urls
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tZnY3LWdxNDMtdzk2Nc0VoA
Incomplete List of Disallowed Inputs in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3cHYtcTU1ci0yMjJn
Path traversal in github.com/ipfs/go-ipfs
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03cmcyLWN4dnAtOXA3cM4AAwIP
Prometheus Exporter-Toolkit is vulnerable to authentication bypass
Ecosystems: go
Packages: github.com/prometheus/exporter-toolkit
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00cXZ4LXFxNXctNjk1cM4AAUQ2
HashiCorp Consul can use cleartext agent-to-agent RPC communication
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4djMtajc1aC14cjQ5
Improper Input Validation in libseccomp-golang
Ecosystems: go
Packages: github.com/seccomp/libseccomp-golang
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0yYzRtLTU5eDktZnIyZ84AAzUB
Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function
Ecosystems: go
Packages: github.com/gin-gonic/gin
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yamhoLTV4bTItajRnZs0ZJw
Improper Authentication in HashiCorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mOHI4LWg5M20tbWo3N84AAykW
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ycW04LXE4ajktNjYyZs4AAyGH
Nomad Job Submitter Privilege Escalation Using Workload Identity
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jOHgzLXJnNzItZnd3Z80Vpg
Privilege escalation in Hashicorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02d2ctMm13Zy00cmZx
GPGME Go wrapper contains Use After Free
Ecosystems: go
Packages: github.com/proglottis/gpgme
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1OTIteGY3NS04NTZw
Erroneous Proof of Work calculation in geth
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3MzctNTdxcC05bW00
Consensus flaw during block processing in github.com/ethereum/go-ethereum
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1cWYtd2dmai12NjUy
github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)
Ecosystems: go
Packages: github.com/u-root/u-root
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4cGYtcGN3di1xZzg1
Path traversal in u-root
Ecosystems: go
Packages: github.com/u-root/u-root
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0yOTI3LWh2M3AtZjN2cM4AArUP
Open redirect in caddy
Ecosystems: go
Packages: github.com/caddyserver/caddy/v2, github.com/caddyserver/caddy
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xcmc3LWhmeDctOTVjNc4AAxJC
Command injection in Git package in Wrangler
Ecosystems: go
Packages: github.com/rancher/wrangler
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wcDNmLTk4cWctNWc3Nc4AAtU9
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9
Ecosystems: go
Packages: sigs.k8s.io/aws-iam-authenticator
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmeDQtN2Y2OS01bW1n
Integer Overflow in go-jose
Ecosystems: go
Packages: github.com/square/go-jose
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yYzRyLXdoMnEtcTZjNM4AAu15
Moby supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yNjd2LTN2MzItZzZxNc4AA2gX
Cross-site Scripting via missing Binding syntax validation
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 7 months ago
High
GSA_kwCzR0hTQS0ydjZ2LXE5OTQteHZ4eM04xA
Privilege escalation in beego
Ecosystems: go
Packages: github.com/beego/beego, github.com/beego/beego/v2
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mZmpwLTY2bXgtM3Fwas04vQ
Privilege escalation in beego
Ecosystems: go
Packages: github.com/beego/beego, github.com/beego/beego/v2
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04bWpnLThjOGctNmg4Nc4AAxdP
Kubernetes Sensitive Information leak via Log File
Ecosystems: go
Packages: k8s.io/kubernetes, github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxdzgtODQ3Zi1wZ2dt
Improper Locking in github.com/containers/storage
Ecosystems: go
Packages: github.com/containers/storage
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 3 years ago
High
GSA_kwCzR0hTQS1yMjNoLTNqbXctcTdocs4AA7Sh
