Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
go Security Advisories
Loading...
Moderate
Ecosystems: go
Packages: github.com/fluxcd/source-controller/api, github.com/fluxcd/notification-controller/api, github.com/fluxcd/kustomize-controller/api, github.com/fluxcd/image-reflector-controller/api, github.com/fluxcd/image-automation-controller/api, github.com/fluxcd/helm-controller/api, github.com/fluxcd/image-reflector-controller, github.com/fluxcd/image-automation-controller, github.com/fluxcd/notification-controller, github.com/fluxcd/helm-controller, github.com/fluxcd/kustomize-controller, github.com/fluxcd/source-controller, github.com/fluxcd/flux2
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: over 1 year ago
GSA_kwCzR0hTQS1mNHA1LXg0dmMtbWg0ds4AAvcq
Improper use of metav1.Duration allows for Denial of ServiceEcosystems: go
Packages: github.com/fluxcd/source-controller/api, github.com/fluxcd/notification-controller/api, github.com/fluxcd/kustomize-controller/api, github.com/fluxcd/image-reflector-controller/api, github.com/fluxcd/image-automation-controller/api, github.com/fluxcd/helm-controller/api, github.com/fluxcd/image-reflector-controller, github.com/fluxcd/image-automation-controller, github.com/fluxcd/notification-controller, github.com/fluxcd/helm-controller, github.com/fluxcd/kustomize-controller, github.com/fluxcd/source-controller, github.com/fluxcd/flux2
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/canonical/pebble
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 1 month ago
GSA_kwCzR0hTQS00Njg1LTJ4NXItNjVwas4AA6qH
Pebble service manager's file pull API allows access by any userEcosystems: go
Packages: github.com/canonical/pebble
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1tcnd3LTI3dmMtZ2dods4AA5wA
pgx SQL Injection via Protocol Message Size OverflowEcosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 12 months ago
GSA_kwCzR0hTQS05bTN2LXY0cjUtcHB4N84AAzr2
Notation vulnerable to denial of service from high number of artifact signaturesEcosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 12 months ago
Moderate
Ecosystems: go
Packages: github.com/square/go-jose, github.com/go-jose/go-jose/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS0yYzdjLTNtajktOGZxaM4AA3S1
Decryption of malicious PBES2 JWE objects can consume unbounded system resourcesEcosystems: go
Packages: github.com/square/go-jose, github.com/go-jose/go-jose/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 months ago
GSA_kwCzR0hTQS05M3g4LTY2ajItd3dyNc4AA5Wo
Server-Side Request Forgery in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS04amczLXJ4NDMtM2Z2NM4AAyq4
Answer vulnerable to Exposure of Sensitive Information Through MetadataEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: github.com/edgexfoundry/app-service-configurable, github.com/edgexfoundry/app-functions-sdk-go, github.com/edgexfoundry/app-functions-sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 2 years ago
GSA_kwCzR0hTQS02YzdtLXF3eGotbXZocM0XYg
Broken encryption in EdgeX FoundryEcosystems: go
Packages: github.com/edgexfoundry/app-service-configurable, github.com/edgexfoundry/app-functions-sdk-go, github.com/edgexfoundry/app-functions-sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: code.sajari.com/docconv, github.com/sajari/docconv
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 1 year ago
GSA_kwCzR0hTQS1xdngyLTU5ZzgtOGhwaM4AAwlv
docconv vulnerable to Memory Allocation with Excessive Size ValueEcosystems: go
Packages: code.sajari.com/docconv, github.com/sajari/docconv
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1yOTV3LTdjcHgtaDVteM4AAyMt
Answer vulnerable to Business Logic ErrorsEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago
GSA_kwCzR0hTQS1xNHc1LTRncTItOTh2bc4AAs5a
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-serverEcosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
GSA_kwCzR0hTQS12ajM2LTNjY3ItNjU2M84AA5Wr
Authentication Bypass by Spoofing in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/dapr/dapr
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 10 months ago
GSA_kwCzR0hTQS01OW02LTgycW0tdnFnas4AA01h
Dapr API token authentication bypass in HTTP endpointsEcosystems: go
Packages: github.com/dapr/dapr
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 months ago
