Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Moderate

GSA_kwCzR0hTQS00Z2h4LThqdzgtcDc2cc4AA3XZ

Mattermost Open Redirect vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 5 months ago

Moderate

GSA_kwCzR0hTQS14dnE2LWg4OTgtd2NqOM4AA29G

Mattermost denial of service vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS1oNjl2LW12aDktaGZycc4AA2I8

Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS1qajQ2LTljZ2gtcW1meM4AA3Xc

Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 5 months ago

Moderate

GSA_kwCzR0hTQS1jMzdyLXY4angtN2N2Ms4AA3Xi

Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 5 months ago

Moderate

GSA_kwCzR0hTQS1ycHZyLTM4eHYteHZ4cc4AA0zx

Nomad ACL Policies without Label are Applied to Unexpected Resources
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 10 months ago

Moderate

GSA_kwCzR0hTQS1tMjVtLTU3NzgtZm0yMs4AAkkj

Grafana world readable configuration files
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS0zanE3LThwaDgtNjN4bc4AAkkw

Grafana information disclosure
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS02Z2NnLWhwMngtcTU0aM4AAgdM

Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1xNHc1LTRncTItOTh2bc4AAs5a

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS14bWc4LTk5cjgtamMyas4AAgd9

Login screen allows message spoofing if SSO is enabled
Ecosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago

Low

GSA_kwCzR0hTQS1jY3hjLXZyNnAtNDg1OM0uIg

Improper Certificate Validation in Cosign
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS1xMjRtLTZoMzgtNXhqOM4AA2kK

ydb-go-sdk token in custom credentials object can leak through logs
Ecosystems: go
Packages: github.com/ydb-platform/ydb-go-sdk/v3
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 7 months ago

High

GSA_kwCzR0hTQS05MzljLTNnOTctdnB2ds4AAy-V

Access control issues in blackbox_exporter
Ecosystems: go
Packages: github.com/prometheus/blackbox_exporter
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS03cGhyLTZjYzktNG01cc4AAhJF

Grafana Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS14NWZoLWZ2dnItODkyZs4AAUas

Grafana XSS Vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS14cjN4LTYycXctdmM0d84AAldo

Grafana stored XSS
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjOXctd3ZxMi1mZm05

Server Side Request Forgery in Grafana
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS1oanY5LWhtMmYtcnBjas4AAx5P

Grafana vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS14dzVwLWh3OGoteGc0cc4AAx5O

Grafana vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS0zaHY0LXIyZm0taDI3Zs4AA5Rd

Email Validation Bypass And Preventing Sign Up From Email's Owner
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago

High

GSA_kwCzR0hTQS02eGYzLTVocDcteHFxZ84AAubG

Improper token validation leading to code execution in Teleport
Ecosystems: go
Packages: github.com/gravitational/teleport
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS02Y3FqLTY5NjktcDU3eM4AAv-p

Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
Ecosystems: go
Packages: github.com/codenotary/immudb
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqMjYtN2dyai13aGcz

Privilege Escalation in fscrypt
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: almost 3 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4OGMtbTc0OC14cjRq

Access Restriction Bypass in kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: about 2 years ago

High

GSA_kwCzR0hTQS1jMnBqLXYzN3ItMnA2aM4AA0El

Coraza has potential denial of service vulnerability
Ecosystems: go
Packages: github.com/corazawaf/coraza/v2, github.com/corazawaf/coraza/v3
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 10 months ago

High

GSA_kwCzR0hTQS04Z2c4LXdyNGotdjJ3cs4AAyPI

Gophish vulnerable to Denial of Service via crafted payload involving autofocus
Ecosystems: go
Packages: github.com/gophish/gophish
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: about 1 year ago

High

GSA_kwCzR0hTQS1oM203LXJxYzQtN2g5cM4AA5sZ

Integer overflow in chunking helper causes dispatching to miss elements or panic
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS12eDk3LThxOHEtcWdxNc4AA7VB

Mattermost's detailed error messages reveal the full file path
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 days ago

Moderate

GSA_kwCzR0hTQS04Zjk5LWcycGoteDh3M84AA7VG

Mattermost crashes web clients via a malformed custom status
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 days ago

Moderate

GSA_kwCzR0hTQS13ajM3LW1wcTkteHJjbc4AA7VH

Mattermost fails to limit the number of active sessions
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 days ago