Access Restriction Bypass in go-ipfs
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 20 days ago
High
GSA_kwCzR0hTQS12anh2LTQ1ZzktOTI5Ns4AAt51
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00Z2ozLTZyNDMtM3dmY84AAxh5
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics
Ecosystems: go
Packages: github.com/ipfs/go-unixfsnode
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nYzg5LTdnY3ItanhxY84AAx-b
Buildkit credentials inlined to Git URLs could end up in provenance attestation
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yNDhoLWpyMmotOWc3OM4AAXCV
HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG
Ecosystems: go
Packages: github.com/hashicorp/terraform-provider-aws
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ydzh3LXFoZzQtZjc4as4AA0mz
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries
Ecosystems: go
Packages: github.com/jaegertracing/jaeger
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 10 months ago
High
GSA_kwCzR0hTQS05NjdnLWNqeDQtaDdqNs4AAwoo
go-codec-dagpb vulnerable to panic when decoding invalid blocks
Ecosystems: go
Packages: github.com/ipld/go-codec-dagpb
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qd3Y1LThtcXYtZzM4N84AA6CM
Cross-site scripting on application summary component
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1oNHc5LTZ4NzgtOHZyas4AAs5Z
Argo CD's external URLs for Deployments can include JavaScript
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcTVwLTM1NTgtMzY0Zs4AA1xI
Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`
Ecosystems: go
Packages: github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzcTktMnAzbS03ZzQz
Token reuse in Ory fosite
Ecosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01M2M0LWhobWgtdnc1cc4AAwWx
Helm vulnerable to denial of service through through repository index file
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02N2Z4LXd4NzgtangzM84AAwWy
Helm vulnerable to denial of service through schema file
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02cng5LTg4OXEtdnYycs4AAwWw
Helm vulnerable to denial of service through string value parsing
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zMnJwLXEzN3Atamc2d809eQ
Insecure plugin handling in Mattermost
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS03ZzJ2LTJmcm0tcmc5NM4AAzTV
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wcHh4LTVtOWgtNnZ4Zs4AA4Ux
quic-go's path validation mechanism can be exploited to cause denial of service
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jOTJ3LTcyYzUtOXg1Oc4AAik3
kube-state-metrics may expose secret content in metrics
Ecosystems: go
Packages: k8s.io/kube-state-metrics
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12amo2LTVtOWYtd3Fqd84AArM8
NULL Pointer Dereference in HyperLedger Fabric
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05dzdqLXEzeHctcDl2aM4AAvDN
Hyperledger Fabric subject to Denial of Service via non-validated request
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS03Mng0LWNxNnItanA0cM4AAtKS
Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qOTZwLXI1MjMtOHIzd80Xew
HTTP Request Smuggling in github.com/hyperledger/fabric
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oM3EyLTh3aHgtYzI5aM4AA485
`goreleaser release --debug` shows secrets
Ecosystems: go
Packages: github.com/goreleaser/goreleaser
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 3 months ago
High
GSA_kwCzR0hTQS13MjNxLTRodzMtMnBwNs4AA1vd
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 8 months ago
High
GSA_kwCzR0hTQS0ycHh3LXI0N3ctNHA4Y84AA1sg
Privilege Escalation on Linux/MacOS
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 8 months ago
High
GSA_kwCzR0hTQS14eDh3LW1xMjMtMjlnNM4AA4_w
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13NTV4LXEzZ3YtcHg4Nc4AArAA
InfluxDB Reflected Cross-site Scripting
Ecosystems: go
Packages: github.com/influxdata/influxdb
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtcXItMnYzcS12Mndt