GSA_kwCzR0hTQS0zNDg3LTNqN2MtN2d3as4AA3XX
Mattermost Uncontrolled Resource Consumption vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/edgexfoundry/app-functions-sdk-go/v2, github.com/edgexfoundry/device-sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: almost 2 years ago
GSA_kwCzR0hTQS1nNjNoLXE4NTUtdnAzcc4AArtG
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated usersEcosystems: go
Packages: github.com/edgexfoundry/app-functions-sdk-go/v2, github.com/edgexfoundry/device-sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
GSA_kwCzR0hTQS03bXA2LTkyOXAtcHFoas4AA19V
Croc requires senders to provide local IP addresses in cleartextEcosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/drakkan/sftpgo
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
GSA_kwCzR0hTQS1jZjdnLWNtN3EtcnE3Zs4AAu8S
SFTPGo WebClient vulnerable to Cross-site ScriptingEcosystems: go
Packages: github.com/drakkan/sftpgo
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/openshift/apiserver-library-go
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 1 year ago
GSA_kwCzR0hTQS01NDY1LXhjMmotNnA4NM4AAxKZ
github.com/openshift/apiserver-library-go Improper Input Validation vulnerabilityEcosystems: go
Packages: github.com/openshift/apiserver-library-go
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: over 1 year ago
GSA_kwCzR0hTQS1tdjZ3LWo0eGMtcXBmd84AAxfx
Argo CD leaks repository credentials in user-facing error messages and in logsEcosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1ybWh4LTloNWgtM3hoM84AAwqC
usememos/memos vulnerable to stored Cross-site ScriptingEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago
GSA_kwCzR0hTQS14bWc4LTk5cjgtamMyas4AAgd9
Login screen allows message spoofing if SSO is enabledEcosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 8 months ago
GSA_kwCzR0hTQS00eHAyLXc2NDItN21jeM4AA2C6
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicyEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/coreos/ignition, github.com/coreos/ignition/v2
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: almost 2 years ago
GSA_kwCzR0hTQS1oajU3LWo1Y3ctMm13cM4AArNA
Ignition config accessible to unprivileged software on VMwareEcosystems: go
Packages: github.com/coreos/ignition, github.com/coreos/ignition/v2
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/containers/podman/v3
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 2 years ago
GSA_kwCzR0hTQS0zY2YyLXg0MjMteDU4Ms0eBQ
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podmanEcosystems: go
Packages: github.com/containers/podman/v3
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago
GSA_kwCzR0hTQS1jdnFyLW13aDYtMnZjNs4AA7OC
Apache Answer: XSS vulnerability when changing personal websiteEcosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago
Moderate
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 3 months ago
GSA_kwCzR0hTQS0yNTU3LXg5bWctNzZ3OM4AA5Zz
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS0yM3B4LW13MnAtNDZxbc4AA1vh
Cosmos-SDK Cosmovisor component may be vulnerable to denial of serviceEcosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS12eGhyLXAydnAtN2dmOM4AAx9y
Answer vulnerable to Cross-site ScriptingEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1xMm14LWdwamYtM2g4eM4AA0OR
1Panel vulnerable to command injection when adding container repositoriesEcosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
Ecosystems: go
Packages: github.com/ipfs/go-bitfield
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
GSA_kwCzR0hTQS0yaDZjLWozZ2YteHA5cs4AAxh4
IPFS go-bitfield vulnerable to DoS via malformed size argumentsEcosystems: go
Packages: github.com/ipfs/go-bitfield
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/temporalio/ui-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 2 months ago
GSA_kwCzR0hTQS04ZjI1LXc3cWotcjdoY84AA6i3
Temporal UI Server cross-site scripting vulnerabilityEcosystems: go
Packages: github.com/temporalio/ui-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/zinclabs/zinc, github.com/zincsearch/zincsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS03ajZ4LTQybW0tcDdqbc4AA0Rd
Zinc Cross-site Scripting vulnerabilityEcosystems: go
Packages: github.com/zinclabs/zinc, github.com/zincsearch/zincsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
