Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Moderate

GSA_kwCzR0hTQS12amhmLTZ4ZnItNXA5Z84AA6lt

KubeVirt NULL pointer dereference flaw
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 30 days ago

Moderate

GSA_kwCzR0hTQS1yNXg2LXc0MnAtamhwcM4AAyLF

Cilium eBPF filters may be temporarily removed during agent restart
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS1oajU3LWo1Y3ctMm13cM4AArNA

Ignition config accessible to unprivileged software on VMware
Ecosystems: go
Packages: github.com/coreos/ignition, github.com/coreos/ignition/v2
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1xY3cyLTQ5MnYtNTd4as4AAwkV

usememos/memos missing Secure cookie attribute
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS04ajN2LTY4dzMtMzg0OM4AA1Fj

Gitea erroneous repo clones
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS03ajdqLTY2Y3YtbTIzOc4AA7UD

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago

Moderate

GSA_kwCzR0hTQS02N3J2LXFwdzItNnFycs4AA6qo

Grafana: Users outside an organization can delete a snapshot with its key
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 28 days ago

Moderate

GSA_kwCzR0hTQS1wNjU4LTg2OTMtbWh2Z84AAvMD

Tendermint Core vulnerable to Uncontrolled Resource Consumption
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS04amczLXJ4NDMtM2Z2NM4AAyq4

Answer vulnerable to Exposure of Sensitive Information Through Metadata
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS02am02LWNtY3AtZnFqcc0sVA

Nomad Spread Job Stanza May Trigger Panic in Servers
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS0zM3I3LXdqZmMtN3c5OM4AA2Iz

Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yNmgtY2hxcC1wOWcy

SQL Injection in gogs.io/gogs
Ecosystems: go
Packages: github.com/gogits/gogs, gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS05aHdwLWNqN20td2p3NM4AA2I2

Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS01Mmg4LWM4NzYtOTg5Y84AA1BX

Answer has Race Condition within a Thread
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS1ydnJ4LXJyd2gtcjlwNs4AAzr3

Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago

Moderate

GSA_kwCzR0hTQS13NTVqLWY3dngtNnEzN84AAxdS

Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip)
Ecosystems: go
Packages: github.com/openshift/source-to-image
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwMzItdm1tNi0zdmY1

Directory Traversal in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes, github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS0ycDZyLTM3cDktODlwMs0Wnw

Authz Module Non-Determinism
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS1taDNtLThjNzQtNzR4aM0mAQ

Denial of Service in graphql-go
Ecosystems: go
Packages: github.com/graph-gophers/graphql-go
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS02Zmo1LW04MjItcnF4OM4AA4-0

moby docker daemon crash during image pull of malicious image
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 3 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjZ3gtdmhmcC02Y2Y5

Directory traversal in Kubernetes Secrets Store CSI Driver
Ecosystems: go
Packages: sigs.k8s.io/secrets-store-csi-driver
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS1mMzdxLXE3cDItY2NmY807ZA

Resource exhaustion in Mattermost
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS05bTZwLXg0aDItNmZycc4AA7V4

Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 7 days ago

Moderate

GSA_kwCzR0hTQS0yMmZ4LTZyOW0tcjhoOc4AAzGl

libheif vulnerable to segmentation fault via floating point exception
Ecosystems: go
Packages: github.com/strukturag/libheif
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 12 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqcWotZjU4cC1tcncz

Denial of Service in TenderMint
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0MmctNzM3ai1xeDZq

Access Restriction Bypass in kube-apiserver
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS04NjN4LTg2OGgtOTY4eM4AAzdP

Ingress-nginx `path` sanitization can be bypassed with newline character
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago

Moderate

GSA_kwCzR0hTQS1yN2hnLTJjcHAtOHdxcc4AAwp_

usememos/memos has Incorrectly Specified Destination in a Communication Channel
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS00eDMyLWgyOTYtcmc2as4AATbw

Singularity Incorrect Access Control
Ecosystems: go
Packages: github.com/hpcng/singularity
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS14cnhtLW12cW0tcjU1M84AAUMu