Ory fosite contains Improper Handling of Exceptional Conditions
Ecosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnNWYtZjVwbS1tanJn
Istio may not check inbound TCP connections against istio-policy
Ecosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12ODZ4LTVmbTMtNXA3as4AA1eS
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
Ecosystems: go
Packages: github.com/prometheus/alertmanager
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1ybTdjLXg2Z2otMm1yOM4AAmtK
Heketi logs sensitive information
Ecosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12cXA2LXJjM2gtODNjcM4AAv_L
Tailscale Windows daemon is vulnerable to RCE via CSRF
Ecosystems: go
Packages: tailscale.com
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNjI2LXB2NjYtaGhtN84AA1xR
Terraform allows arbitrary file write during the `init` operation
Ecosystems: go
Packages: github.com/hashicorp/terraform
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 8 months ago
High
GSA_kwCzR0hTQS05Nmp2LXZqMzkteDRqNs4AAtU8
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yOGY0LWh2MjMtNnFwNs4AA5Kq
Norman API Cross-site Scripting Vulnerability
Ecosystems: go
Packages: github.com/rancher/norman
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oODI4LXY1cHYtMzNxeM4AAx6_
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zZnd4LXBqZ3ctMzU1OM4AA4-5
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14YzhtLTI4dnYtNHBqY84AAz5V
Kubelet vulnerable to bypass of seccomp profile enforcement
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 11 months ago
High
GSA_kwCzR0hTQS05eDQ0LTlwZ3EtY2Y0Nc4AA0u8
avro vulnerable to denial of service via attacker-controlled parameter
Ecosystems: go
Packages: github.com/hamba/avro/v2, github.com/hamba/avro
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1taHBxLTk2MzgteDZwd84AA38h
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go
Ecosystems: go
Packages: github.com/dvsekhvalnov/jose2go
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 5 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4MjktM2hyOS02d3B3
TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
Ecosystems: go
Packages: github.com/google/go-tpm
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 2 years ago
Statistics
Advisories: 18,471
Packages: 8,321
Repositories: 540
Ecosystems: 12
Filter by Severity
Moderate 7,980 High 6,390 Critical 2,818 Low 992
Filter by Ecosystem
maven 5,538 packagist 3,825 pypi 3,766 npm 3,557 go 1,905 nuget 1,391 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
github.com/usememos/memos 59 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 github.com/hashicorp/consul 26 github.com/hashicorp/nomad 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 github.com/docker/docker 19 code.gitea.io/gitea 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/containerd/containerd 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 github.com/mattermost/mattermost-server 13 github.com/go-gitea/gitea 12 github.com/opencontainers/runc 12 github.com/moby/moby 12 github.com/zitadel/zitadel 11 github.com/openfga/openfga 11 github.com/cloudflare/cfrpki 11 github.com/1Panel-dev/1Panel 11 github.com/greenpau/caddy-security 10 github.com/sylabs/singularity 9 github.com/cosmos/cosmos-sdk 9 golang.org/x/crypto 9 github.com/cri-o/cri-o 9 github.com/kubernetes/kubernetes 9 go.etcd.io/etcd 8 github.com/kubeedge/kubeedge 8 github.com/pterodactyl/wings 8 github.com/pomerium/pomerium 8 istio.io/istio 8 github.com/containers/podman/v4 8 github.com/traefik/traefik 7 github.com/hashicorp/go-getter 7 github.com/beego/beego 7 helm.sh/helm 7 github.com/nats-io/jwt 7 github.com/google/fscrypt 7 k8s.io/ingress-nginx 7 github.com/beego/beego/v2 6 github.com/russellhaering/goxmldsig 6 github.com/apache/trafficcontrol 6 github.com/sigstore/cosign 6 github.com/gravitl/netmaker 6 github.com/treeverse/lakefs 6 github.com/authzed/spicedb 6 github.com/pion/dtls 6 github.com/cubefs/cubefs 6 github.com/russellhaering/gosaml2 