Ecosystems: go
Packages: github.com/cortexproject/cortex
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwaG0tZzg5bS12NDJw
Path traversal in Grafana CortexEcosystems: go
Packages: github.com/cortexproject/cortex
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjOXctd3ZxMi1mZm05
Server Side Request Forgery in GrafanaEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1cmgtdzZ2bS05Z2hj
Denial of service in GrafanaEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 10 months ago
GSA_kwCzR0hTQS12NWZtLWhyNzItMjdoeM4AA0z0
Nomad Search API Leaks Information About CSI PluginsEcosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 10 months ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1wcDNwLTZqamgtcm1nN84AAwpC
usememos/memos Improper Access Control vulnerabilityEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/woodpecker-ci/woodpecker
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
GSA_kwCzR0hTQS12bXA1LWM1aHAtNmM2Nc1RJQ
Woodpecker allows cross-site scripting (XSS) via build logsEcosystems: go
Packages: github.com/woodpecker-ci/woodpecker
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/openark/orchestrator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS03NTJjLXZmcGYtY3Ayd84AArAR
openark/orchestrator cross-site scripting vulnerabilityEcosystems: go
Packages: github.com/openark/orchestrator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/ca17/teamsacs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1od3Z3LWdoMjMtcXB2cc4AA6ix
CA17 TeamsACS Cross Site Scripting vulnerabilityEcosystems: go
Packages: github.com/ca17/teamsacs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 years ago
GSA_kwCzR0hTQS1mMzdxLXE3cDItY2NmY807ZA
Resource exhaustion in MattermostEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 26 days ago
GSA_kwCzR0hTQS0ybW03LXg1aDYtNXB2cc4AA7PS
Moby (Docker Engine) started with non-empty inheritable Linux process capabilitiesEcosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 26 days ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 2 years ago
GSA_kwCzR0hTQS1xZ2djLXBqMjktajI3bc07ZQ
Improper Privilege Management in MattermostEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago
GSA_kwCzR0hTQS1yM2dxLXd4cWYtcTRnaM0qQA
Cross-site Scripting in GiteaEcosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqNTQtY2pyeC14Njk2
Observable Discrepancy in ArgoEcosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS02Y3ZmLW01OHEtaDl3Zs4AAxwk
Answer vulnerable to Cross-site ScriptingEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 2 months ago
GSA_kwCzR0hTQS14MzJtLW12ZmotNTJ4ds4AA6Fg
Bypassing Brute Force Protection via Application Crash and In-Memory Data LossEcosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 2 months ago
Moderate
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 24 days ago
GSA_kwCzR0hTQS01eGZnLXd2OTgtMjY0bc4AA7Sj
Sensitive Information leak via Log File in KubernetesEcosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 24 days ago
Moderate
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS1meDVwLWY2NGgtOTN4Y804Iw
Opened exploitable ports in default docker-compose.yaml in go-ipfsEcosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 2 years ago
GSA_kwCzR0hTQS1tcHE0LXJqajgtZmpwaM0vDQ
Uncontrolled Resource Consumption in github.com/google/fscryptEcosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS02Zng5LTI5eDItZm1mas4AAwpG
usememos/memos Improper Access Control vulnerabilityEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
GSA_kwCzR0hTQS00anJ4LTV3NGgtM2dwbc4AA7co
Navidrome Parameter Tampering vulnerabilityEcosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
GSA_kwCzR0hTQS1oNmg1LTZmbXEtcmgyOM01gw
Path traversal allows leaking out-of-bound files from Argo CD repo-serverEcosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: helm.sh/helm
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 years ago
GSA_kwCzR0hTQS14cnhtLW12cW0tcjU1M84AAUMu
Helm Path TraversalEcosystems: go
Packages: helm.sh/helm
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 4 months ago
GSA_kwCzR0hTQS02aHdnLXc1amctOWM2eM4AA4-y
Path Traversal in Moby builderEcosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 4 months ago
Moderate
Ecosystems: go
Packages: github.com/evmos/evmos/v13, github.com/evmos/evmos/v13/x/vesting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS1tOTljLXEyNnItbTdtN84AA7I6