Helm Path Traversal
Ecosystems: go
Packages: helm.sh/helm
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: almost 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3dmgtZmY1Zi14anBq

Missing Authorization in Harbor
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS00Njh3LTh4MzktZ2o1ds4AAwNU

Traefik routes exposed with an empty TLSOption
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS12NDJmLWhxNzgtOGM1bc4AAwBK

Denial of service in Mattermost
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1tcngzLWd4angtaGpxas4AA47t

Authentik vulnerable to PKCE downgrade attack
Ecosystems: go
Packages: goauthentik.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnanItMmY3di12aHE0

Kiali Authentication Bypass vulnerability
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1xYzZ2LWczeHctZ3JteM4AA4LT

Authenticated users can crash the CubeFS servers with maliciously crafted requests
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago

Moderate

GSA_kwCzR0hTQS02Y3dtLXdtODItaGdyd84AAoHD

MongoDB Tools Improper Certificate Validation vulnerability
Ecosystems: go
Packages: github.com/mongodb/mongo-tools
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS05YzR4LTVoZ3EtcTN3aM0Z-Q

Instance config inline secret exposure in Grafana
Ecosystems: go
Packages: github.com/grafana/agent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS01OGcyLXZncGctMzM1cc4AAyfN

request-baskets vulnerable to Server-Side Request Forgery
Ecosystems: go
Packages: github.com/darklynx/request-baskets
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS1tZnZxLW0zamotODg2NM4AAwo8

usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1yeGc5LWhncTctOHB3eM4AA3qR

Header spoofing in caddy-geo-ip
Ecosystems: go
Packages: github.com/shift72/caddy-geo-ip
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNm0tcjhqYy0yZ3A3

Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS00MzdtLTdoajUtOW1wd84AA4Ng

Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Ecosystems: go
Packages: github.com/openkruise/kruise
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 4 months ago

Moderate

GSA_kwCzR0hTQS1jN3ZmLW0zOTQtbTR4NM4AA5Wn

Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS1nd3BmLTk1amMtNjNyds4AArUl

Uncontrolled Resource Consumption in Mattermost server
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS04amhoLTNqZjItcGZ3cs4AAyez

Mattermost vulnerable to information disclosure
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS04NTc5LTdwMzItZjM5OM4AA4LU

CubeFS timing attack can leak user passwords
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago

Moderate

GSA_kwCzR0hTQS1od2MzLTNxaDYtcjRnZ84AAydO

HashiCorp Vault's PKI mount vulnerable to denial of service
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS12d202LXFjNzctdjJyaM4AAtM_

KubeEdge Edge ServiceBus module DoS
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS0ydzh3LXFoZzQtZjc4as4AA0mz

A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries
Ecosystems: go
Packages: github.com/jaegertracing/jaeger
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 10 months ago

Moderate

GSA_kwCzR0hTQS1xd3JqLTlobXAtZ3B4aM4AAtZ2

FlyteAdmin Insufficient AccessToken Expiration Check
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1tNXByLXdtNnEteDRnMs4AAwpL

usememos/memos vulnerable to Comparison of Object References Instead of Object Contents
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS03djNnLTQ4NzgtNXFyZs4AAvRN

Nomad Panics On Job Submission With Bad Artifact Stanza Source URL
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4OTItcDRwNS0zM2M0

Path Traversal in HashiCorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS14ajd2LWM4MnctOTJxMs4AAkND

Argo Exposure of Sensitive Information
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1qd3ZyLXZ2N3AtZ3B3cc3XnQ

Privilege escalation for users with create/update permissions in Global Roles in Rancher
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS03aGZwLXFmdzMtNWp4aM4AAui3

Helm Vulnerable to denial of service through string value parsing
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS13eDhxLXJnZnItY2Y2ds0XGw

Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
Ecosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS1qaHd4LW1od3ctcmdjM84AA6dx

ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS1oajkzLTVmZzMtM2Nocs0uhw

HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 2 years ago

High

GSA_kwCzR0hTQS02aDNtLTM2dzgtaHY2OM0xNA

Arbitrary file write in nats-server
Ecosystems: go
Packages: github.com/nats-io/nats-streaming-server, github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS02NXY4LTZwdnctand2cc4AAyq3

Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS1qY2YyLW14cjItZ21xcM4AA1gZ

OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago

Moderate

GSA_kwCzR0hTQS1maHY4LW00ajQtY3d3Ms4AAt-G

Gitea allowed assignment of private issues
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1jZ2N2LTUyNzItOTdwcs4AA0Ls

Kubernetes mountable secrets policy bypass
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: 10 months ago

Moderate

GSA_kwCzR0hTQS1nODJ3LTU4amYtZ2N4eM4AAze2

secrets-store-csi-driver discloses service account tokens in logs
Ecosystems: go
Packages: sigs.k8s.io/secrets-store-csi-driver
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 11 months ago

Moderate

GSA_kwCzR0hTQS1xYzJnLWdtaDYtOTVwNM4AA0Ln

kube-apiserver vulnerable to policy bypass
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: 10 months ago

Moderate

GSA_kwCzR0hTQS1tN3c0LXE1dmctNXhmcM4AAvBm

Mattermost subject to Denial of Service via upload of special GIF
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS0zY2YyLXg0MjMteDU4Ms0eBQ

Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Ecosystems: go
Packages: github.com/containers/podman/v3
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS04NWNmLWdqMjktZjU1Nc4AA1OE

1Panel Arbitrary File Download vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS1qOTlxLXJ3cDYtNDk4Z84AAQE6

Gitea Arbitrary File Delete Vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0OXItOHd2cC00d3dn

Permissions bypass in KubeVirt
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1qbXJ4LTVnNzQtNnYyZs4AAh7K

Kubernetes client-go library logs may disclose credentials to unauthorized users
Ecosystems: go
Packages: k8s.io/kubernetes, k8s.io/client-go
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS01anBoLXdycTctdjloZs4AAwBJ

Denial of service in Mattermost
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS13Zzc5LTJjZ3AtcXJqbc4AAnBG

dhowden tag panic due to out-of-bounds read
Ecosystems: go
Packages: github.com/dhowden/tag
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS13cDQzLXZwcmgtYzN3Nc4AA6qC

Mattermost fails to authenticate the source of certain types of post actions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 28 days ago

Moderate

GSA_kwCzR0hTQS1mdmhqLTRxZmgtcTJobc4AA3ku

Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 5 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cnItcmhtbS12Y3Zm

NULL Pointer Dereference in Kubernetes CSI snapshot-controller
Ecosystems: go
Packages: github.com/kubernetes-csi/external-snapshotter/v3, github.com/kubernetes-csi/external-snapshotter/v2
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS13NDc5LXcyMmctY2ZmaM4AAxs5

Uncontrolled Resource Consumption in Hashicorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS1yd2NwLXFyd2ctNTZjZ84AAz_T

Casdoor Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5djYteGMyai1yMmpm

Shallow copy bug in geth
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: almost 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxdzgtODQ3Zi1wZ2dt

Improper Locking in github.com/containers/storage
Ecosystems: go
Packages: github.com/containers/storage
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS05eGZ3LWpqcTItN3Y4aM4AA5Eg

1Panel set-cookie is missing the Secure keyword
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS14OTJyLTN2ZngtNGN2M84AA1Av

Golang TIFF decoder does not place a limit on the size of compressed tile data
Ecosystems: go
Packages: golang.org/x/image
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS1qaHZmLTdjODUtM2M5Z84AA6gZ

LocalAI cross-site request forgery vulnerability
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS1tNjlyLTlnNTYtN212OM4AAvDf

HashiCorp Consul vulnerable to authorization bypass
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS0yN21oLTMzNDMtNmhnNc4AAnBE

dhowden tag panic due to out-of-bounds read
Ecosystems: go
Packages: github.com/dhowden/tag
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1mNHc2LTNyaDYtNnE0cc4AAi3b

Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
Ecosystems: go
Packages: github.com/kubernetes-csi/external-resizer, github.com/kubernetes-csi/external-snapshotter/v6, github.com/kubernetes-csi/external-provisioner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago

Moderate

Advisories: 18,330
Packages: 8,279
Repositories: 534
Ecosystems: 12

Filter by Severity

Moderate 7,912 High 6,344 Critical 2,806 Low 981

Filter by Ecosystem

maven 5,520 packagist 3,801 pypi 3,705 npm 3,535 go 1,889 nuget 1,390 rubygems 814 cargo 776 swift 31 hex 30 actions 16 pub 8

Filter by Package

github.com/usememos/memos 59 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/hashicorp/vault 28 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 19 github.com/docker/docker 19 code.gitea.io/gitea 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/nats-io/nats-server/v2 13 github.com/mattermost/mattermost-server 13 github.com/traefik/traefik/v2 13 github.com/containerd/containerd 13 github.com/moby/moby 12 github.com/go-gitea/gitea 12 github.com/opencontainers/runc 12 github.com/zitadel/zitadel 11 github.com/openfga/openfga 11 github.com/cloudflare/cfrpki 11 github.com/1Panel-dev/1Panel 10 github.com/greenpau/caddy-security 10 github.com/cosmos/cosmos-sdk 10 golang.org/x/crypto 9 github.com/kubernetes/kubernetes 9 github.com/cri-o/cri-o 9 github.com/sylabs/singularity 9 istio.io/istio 8 github.com/containers/podman/v4 8 github.com/pomerium/pomerium 8 github.com/kubeedge/kubeedge 8 go.etcd.io/etcd 8 github.com/nats-io/jwt 7 github.com/traefik/traefik 7 github.com/beego/beego 7 k8s.io/ingress-nginx 7 helm.sh/helm 7 github.com/google/fscrypt 7 github.com/hashicorp/go-getter 7 github.com/authzed/spicedb 6 github.com/russellhaering/gosaml2 6 github.com/hyperledger/fabric 6 github.com/cubefs/cubefs 6 github.com/apache/trafficcontrol 6 github.com/gravitl/netmaker 6 github.com/pion/dtls 6 github.com/treeverse/lakefs 6 github.com/beego/beego/v2 6 github.com/russellhaering/goxmldsig 6 github.com/pterodactyl/wings 6 github.com/sigstore/cosign 6 github.com/fluxcd/flux2 6 kubevirt.io/kubevirt 5 github.com/hashicorp/go-getter/v2 5 github.com/tidwall/gjson 5 github.com/containers/buildah 5 github.com/schollz/croc/v9 5 github.com/KubeOperator/kubepi 5 github.com/apache/incubator-answer 5 github.com/mattermost/mattermost-server/v5 5 github.com/fluxcd/kustomize-controller 5 github.com/gofiber/fiber/v2 5 github.com/moby/buildkit 5 github.com/IBAX-io/go-ibax 5 github.com/kyverno/kyverno 5 github.com/pion/dtls/v2 5 go.etcd.io/etcd/v3 5 github.com/cometbft/cometbft 5 github.com/kiali/kiali 5 github.com/0xJacky/Nginx-UI 5 github.com/ipfs/go-ipfs 5 github.com/tendermint/tendermint 5 github.com/foxcpp/maddy 5 github.com/traefik/traefik/v3 5 github.com/gophish/gophish 5 github.com/open-policy-agent/opa 4 github.com/free5gc/free5gc 4 golang.org/x/net/http2 4 github.com/dhowden/tag 4 github.com/aws/aws-sdk-go 4 github.com/crewjam/saml 4 github.com/arduino/arduino-create-agent 4 github.com/concourse/concourse 4 github.com/casdoor/casdoor 4 github.com/containers/podman/v3 4 github.com/argoproj/argo-workflows/v3 4 github.com/dexidp/dex 4 github.com/alist-org/alist/v3 