6 github.com/fluxcd/flux2 6 github.com/hyperledger/fabric 6 kubevirt.io/kubevirt 6 github.com/apache/incubator-answer 5 github.com/KubeOperator/kubepi 5 github.com/fluxcd/kustomize-controller 5 github.com/foxcpp/maddy 5 github.com/gophish/gophish 5 github.com/0xJacky/Nginx-UI 5 github.com/gofiber/fiber/v2 5 github.com/containers/buildah 5 github.com/mattermost/mattermost-server/v5 5 github.com/hashicorp/go-getter/v2 5 github.com/IBAX-io/go-ibax 5 github.com/traefik/traefik/v3 5 github.com/cometbft/cometbft 5 github.com/kiali/kiali 5 github.com/tendermint/tendermint 5 github.com/moby/buildkit 5 github.com/kyverno/kyverno 5 github.com/ipfs/go-ipfs 5 github.com/schollz/croc/v9 5 go.etcd.io/etcd/v3 5 github.com/pion/dtls/v2 5 github.com/open-policy-agent/opa 4 github.com/gin-gonic/gin 4 github.com/crewjam/saml 4 github.com/arduino/arduino-create-agent 4 github.com/alist-org/alist/v3 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/argoproj/argo-workflows/v3 4 github.com/stacklok/minder 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/aws/aws-sdk-go 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/dhowden/tag 4 github.com/casdoor/casdoor 4 golang.org/x/net/http2 4 github.com/git-lfs/git-lfs 4 github.com/concourse/concourse 4 github.com/tidwall/gjson 4 github.com/coredns/coredns 4 github.com/lestrrat-go/jwx 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/lestrrat-go/jwx/v2 4 github.com/containers/podman/v3 4 github.com/ory/fosite 4 github.com/free5gc/free5gc 4 github.com/dexidp/dex 4 github.com/edgelesssys/constellation/v2 3 github.com/miekg/dns 3 github.com/tiagorlampert/CHAOS 3 golang.org/x/image 3 gopkg.in/yaml.v2 3 github.com/hashicorp/boundary 3 github.com/caddyserver/caddy 3 k8s.io/client-go 3 vitess.io/vitess 3 github.com/mholt/archiver 3 github.com/owncast/owncast 3 github.com/jackc/pgx/v4 3 github.com/go-vela/server 3 github.com/cortexproject/cortex 3 github.com/cheqd/cheqd-node 3 github.com/libp2p/go-libp2p 3 go.etcd.io/etcd/client/v3 3 golang.org/x/text 3 github.com/phachon/mm-wiki 3 github.com/tharsis/evmos 3 github.com/nats-io/jwt/v2 3 github.com/navidrome/navidrome 3 github.com/sigstore/cosign/v2 3 github.com/crypto-org-chain/cronos 3 github.com/heketi/heketi 3 github.com/minio/minio 3 github.com/consensys/gnark 3 github.com/projectcalico/calico 3 github.com/notaryproject/notation 3 github.com/fluxcd/helm-controller 3 github.com/quic-go/quic-go 3 github.com/hashicorp/vault/vault 3 github.com/apache/servicecomb-service-center 3 github.com/docker/distribution 3 github.com/syncthing/syncthing 3 github.com/dutchcoders/transfer.sh 3 github.com/crossplane/crossplane 3 github.com/authelia/authelia/v4 3 github.com/openshift/origin 3 github.com/lightningnetwork/lnd 3 github.com/ory/oathkeeper 3 github.com/square/go-jose 3 github.com/weaveworks/weave-gitops 3 github.com/flyteorg/flyteadmin 3 github.com/artifacthub/hub 3 github.com/ElrondNetwork/elrond-go 3 github.com/notaryproject/notation-go 2 github.com/pingcap/tidb 2 github.com/gohugoio/hugo 2 github.com/hpcng/singularity 2 github.com/woodpecker-ci/woodpecker 2 github.com/containers/podman 2 github.com/google/exposure-notifications-verification-server 2 github.com/minio/console 2 github.com/sigstore/rekor 2 github.com/gphper/ginadmin 2 github.com/go-skynet/LocalAI 2 github.com/nats-io/nats-server 2 github.com/labstack/echo/v4 2 github.com/argoproj/argo-events 2 github.com/ipld/go-codec-dagpb 2 mellium.im/xmpp 2 github.com/Masterminds/goutils 2 github.com/stripe/smokescreen 2 github.com/clastix/capsule-proxy 2 github.com/etcd-io/etcd 2 github.com/spiffe/spire 2 tailscale.com 2 github.com/go-vela/worker 2 github.com/projectcapsule/capsule-proxy 2 github.com/zalando/skipper 2 github.com/jackc/pgx 2 github.com/jackc/pgproto3 2 github.com/theupdateframework/go-tuf 2 github.com/sajari/docconv 2 code.sajari.com/docconv 2 github.com/go-jose/go-jose/v3 2 github.com/jaegertracing/jaeger 2 github.com/dvsekhvalnov/jose2go 2 github.com/edgelesssys/marblerun 2 github.com/brokercap/Bifrost 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/prometheus/prometheus 2 github.com/flynn/noise 2 github.com/talos-systems/talos 2 github.com/multiversx/mx-chain-go 2 github.com/cosmos/ethermint 2 github.com/elastic/beats 2 github.com/apptainer/apptainer 2 github.com/ulikunitz/xz 2 github.com/IceWhaleTech/CasaOS 2