Evmos vulnerable to unauthorized account creation with vesting moduleEcosystems: go
Packages: github.com/evmos/evmos/v13, github.com/evmos/evmos/v13/x/vesting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 3 months ago
GSA_kwCzR0hTQS12ZnBoLWhqZnYtY3B2Ms4AA5Wx
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-securityEcosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/kitabisa/teler-waf
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
GSA_kwCzR0hTQS05Zjk1LWhoZzQtcGc0Zs4AAx5S
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities PayloadEcosystems: go
Packages: github.com/kitabisa/teler-waf
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 2 months ago
GSA_kwCzR0hTQS1tcTM5LTRndjQtbXZweM4AA6LH
Moby's external DNS requests from 'internal' networks could lead to data exfiltrationEcosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 4 months ago
GSA_kwCzR0hTQS1wNHJ4LTd3dmctZndyY84AA4U1
CRI-O's pods can break out of resource confinement on cgroupv2Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 4 months ago
Moderate
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNm0tcjhqYy0yZ3A3
Asymmetric Resource Consumption (Amplification) in Docker containers created by WingsEcosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/ory/hydra
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwM2ctdnB3Ni00dzY2
Authentication Bypass in hydraEcosystems: go
Packages: github.com/ory/hydra
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/dutchcoders/transfer.sh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1wd3E3LWY3ZjktY20yas4AAvIC
Dutchoders transfer.sh contains an XSS vulnerability via malicious file uploadEcosystems: go
Packages: github.com/dutchcoders/transfer.sh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 3 months ago
GSA_kwCzR0hTQS14OTg5LTUyZmMtNHZyNM4AA5Zr
Unencrypted traffic between pods when using Wireguard and an external kvstoreEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
GSA_kwCzR0hTQS1oanY5LWhtMmYtcnBjas4AAx5P
Grafana vulnerable to Cross-site ScriptingEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
GSA_kwCzR0hTQS14dzVwLWh3OGoteGc0cc4AAx5O
Grafana vulnerable to Cross-site ScriptingEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xZjMtMjhqNy0zbWo2
Information Exposure in KubernetesEcosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: almost 2 years ago
GSA_kwCzR0hTQS1ybTdjLXg2Z2otMm1yOM4AAmtK
Heketi logs sensitive informationEcosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/gohugoio/hugo
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 25 days ago
GSA_kwCzR0hTQS1wcGY4LWhocHAtZjVoas4AA7QS
Hugo Markdown titles do not escaped in internal render hooksEcosystems: go
Packages: github.com/gohugoio/hugo
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 25 days ago
Moderate
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1
Apache Answer Cross-site Scripting vulnerabilityEcosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS12OTJwLXBobXAteGZmcs4AAwno
usememos/memos vulnerable to stored Cross-site ScriptingEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS13eDhxLXJnZnItY2Y2ds0XGw
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-serverEcosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/grafana/loki
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyajUtOHg2cS1oYzlx
Path traversal in Grafana LokiEcosystems: go
Packages: github.com/grafana/loki
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/lestrrat-go/jwx/v2, github.com/lestrrat-go/jwx
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 5 months ago
GSA_kwCzR0hTQS03Zjl4LWd3ODUtOGdyZs4AA3lA
lestrrat-go/jwx's malicious parameters in JWE can cause a DOSEcosystems: go
Packages: github.com/lestrrat-go/jwx/v2, github.com/lestrrat-go/jwx
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 5 months ago
Moderate
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS1jaHhmLWZqY2YtN2Z3cM0vfg
Possible filesystem space exhaustion by local usersEcosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS1ndjlqLTR3MjQtcTd2eM0vfQ
Improper random number generation in github.com/coredns/corednsEcosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS04Y3ZyLTRycmYtZjI0NM0XIQ