Moderate

GSA_kwCzR0hTQS00aGM0LXBnZngtM21yeM4AAyLD

cilium-agent container can access the host via `hostPath` mount
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5Nzgtdmcyai1jYzlx

Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers
Ecosystems: go
Packages: github.com/kata-containers/runtime, github.com/kata-containers/agent
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 2 years ago

High

GSA_kwCzR0hTQS04Njk3LTQ3OWgtNW1mcM4AA1ar

Weaviate denial of service vulnerability
Ecosystems: go
Packages: github.com/weaviate/weaviate
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 8 months ago

Low

GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S

Cosign vulnerable to possible endless data attack from attacker-controlled registry
Ecosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 6 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwM2ctdnB3Ni00dzY2

Authentication Bypass in hydra
Ecosystems: go
Packages: github.com/ory/hydra
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS05OWNnLTU3NXgtNzc0cM0n8w

Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
Ecosystems: go
Packages: github.com/google/go-attestation
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 2 years ago

High

GSA_kwCzR0hTQS14d2YzLTZyZ3YtOTM5cs4AAulJ

Flux CLI Workload Injection
Ecosystems: go
Packages: github.com/fluxcd/flux2
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago

High

GSA_kwCzR0hTQS03aGdjLXBocDUtNzdxcc4AAu1b

Talos worker join token can be used to get elevated access level to the Talos API
Ecosystems: go
Packages: github.com/talos-systems/talos
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1wZmhyLXBjY3AtaHdtaM4AAuix

Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago

High

GSA_kwCzR0hTQS1wMmc3LXh3dnItcnJ3M84AAu1q

Helm Controller denial of service
Ecosystems: go
Packages: github.com/fluxcd/flux2, github.com/fluxcd/helm-controller
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS00aGoyLXIycG0tM2hjNs0_pA

Incorrect Default Permissions in CRI-O
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS12ODI5LXg2aGgtY3Fmcc4AAyDd

Crossplane-runtime contains Improper Input Validation via Compositions
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago

High

GSA_kwCzR0hTQS0zaGZxLWN4OWotOTIzd84AA3K0

Attacker can cause Kyverno user to unintentionally consume insecure image
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS04aDhwLXgyODktdnZxcs0pyQ

Gitea displaying raw OpenID error in UI
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1ZmotNzI2NS1qeGhq

Gitea Exposes Private Email Addresses
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS02NzJwLW01anEtbXJoOM4AAv-o

Insufficient Verification of Proofs generated by the immudb server in client SDK.
Ecosystems: go
Packages: github.com/codenotary/immudb
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1nOTVwLTg4cDQtNzZjbc0V_w

Cross-site Scripting in Gitea
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS04Zmc4LWpoMmgtZjJoY84AAyLE

Potential network policy bypass when routing IPv6 traffic
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS1tN3FwLWNqOXAtZ2o4Nc4AAwpR

OpenShift OSIN vulnerable to Observable Timing Discrepancy
Ecosystems: go
Packages: github.com/openshift/osin
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 1 year ago

High

GSA_kwCzR0hTQS0zNHZ3LW00cmgtcjM2cM4AAu1X

Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM
Ecosystems: go
Packages: github.com/talos-systems/talos
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 1 year ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12NTUtMjN4cC0zd3A4

Access control flaw in Kiali
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1oM3E0LXZtdzQtY3ByNc0y9Q

Path Traversal in Gitea
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 2 years ago

High

GSA_kwCzR0hTQS1xZjdqLTI1ZzktcjYzZs4AAulL

elrond-go MultiESDTNFTTransfer call on a SC address with missing function name
Ecosystems: go
Packages: github.com/ElrondNetwork/elrond-go
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS01cmhnLXhoZ3ItNWhmas4AAwou

go-saml's XML Digital Signatures use SHA-1
Ecosystems: go
Packages: github.com/RobotsAndPencils/go-saml
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 1 year ago

Critical

GSA_kwCzR0hTQS1nN213LTlwZjktcDJwbc4AAwzR

gosqljson SQL Injection vulnerability
Ecosystems: go
Packages: github.com/elgs/gosqljson
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02OTctNHY4Zi01NXFn

Header dropping in traefik
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: over 2 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2NXctZ2c1cC04NWM5

Insufficient Session Expiration in Kiali
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: almost 3 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0cmgtcjg2cS03NWZm

Hard coded cryptographic key in Kiali
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1ycnA0LTJ4eDMtbXYyOc0n7w