Filter by Repository
https://github.com/usememos/memos 59 https://github.com/kubernetes/kubernetes 48 https://github.com/argoproj/argo-cd 37 https://github.com/answerdev/answer 34 https://github.com/go-gitea/gitea 31 https://github.com/rancher/rancher 25 https://github.com/grafana/grafana 21 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/hashicorp/vault 16 https://github.com/etcd-io/etcd 16 https://github.com/ethereum/go-ethereum 16 https://github.com/goharbor/harbor 15 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/traefik/traefik 13 https://github.com/hashicorp/nomad 13 https://github.com/containerd/containerd 13 https://github.com/golang/go 13 https://github.com/opencontainers/runc 11 https://github.com/openfga/openfga 11 https://github.com/zitadel/zitadel 11 https://github.com/containers/podman 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 10 https://github.com/greenpau/caddy-security 10 https://github.com/cri-o/cri-o 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/istio/istio 8 https://github.com/kubeedge/kubeedge 8 https://github.com/pterodactyl/wings 8 https://github.com/pomerium/pomerium 8 https://github.com/docker/docker 8 https://github.com/kubernetes/ingress-nginx 7 https://github.com/beego/beego 7 https://github.com/hashicorp/go-getter 7 https://github.com/google/fscrypt 7 https://github.com/hpcng/singularity 7 https://github.com/schollz/croc 6 https://github.com/sigstore/cosign 6 https://github.com/pion/dtls 6 https://github.com/moby/buildkit 6 https://github.com/hyperledger/fabric 6 https://github.com/treeverse/lakeFS 6 https://github.com/gravitl/netmaker 6 https://github.com/authzed/spicedb 6 https://github.com/containers/buildah 6 https://github.com/fluxcd/flux2 6 https://github.com/cubefs/cubefs 6 https://github.com/0xJacky/nginx-ui 5 https://github.com/argoproj/argo-workflows 5 https://github.com/russellhaering/gosaml2 5 https://github.com/cometbft/cometbft 5 https://github.com/crewjam/saml 5 https://github.com/foxcpp/maddy 5 https://github.com/free5gc/free5gc 5 https://github.com/gofiber/fiber 5 https://github.com/gophish/gophish 5 https://github.com/kyverno/kyverno 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/ipfs/go-ipfs 5 https://github.com/tendermint/tendermint 5 https://github.com/containous/traefik 4 https://github.com/ory/fosite 4 https://github.com/grafana/bugbounty 4 https://github.com/concourse/concourse 4 https://github.com/open-policy-agent/opa 4 https://github.com/tidwall/gjson 4 https://github.com/stacklok/minder 4 https://github.com/casdoor/casdoor 4 https://github.com/IceWhaleTech/CasaOS-UserService 4 https://github.com/oauth2-proxy/oauth2-proxy 4 https://github.com/git-lfs/git-lfs 4 https://github.com/siderolabs/talos 4 https://github.com/gin-gonic/gin 4 https://github.com/aws/aws-sdk-go 4 https://github.com/dexidp/dex 4 https://github.com/dhowden/tag 4 https://github.com/kubevirt/kubevirt 4 https://github.com/nats-io/jwt 4 https://github.com/arduino/arduino-create-agent 4 https://github.com/lestrrat-go/jwx 4 https://github.com/edgelesssys/constellation 3 https://github.com/open-telemetry/opentelemetry-go-contrib 3 https://github.com/ElrondNetwork/elrond-go 3 https://github.com/ory/oathkeeper 3 https://github.com/evmos/evmos 3 https://github.com/flipped-aurora/gin-vue-admin 3 https://github.com/flyteorg/flyteadmin 3 https://github.com/u-root/u-root 3 https://github.com/phachon/mm-wiki 3 https://github.com/vitessio/vitess 3 https://github.com/gogits/gogs 3 https://github.com/go-vela/server 3 https://github.com/openshift/origin 3 