Infinite open connection causes OctoRPKI to hang foreverEcosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1xcndtLXhxZnItNHZods4AAx9u
Answer vulnerable to Cross-site ScriptingEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS05OWc1LTU2NDMteHBocM4AAv0J
mm-wiki is vulnerable to Cross-Site Scripting (XSS)Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS05djR2LTlmajUtcDk4Ms4AAx90
Answer vulnerable to Cross-site ScriptingEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: mellium.im/xmpp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS1oMjg5LXg1d2MteGN2OM0scA
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocketEcosystems: go
Packages: mellium.im/xmpp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS1oODV2LWN4NW0tNzh3as4AAx9t
Answer vulnerable to Cross-site ScriptingEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS0yNmhyLXEyd3AtcnZjNc4AA3q9
User with permission to write actions can impersonate another user when auth token is configured in environment variableEcosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
Ecosystems: go
Packages: golang.org/x/image
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 1 year ago
GSA_kwCzR0hTQS1xZ2M3LW1nbTMtcTI1M84AAxtL
Uncontrolled Resource Consumption in golang.org/x/imageEcosystems: go
Packages: golang.org/x/image
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: github.com/blevesearch/bleve/v2, github.com/blevesearch/bleve
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: almost 2 years ago
GSA_kwCzR0hTQS05dzlmLTZtZzgtanA3d84AArY5
Missing Role Based Access Control for the REST handlers in bleve/http packageEcosystems: go
Packages: github.com/blevesearch/bleve/v2, github.com/blevesearch/bleve
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 2 years ago
GSA_kwCzR0hTQS02am02LWNtY3AtZnFqcc0sVA
Nomad Spread Job Stanza May Trigger Panic in ServersEcosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS13NGY4LWZ4cTItajM1ds0vfw
Possible privilege escalation via bash completion scriptEcosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
GSA_kwCzR0hTQS03cGhyLTZjYzktNG01cc4AAhJF
Grafana Cross-site Scripting vulnerabilityEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
GSA_kwCzR0hTQS0zaHY0LXIyZm0taDI3Zs4AA5Rd
Email Validation Bypass And Preventing Sign Up From Email's OwnerEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: about 1 month ago
GSA_kwCzR0hTQS0yZ3Z3LXc2ZmotN20zY84AA7Bd
Argo CD's API server does not enforce project sourceNamespacesEcosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
GSA_kwCzR0hTQS1ocDU2LXh2ZjQtZzZ3cs4AA19U
Cros secrets may be disclosed to untrusted relayEcosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/in-toto/in-toto-golang
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 2 years ago
GSA_kwCzR0hTQS12cnhwLW1nOWYtaHdmM80V7g
Improperly Implemented path matching for in-toto-golangEcosystems: go
Packages: github.com/in-toto/in-toto-golang
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
GSA_kwCzR0hTQS03Z2djLTVyODQteGY1NM4AAtZZ
Mattermost users could access some sensitive information via API callEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS05cGhoLXIzN3YtMzR3aM4AA1SQ
lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML FilesEcosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 1 year ago
GSA_kwCzR0hTQS13ajZ4LWhjYzItZjMyas4AAyAz
Consul Server Panic when Ingress and API Gateways Configured with Peering ConnectionsEcosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 1 year ago
Moderate
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: almost 2 years ago
GSA_kwCzR0hTQS1ocXgyLWozM3gtOWZjNM4AAhQu
Gitea XSS Vulnerability in Repository DescriptionEcosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: almost 2 years ago
Moderate
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5dzYtcmhoOS03djUz
Incorrect Authorization in HashiCorp ConsulEcosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS1wbWNyLTJyaHAtMzZocs0mRw
SQL injection in github.com/navidrome/navidromeEcosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyZnAtcTJtbS1oZnA2
Redirect URL matching ignores character casingEcosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZodjMtN2MzNC00aHg4
Hashicorp Nomad Information Exposure Through Environmental VariablesEcosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 547