Command injection in gh-ost
Ecosystems: go
Packages: github.com/github/gh-ost
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS00Njg1LTJ4NXItNjVwas4AA6qH

Pebble service manager's file pull API allows access by any user
Ecosystems: go
Packages: github.com/canonical/pebble
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 28 days ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptNTYtNWg2Ni13NDUz

Repository index file allows for duplicates of the same chart entry in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 3 years ago

High

GSA_kwCzR0hTQS04ajk4LWNqZnItcXgzaM4AA3lC

github.com/ecies/go vulnerable to possible private key restoration
Ecosystems: go
Packages: github.com/ecies/go/v2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 5 months ago

High

GSA_kwCzR0hTQS1xeDJqLTg1cTUtZmZwOM4AAs72

Query predicate bypass in Zalando Skipper
Ecosystems: go
Packages: github.com/zalando/skipper
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1qcjc3LThneDQtaDVxaM4AAv0s

MessagePack for Golang subject to DoS via Unmarshal panic
Ecosystems: go
Packages: github.com/shamaton/msgpack/v2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago

High

GSA_kwCzR0hTQS03ODVoLWhyZjctZ3F4Y84AAXBI

Docker Notary Signature Algorithm Not Matched to Key vulnerability
Ecosystems: go
Packages: github.com/docker/notary
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1wNDVqLXZmdjUtd3Bycc4AA1yy

RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack
Ecosystems: go
Packages: github.com/rancher/rke2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 8 months ago

High

GSA_kwCzR0hTQS1wMjI4LTRtcmgtd3c3cs4AAwqg

Elrond-GO processing: fallback search of SCRs when not found in the main cache
Ecosystems: go
Packages: github.com/ElrondNetwork/elrond-go
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: over 1 year ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxYzUtcmdjYy1janFo

Information Disclosure in go.elastic.co/apm
Ecosystems: go
Packages: go.elastic.co/apm
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2OWMtdzc0cS02NzYy

Insecure permissions on build temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1N2ctcjIydy05d3Z4

Incorrect Permission Assignment for Critical Resource in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqNTQtY2pyeC14Njk2

Observable Discrepancy in Argo
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago

Low

GSA_kwCzR0hTQS05amZ4LTg0djktMnJyMs4AA0z2

Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 10 months ago

Moderate

GSA_kwCzR0hTQS1ocTRtLTQ5NDgtNjRjY84AAzol

Kyverno resource with a deletionTimestamp may allow policy circumvention
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 11 months ago

High

GSA_kwCzR0hTQS1tOTc0LXhqNGotN3F2Nc4AAzSd

Boxo bitswap/server: DOS unbounded persistent memory leak
Ecosystems: go
Packages: github.com/ipfs/go-libipfs
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 12 months ago

High

GSA_kwCzR0hTQS1tNGhmLTZ2Z3ItNzVyMs4AA1yx

K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack
Ecosystems: go
Packages: github.com/k3s-io/k3s
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 8 months ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnaDgteDN2di1waGhn

Predictable SIF UUID Identifiers in github.com/sylabs/sif
Ecosystems: go
Packages: github.com/sylabs/sif
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS01bTdnLXBqOHctNzU5M84AAvxv

Vela Insecure Defaults
Ecosystems: go
Packages: github.com/go-vela/worker, github.com/go-vela/server
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS04dndtLTh2ajgtcnFqZs0vCg

User login denial of service in github.com/google/fscrypt
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS1tcHE0LXJqajgtZmpwaM0vDQ

Uncontrolled Resource Consumption in github.com/google/fscrypt
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS0yMzk0LTU1MzUtOGo4OM4AAx5o

Kubernetes vulnerable to path traversal
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS12d202LXFjNzctdjJyaM4AAtM_

KubeEdge Edge ServiceBus module DoS
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1qdjNmLTdtMzMtcXA2Nc4AAze1

Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited
Ecosystems: go
Packages: github.com/minio/console
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 11 months ago

Moderate

GSA_kwCzR0hTQS04MzNjLXhoNzktcDQyOc4AAy62

A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation
Ecosystems: go
Packages: github.com/clusternet/clusternet
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS0ycDRnLWpybXgtcjM0bc4AAg9c

Rancher Login Parameter Can Be Edited
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1qcW1jLTc5Z3gtN2c4cM0q7A