https://github.com/go-yaml/yaml 3 https://github.com/tiagorlampert/CHAOS 3 https://github.com/heketi/heketi 3 https://github.com/ipfs/boxo 3 https://github.com/kiali/kiali 3 https://github.com/KubeOperator/KubePi 3 https://github.com/tailscale/tailscale 3 https://github.com/navidrome/navidrome 3 https://github.com/kubernetes-sigs/secrets-store-csi-driver 3 https://github.com/syncthing/syncthing 3 https://github.com/libp2p/go-libp2p 3 https://github.com/sylabs/singularity 3 https://github.com/moby/libnetwork 3 https://github.com/square/go-jose 3 https://github.com/alist-org/alist 3 https://github.com/apache/trafficcontrol 3 https://github.com/artifacthub/hub 3 https://github.com/authelia/authelia 3 https://github.com/caddyserver/caddy 3 https://github.com/cheqd/cheqd-node 3 https://github.com/Consensys/gnark 3 https://github.com/coredns/coredns 3 https://github.com/cortexproject/cortex 3 https://github.com/weaveworks/weave-gitops 3 https://github.com/crossplane/crossplane 3 https://github.com/quic-go/quic-go 3 https://github.com/minio/minio 3 https://github.com/dutchcoders/transfer.sh 3 https://github.com/zalando/skipper 2 https://github.com/argoproj/argo-events 2 https://github.com/ecnepsnai/web 2 https://github.com/atredispartners/advisories 2 https://github.com/envoyproxy/envoy 2 https://github.com/bitly/oauth2_proxy 2 https://github.com/temporalio/temporal 2 https://github.com/kitabisa/teler-waf 2 https://github.com/kitabisa/teler 2 https://github.com/bottlerocket-os/bottlerocket 2 https://github.com/jackc/pgproto3 2 https://github.com/ipld/go-codec-dagpb 2 https://github.com/brokercap/Bifrost 2 https://github.com/buger/jsonparser 2 https://github.com/bytebase/bytebase 2 https://github.com/influxdata/influxdb 2 https://github.com/apptainer/apptainer 2 https://github.com/labring/sealos 2 https://github.com/labstack/echo 2 https://github.com/elastic/beats 2 https://github.com/edgelesssys/marblerun 2 https://github.com/lightningnetwork/lnd 2 https://github.com/Masterminds/goutils 2 https://github.com/1Panel-dev/KubePi 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/mellium/xmpp 2 https://github.com/mholt/archiver 2 https://github.com/microcosm-cc/bluemonday 2 https://github.com/miekg/dns 2 https://github.com/zinclabs/zinc 2 https://github.com/distribution/distribution 2 https://github.com/drakkan/sftpgo 2 https://github.com/crypto-org-chain/cronos 2 https://github.com/go-git/go-git 2 https://github.com/flynn/noise 2 https://github.com/fluid-cloudnative/fluid 2 https://github.com/cosmos/ethermint 2 https://github.com/gohugoio/hugo 2 https://github.com/go-jose/go-jose 2 https://github.com/golang/crypto 2 https://github.com/unknwon/cae 2 https://github.com/google/exposure-notifications-verification-server 2 https://github.com/ulikunitz/xz 2 https://github.com/coreos/etcd 2 https://github.com/fleetdm/fleet 2 https://github.com/gotify/server 2 https://github.com/woodpecker-ci/woodpecker 2 https://github.com/containers/libpod 2 https://github.com/Consensys/gnark-crypto 2 https://github.com/gphper/ginadmin 2 https://github.com/fkie-cad/yapscan 2 https://github.com/codenotary/immudb 2 https://github.com/cloudflare/cloudflared 2 https://github.com/cloudflare/circl 2 https://github.com/hashicorp/terraform 2 https://github.com/facebook/fbthrift 2 https://github.com/heroiclabs/nakama 2 https://github.com/theupdateframework/go-tuf 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/dvsekhvalnov/jose2go 2 https://github.com/imgproxy/imgproxy 2 https://github.com/minio/console 2 https://github.com/stripe/smokescreen 2 https://github.com/peterzen/goresolver 2 https://github.com/pingcap/tidb 2 https://github.com/multiversx/mx-chain-go 2 https://github.com/Netflix/security-bulletins 2 https://github.com/mutagen-io/mutagen 2 https://github.com/ntbosscher/gobase 2 https://github.com/netlify/gotrue 2 https://github.com/projectdiscovery/nuclei 2 https://github.com/sigstore/rekor 2 https://github.com/rancher/wrangler 2