Ecosystems: 12
Packages: 8,381
Repositories: 547
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
github.com/usememos/memos
59
github.com/grafana/grafana
44
github.com/mattermost/mattermost/server/v8
38
github.com/mattermost/mattermost-server/v6
37
github.com/answerdev/answer
34
k8s.io/kubernetes
32
github.com/argoproj/argo-cd
29
github.com/rancher/rancher
28
github.com/hashicorp/vault
28
github.com/hashicorp/consul
26
github.com/hashicorp/nomad
26
gogs.io/gogs
24
github.com/argoproj/argo-cd/v2
23
github.com/cilium/cilium
20
github.com/docker/docker
20
github.com/ethereum/go-ethereum
20
code.gitea.io/gitea
19
helm.sh/helm/v3
18
golang.org/x/net
17
github.com/goharbor/harbor
15
github.com/containerd/containerd
14
github.com/nats-io/nats-server/v2
13
github.com/traefik/traefik/v2
13
github.com/mattermost/mattermost-server
13
github.com/opencontainers/runc
12
github.com/moby/moby
12
github.com/go-gitea/gitea
12
github.com/1Panel-dev/1Panel
11
github.com/cloudflare/cfrpki
11
github.com/openfga/openfga
11
github.com/zitadel/zitadel
11
github.com/greenpau/caddy-security
10
github.com/cosmos/cosmos-sdk
9
github.com/sylabs/singularity
9
github.com/cri-o/cri-o
9
github.com/kubernetes/kubernetes
9
golang.org/x/crypto
9
istio.io/istio
8
github.com/kubeedge/kubeedge
8
github.com/pterodactyl/wings
8
go.etcd.io/etcd
8
github.com/containers/podman/v4
8
github.com/pomerium/pomerium
8
github.com/google/fscrypt
7
k8s.io/ingress-nginx
7
github.com/traefik/traefik
7
github.com/nats-io/jwt
7
github.com/beego/beego
7
github.com/hashicorp/go-getter
7
helm.sh/helm
7
github.com/russellhaering/gosaml2
6
github.com/gravitl/netmaker
6
github.com/pion/dtls
6
github.com/russellhaering/goxmldsig
6
github.com/apache/trafficcontrol
6
github.com/sigstore/cosign
6
github.com/hyperledger/fabric
6
github.com/authzed/spicedb
6
github.com/fluxcd/flux2
6
github.com/treeverse/lakefs
6
github.com/cubefs/cubefs
6
github.com/beego/beego/v2
6
kubevirt.io/kubevirt
6
github.com/schollz/croc/v9
5
github.com/hashicorp/go-getter/v2
5
github.com/mattermost/mattermost-server/v5
5
github.com/foxcpp/maddy
5
go.etcd.io/etcd/v3
5
github.com/tendermint/tendermint
5
github.com/kyverno/kyverno
5
github.com/kiali/kiali
5
github.com/cometbft/cometbft
5
github.com/stacklok/minder
5
github.com/moby/buildkit
5
github.com/traefik/traefik/v3
5
github.com/gofiber/fiber/v2
5
github.com/fluxcd/kustomize-controller
5
github.com/ipfs/go-ipfs
5
github.com/apache/incubator-answer
5
github.com/IBAX-io/go-ibax
5
github.com/KubeOperator/kubepi
5
github.com/containers/buildah
5
github.com/0xJacky/Nginx-UI
5
github.com/pion/dtls/v2
5
github.com/gophish/gophish
5
github.com/arduino/arduino-create-agent
4
github.com/crewjam/saml
4
github.com/free5gc/free5gc
4
golang.org/x/net/http2
4
github.com/dexidp/dex
4
github.com/dhowden/tag
4
github.com/ory/fosite
4
github.com/alist-org/alist/v3
4
github.com/concourse/concourse
4
github.com/containers/podman/v3
4
github.com/git-lfs/git-lfs
4
github.com/oauth2-proxy/oauth2-proxy
4
github.com/casdoor/casdoor
4
github.com/argoproj/argo-workflows/v3
4
github.com/tidwall/gjson
4
github.com/aws/aws-sdk-go
4
github.com/coredns/coredns
4
github.com/open-policy-agent/opa
4
github.com/hashicorp/go-getter/gcs/v2
4
github.com/hashicorp/go-getter/s3/v2
4
github.com/lestrrat-go/jwx
4
github.com/lestrrat-go/jwx/v2
4
github.com/IceWhaleTech/CasaOS-UserService
4
github.com/gin-gonic/gin
4
github.com/docker/distribution
3
github.com/apache/servicecomb-service-center
3
github.com/hashicorp/vault/vault
3
github.com/quic-go/quic-go
3
gopkg.in/yaml.v2
3
github.com/tiagorlampert/CHAOS
3
k8s.io/client-go
3
github.com/syncthing/syncthing
3
github.com/crossplane/crossplane
3
github.com/flyteorg/flyteadmin
3
github.com/openshift/origin
3
github.com/ory/oathkeeper
3
github.com/ElrondNetwork/elrond-go
3
github.com/lightningnetwork/lnd
3
github.com/libp2p/go-libp2p
3
github.com/cheqd/cheqd-node
3
github.com/minio/minio
3
go.etcd.io/etcd/client/v3
3
github.com/sigstore/cosign/v2
3
github.com/fluxcd/helm-controller
3
golang.org/x/text
3
github.com/nats-io/jwt/v2
3
github.com/navidrome/navidrome
3
github.com/crypto-org-chain/cronos
3
github.com/owncast/owncast
3
github.com/heketi/heketi
3
github.com/mholt/archiver
3
vitess.io/vitess
3
github.com/consensys/gnark
3
github.com/projectcalico/calico