Incorrect Permission Assignment for Critical Resource in CRI-O
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago

High

GSA_kwCzR0hTQS1xOXFyLWp3cHctM3F2ds4AAwoY

Golf may allow attacker to bypass CSRF protections due to weak PRNG
Ecosystems: go
Packages: github.com/dinever/golf
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS01eGZnLXd2OTgtMjY0bc4AA7Sj

Sensitive Information leak via Log File in Kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 8 days ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnY3AtdzZ3dy0yeHY5

Path traversal and files overwrite with unsquashfs in singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS01NW05LWhtOTIteG04as4AAyPG

Gophish vulnerable to Cross-site Scripting via crafted landing page
Ecosystems: go
Packages: github.com/gophish/gophish
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 1 year ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2djItcWNobS1ncmo3

Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS02YzdtLXF3eGotbXZocM0XYg

Broken encryption in EdgeX Foundry
Ecosystems: go
Packages: github.com/edgexfoundry/app-service-configurable, github.com/edgexfoundry/app-functions-sdk-go, github.com/edgexfoundry/app-functions-sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 2 years ago

Moderate

Advisories: 18,330
Packages: 8,279
Repositories: 534
Ecosystems: 12

Filter by Severity

Moderate 7,912 High 6,344 Critical 2,806 Low 981

Filter by Ecosystem

maven 5,520 packagist 3,801 pypi 3,705 npm 3,535 go 1,889 nuget 1,390 rubygems 814 cargo 776 swift 31 hex 30 actions 16 pub 8