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/ory/fosite 4 github.com/caddyserver/caddy 4 github.com/lestrrat-go/jwx 4 github.com/lestrrat-go/jwx/v2 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/gin-gonic/gin 4 github.com/git-lfs/git-lfs 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/phachon/mm-wiki 3 github.com/hashicorp/vault/vault 3 github.com/flyteorg/flyteadmin 3 github.com/cheqd/cheqd-node 3 github.com/nats-io/jwt/v2 3 github.com/go-vela/server 3 github.com/apache/servicecomb-service-center 3 github.com/docker/distribution 3 github.com/navidrome/navidrome 3 github.com/coredns/coredns 3 github.com/syncthing/syncthing 3 github.com/ElrondNetwork/elrond-go 3 github.com/jackc/pgx/v4 3 gopkg.in/yaml.v2 3 github.com/cortexproject/cortex 3 github.com/minio/minio 3 github.com/consensys/gnark 3 go.etcd.io/etcd/client/v3 3 github.com/projectcalico/calico 3 github.com/lightningnetwork/lnd 3 github.com/ory/oathkeeper 3 github.com/notaryproject/notation 3 github.com/fluxcd/helm-controller 3 golang.org/x/text 3 github.com/sigstore/cosign/v2 3 github.com/quic-go/quic-go 3 github.com/stacklok/minder 3 github.com/heketi/heketi 3 github.com/owncast/owncast 3 github.com/openshift/origin 3 k8s.io/client-go 3 github.com/miekg/dns 3 github.com/libp2p/go-libp2p 3 github.com/tharsis/evmos 3 github.com/authelia/authelia/v4 3 github.com/crossplane/crossplane 3 golang.org/x/image 3 github.com/crypto-org-chain/cronos 3 github.com/hashicorp/boundary 3 github.com/mholt/archiver 3 github.com/dutchcoders/transfer.sh 3 github.com/weaveworks/weave-gitops 3 github.com/edgelesssys/constellation/v2 3 github.com/square/go-jose 3 github.com/artifacthub/hub 3 github.com/cloudflare/circl 2 gopkg.in/src-d/go-git.v4 2 github.com/woodpecker-ci/woodpecker 2 github.com/minio/console 2 github.com/go-yaml/yaml 2 github.com/ansible-semaphore/semaphore 2 github.com/pires/go-proxyproto 2 github.com/rancher/wrangler 2 github.com/flynn/noise 2 github.com/gphper/ginadmin 2 mellium.im/xmpp 2 github.com/clastix/capsule-proxy 2 github.com/etcd-io/etcd 2 github.com/mutagen-io/mutagen 2 github.com/unknwon/cae 2 github.com/openshift/apiserver-library-go 2 vitess.io/vitess 2 github.com/bytebase/bytebase 2 github.com/hashicorp/terraform 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/influxdata/influxdb 2 github.com/protocolbuffers/protobuf 2 github.com/gotify/server 2 github.com/brokercap/Bifrost 2 github.com/imgproxy/imgproxy/v3 2 github.com/prometheus/prometheus 2 github.com/dvsekhvalnov/jose2go 2 github.com/containers/podman/v2 2 github.com/pingcap/tidb 2 github.com/microcosm-cc/bluemonday 2 github.com/sap/cloud-security-client-go 2 github.com/facebook/fbthrift 2 github.com/talos-systems/talos 2 protobuf 2 github.com/flipped-aurora/gin-vue-admin/server 2 github.com/containers/podman 2 github.com/swaggo/http-swagger 2 github.com/gohugoio/hugo 2 github.com/apache/thrift 2 github.com/labstack/echo/v4 2 github.com/ipld/go-codec-dagpb 2 github.com/codenotary/immudb 2 github.com/kata-containers/runtime 2 github.com/ecnepsnai/web 2 github.com/kitabisa/teler-waf 2 github.com/IceWhaleTech/CasaOS 2 github.com/projectcapsule/capsule-proxy 2

Filter by Repository