3
github.com/notaryproject/notation
3
github.com/miekg/dns
3
github.com/tharsis/evmos
3
github.com/dutchcoders/transfer.sh
3
github.com/edgelesssys/constellation/v2
3
github.com/weaveworks/weave-gitops
3
github.com/caddyserver/caddy
3
github.com/authelia/authelia/v4
3
github.com/phachon/mm-wiki
3
github.com/cortexproject/cortex
3
github.com/square/go-jose
3
github.com/go-vela/server
3
github.com/jackc/pgx/v4
3
github.com/artifacthub/hub
3
github.com/hashicorp/boundary
3
golang.org/x/image
3
github.com/buildkite/elastic-ci-stack-for-aws/v6
2
Google.Protobuf
2
google/protobuf
2
github.com/protocolbuffers/protobuf
2
github.com/gphper/ginadmin
2
github.com/sigstore/rekor
2
github.com/woodpecker-ci/woodpecker
2
github.com/projectcapsule/capsule-proxy
2
github.com/theupdateframework/go-tuf
2
google.golang.org/grpc
2
github.com/karmada-io/karmada
2
github.com/go-git/go-git/v5
2
protobuf
2
github.com/ansible-semaphore/semaphore
2
github.com/siderolabs/talos
2
github.com/go-yaml/yaml
2
github.com/clastix/capsule-proxy
2
github.com/etcd-io/etcd
2
github.com/openshift/apiserver-library-go
2
github.com/mattermost/mattermost-plugin-jira
2
github.com/edgexfoundry/app-functions-sdk-go/v2
2
github.com/bytebase/bytebase
2
gopkg.in/src-d/go-git.v4
2
github.com/u-root/u-root
2
github.com/apptainer/apptainer
2
github.com/multiversx/mx-chain-go
2
github.com/labring/sealos
2
github.com/jaegertracing/jaeger
2
rancher/rancher
2
github.com/influxdata/influxdb
2
github.com/imgproxy/imgproxy/v3
2
k8s.io/apimachinery
2
github.com/minio/console
2
github.com/dvsekhvalnov/jose2go
2
mellium.im/xmpp
2
github.com/google/exposure-notifications-verification-server
2
github.com/prometheus/prometheus
2
github.com/talos-systems/talos
2
github.com/pingcap/tidb
2
github.com/microcosm-cc/bluemonday
2
github.com/sap/cloud-security-client-go
2
github.com/hashicorp/terraform
2
github.com/argoproj/argo-events
2
github.com/bitly/oauth2_proxy
2
github.com/flipped-aurora/gin-vue-admin/server
2
Filter by Repository
https://github.com/usememos/memos
59
https://github.com/kubernetes/kubernetes
49
https://github.com/grafana/grafana
37
https://github.com/argoproj/argo-cd
37
https://github.com/answerdev/answer
34
https://github.com/go-gitea/gitea
31
https://github.com/rancher/rancher
25
https://github.com/gogs/gogs
20
https://github.com/cilium/cilium
20
https://github.com/helm/helm
19
https://github.com/hashicorp/consul
19
https://github.com/hashicorp/vault
16
https://github.com/ethereum/go-ethereum
16
https://github.com/etcd-io/etcd
16
https://github.com/goharbor/harbor
15
https://github.com/moby/moby
14
https://github.com/mattermost/mattermost
14
https://github.com/containerd/containerd
14
https://github.com/hashicorp/nomad
13
https://github.com/traefik/traefik
13
https://github.com/golang/go
13
https://github.com/cloudflare/cfrpki
11
https://github.com/nats-io/nats-server
11
https://github.com/zitadel/zitadel
11
https://github.com/opencontainers/runc
11
https://github.com/openfga/openfga
11
https://github.com/containers/podman
11
https://github.com/1Panel-dev/1Panel
11
https://github.com/greenpau/caddy-security
10
https://github.com/cosmos/cosmos-sdk
9
https://github.com/cri-o/cri-o
9
https://github.com/istio/istio
8
https://github.com/kubeedge/kubeedge
8
https://github.com/docker/docker
8
https://github.com/pterodactyl/wings
8
https://github.com/pomerium/pomerium
8
https://github.com/hpcng/singularity
7
https://github.com/beego/beego
7
https://github.com/hashicorp/go-getter
7
https://github.com/kubernetes/ingress-nginx
7
https://github.com/google/fscrypt
7
https://github.com/schollz/croc
6
https://github.com/moby/buildkit
6
https://github.com/cubefs/cubefs
6
https://github.com/fluxcd/flux2
6
https://github.com/hyperledger/fabric
6
https://github.com/containers/buildah
6
https://github.com/treeverse/lakeFS
6
https://github.com/authzed/spicedb
6
https://github.com/gravitl/netmaker
6
https://github.com/pion/dtls
6
https://github.com/sigstore/cosign
6
https://github.com/russellhaering/gosaml2
5
https://github.com/stacklok/minder
5
https://github.com/kyverno/kyverno
5
https://github.com/ipfs/go-ipfs
5
https://github.com/IBAX-io/go-ibax
5
https://github.com/gophish/gophish
5
https://github.com/gofiber/fiber
5
https://github.com/free5gc/free5gc
5
https://github.com/foxcpp/maddy