Filter by Package

github.com/usememos/memos 59 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/hashicorp/vault 28 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 19 github.com/docker/docker 19 code.gitea.io/gitea 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/nats-io/nats-server/v2 13 github.com/mattermost/mattermost-server 13 github.com/traefik/traefik/v2 13 github.com/containerd/containerd 13 github.com/moby/moby 12 github.com/go-gitea/gitea 12 github.com/opencontainers/runc 12 github.com/zitadel/zitadel 11 github.com/openfga/openfga 11 github.com/cloudflare/cfrpki 11 github.com/1Panel-dev/1Panel 10 github.com/greenpau/caddy-security 10 github.com/cosmos/cosmos-sdk 10 golang.org/x/crypto 9 github.com/kubernetes/kubernetes 9 github.com/cri-o/cri-o 9 github.com/sylabs/singularity 9 istio.io/istio 8 github.com/containers/podman/v4 8 github.com/pomerium/pomerium 8 github.com/kubeedge/kubeedge 8 go.etcd.io/etcd 8 github.com/nats-io/jwt 7 github.com/traefik/traefik 7 github.com/beego/beego 7 k8s.io/ingress-nginx 7 helm.sh/helm 7 github.com/google/fscrypt 7 github.com/hashicorp/go-getter 7 github.com/authzed/spicedb 6 github.com/russellhaering/gosaml2 6 github.com/hyperledger/fabric 6 github.com/cubefs/cubefs 6 github.com/apache/trafficcontrol 6 github.com/gravitl/netmaker 6 github.com/pion/dtls 6 github.com/treeverse/lakefs 6 github.com/beego/beego/v2 6 github.com/russellhaering/goxmldsig 6 github.com/pterodactyl/wings 6 github.com/sigstore/cosign 6 github.com/fluxcd/flux2 6 kubevirt.io/kubevirt 5 github.com/hashicorp/go-getter/v2 5 github.com/tidwall/gjson 5 github.com/containers/buildah 5 github.com/schollz/croc/v9 5 github.com/KubeOperator/kubepi 5 github.com/apache/incubator-answer 5 github.com/mattermost/mattermost-server/v5 5 github.com/fluxcd/kustomize-controller 5 github.com/gofiber/fiber/v2 5 github.com/moby/buildkit 5 github.com/IBAX-io/go-ibax 5 github.com/kyverno/kyverno 5 github.com/pion/dtls/v2 5 go.etcd.io/etcd/v3 5 github.com/cometbft/cometbft 5 github.com/kiali/kiali 5 github.com/0xJacky/Nginx-UI 5 github.com/ipfs/go-ipfs 5 github.com/tendermint/tendermint 5 github.com/foxcpp/maddy 5 github.com/traefik/traefik/v3 5 github.com/gophish/gophish 5 github.com/open-policy-agent/opa 4 github.com/free5gc/free5gc 4 golang.org/x/net/http2 4 github.com/dhowden/tag 4 github.com/aws/aws-sdk-go 4 github.com/crewjam/saml 4 github.com/arduino/arduino-create-agent 4 github.com/concourse/concourse 4 github.com/casdoor/casdoor 4 github.com/containers/podman/v3 4 github.com/argoproj/argo-workflows/v3 4 github.com/dexidp/dex 4 github.com/alist-org/alist/v3 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/ory/fosite 4 github.com/caddyserver/caddy 4 github.com/lestrrat-go/jwx 4 github.com/lestrrat-go/jwx/v2 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/gin-gonic/gin 4 github.com/git-lfs/git-lfs 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/phachon/mm-wiki 3 github.com/hashicorp/vault/vault 3 github.com/flyteorg/flyteadmin 3 github.com/cheqd/cheqd-node 3 github.com/nats-io/jwt/v2 3 github.com/go-vela/server 3 github.com/apache/servicecomb-service-center 3 github.com/docker/distribution 3 github.com/navidrome/navidrome 3 github.com/coredns/coredns 3 github.com/syncthing/syncthing 3 github.com/ElrondNetwork/elrond-go 3 github.com/jackc/pgx/v4 3 gopkg.in/yaml.v2 3 github.com/cortexproject/cortex 3 github.com/minio/minio 3 github.com/consensys/gnark 3 go.etcd.io/etcd/client/v3 3 github.com/projectcalico/calico 3 github.com/lightningnetwork/lnd 3 github.com/ory/oathkeeper 3 github.com/notaryproject/notation 3 github.com/fluxcd/helm-controller 3 golang.org/x/text 3 github.com/sigstore/cosign/v2 3 github.com/quic-go/quic-go 3 github.com/stacklok/minder 3 github.com/heketi/heketi 3 github.com/owncast/owncast 3 github.com/openshift/origin 3 k8s.io/client-go 3 github.com/miekg/dns 3 github.com/libp2p/go-libp2p 3 github.com/tharsis/evmos 3 github.com/authelia/authelia/v4 3 github.com/crossplane/crossplane 3 golang.org/x/image 3 github.com/crypto-org-chain/cronos 3 github.com/hashicorp/boundary 3 github.com/mholt/archiver 3 github.com/dutchcoders/transfer.sh 3 github.com/weaveworks/weave-gitops 3 github.com/edgelesssys/constellation/v2 3 github.com/square/go-jose 3 github.com/artifacthub/hub 3 github.com/cloudflare/circl 2 gopkg.in/src-d/go-git.v4 2 github.com/woodpecker-ci/woodpecker 2 github.com/minio/console 2 github.com/go-yaml/yaml 2 github.com/ansible-semaphore/semaphore 2 github.com/pires/go-proxyproto 2 github.com/rancher/wrangler 2 github.com/flynn/noise 2 github.com/gphper/ginadmin 2 mellium.im/xmpp 2 github.com/clastix/capsule-proxy 2 github.com/etcd-io/etcd 2 github.com/mutagen-io/mutagen 2 github.com/unknwon/cae 2 github.com/openshift/apiserver-library-go 2 vitess.io/vitess 2 github.com/bytebase/bytebase 2 github.com/hashicorp/terraform 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/influxdata/influxdb 2 github.com/protocolbuffers/protobuf 2 github.com/gotify/server 2 github.com/brokercap/Bifrost 2 github.com/imgproxy/imgproxy/v3 2 github.com/prometheus/prometheus 2 github.com/dvsekhvalnov/jose2go 2 github.com/containers/podman/v2 2 github.com/pingcap/tidb 2 github.com/microcosm-cc/bluemonday 2 github.com/sap/cloud-security-client-go 2 github.com/facebook/fbthrift 2 github.com/talos-systems/talos 2 protobuf 2 github.com/flipped-aurora/gin-vue-admin/server 2 github.com/containers/podman 2 github.com/swaggo/http-swagger 2 github.com/gohugoio/hugo 2 github.com/apache/thrift 2 github.com/labstack/echo/v4 2 github.com/ipld/go-codec-dagpb 2 github.com/codenotary/immudb 2 github.com/kata-containers/runtime 2 github.com/ecnepsnai/web 2 github.com/kitabisa/teler-waf 2 github.com/IceWhaleTech/CasaOS 2 github.com/projectcapsule/capsule-proxy 2

Filter by Repository