5
https://github.com/crewjam/saml
5
https://github.com/cometbft/cometbft
5
https://github.com/argoproj/argo-workflows
5
https://github.com/0xJacky/nginx-ui
5
https://github.com/tendermint/tendermint
5
https://github.com/open-policy-agent/opa
4
https://github.com/arduino/arduino-create-agent
4
https://github.com/grafana/bugbounty
4
https://github.com/dhowden/tag
4
https://github.com/dexidp/dex
4
https://github.com/tidwall/gjson
4
https://github.com/siderolabs/talos
4
https://github.com/containous/traefik
4
https://github.com/gin-gonic/gin
4
https://github.com/lestrrat-go/jwx
4
https://github.com/git-lfs/git-lfs
4
https://github.com/IceWhaleTech/CasaOS-UserService
4
https://github.com/oauth2-proxy/oauth2-proxy
4
https://github.com/concourse/concourse
4
https://github.com/kubevirt/kubevirt
4
https://github.com/aws/aws-sdk-go
4
https://github.com/nats-io/jwt
4
https://github.com/ory/fosite
4
https://github.com/casdoor/casdoor
4
https://github.com/tailscale/tailscale
3
https://github.com/ipfs/boxo
3
https://github.com/quic-go/quic-go
3
https://github.com/edgelesssys/constellation
3
https://github.com/coredns/coredns
3
https://github.com/dutchcoders/transfer.sh
3
https://github.com/ElrondNetwork/elrond-go
3
https://github.com/cortexproject/cortex
3
https://github.com/cheqd/cheqd-node
3
https://github.com/kiali/kiali
3
https://github.com/libp2p/go-libp2p
3
https://github.com/openshift/origin
3
https://github.com/KubeOperator/KubePi
3
https://github.com/weaveworks/weave-gitops
3
https://github.com/phachon/mm-wiki
3
https://github.com/crossplane/crossplane
3
https://github.com/kubernetes-sigs/secrets-store-csi-driver
3
https://github.com/caddyserver/caddy
3
https://github.com/open-telemetry/opentelemetry-go-contrib
3
https://github.com/vitessio/vitess
3
https://github.com/go-vela/server
3
https://github.com/flyteorg/flyteadmin
3
https://github.com/syncthing/syncthing
3
https://github.com/go-yaml/yaml
3
https://github.com/apache/trafficcontrol
3
https://github.com/minio/minio
3
https://github.com/moby/libnetwork
3
https://github.com/flipped-aurora/gin-vue-admin
3
https://github.com/sylabs/singularity
3
https://github.com/alist-org/alist
3
https://github.com/navidrome/navidrome
3
https://github.com/evmos/evmos
3
https://github.com/Consensys/gnark
3
https://github.com/tiagorlampert/CHAOS
3
https://github.com/gogits/gogs
3
https://github.com/artifacthub/hub
3
https://github.com/heketi/heketi
3
https://github.com/u-root/u-root
3
https://github.com/square/go-jose
3
https://github.com/authelia/authelia
3
https://github.com/ory/oathkeeper
3
https://github.com/Consensys/gnark-crypto
2
https://github.com/cosmos/ethermint
2
https://github.com/codenotary/immudb
2
https://github.com/multiversx/mx-chain-go
2
https://github.com/minio/console
2
https://github.com/miekg/dns
2
https://github.com/microcosm-cc/bluemonday
2
https://github.com/lightningnetwork/lnd
2
https://github.com/coreos/etcd
2
https://github.com/mholt/archiver
2
https://github.com/Masterminds/goutils
2
https://github.com/containers/image
2
https://github.com/mattermost/mattermost-plugin-jira
2
https://github.com/woodpecker-ci/woodpecker
2
https://github.com/containers/libpod
2
https://github.com/mellium/xmpp
2
https://github.com/heroiclabs/nakama
2
https://github.com/envoyproxy/envoy
2
https://github.com/hashicorp/terraform
2
https://github.com/facebook/fbthrift
2
https://github.com/fkie-cad/yapscan
2
https://github.com/fleetdm/fleet
2
https://github.com/fluid-cloudnative/fluid
2
https://github.com/gphper/ginadmin
2
https://github.com/flynn/noise
2
https://github.com/gotify/server
2
https://github.com/goreleaser/goreleaser
2
https://github.com/ulikunitz/xz
2
https://github.com/unknwon/cae
2
https://github.com/google/exposure-notifications-verification-server
2
https://github.com/go-git/go-git
2
https://github.com/golang/crypto
2
https://github.com/go-jose/go-jose
2
https://github.com/gohugoio/hugo
2
https://github.com/labstack/echo
2
https://github.com/labring/sealos
2
https://github.com/temporalio/temporal
2
https://github.com/crypto-org-chain/cronos
2
https://github.com/kitabisa/teler-waf
2
https://github.com/kitabisa/teler
2
https://github.com/distribution/distribution
2
https://github.com/drakkan/sftpgo
2
https://github.com/jackc/pgproto3
2
https://github.com/ipld/go-codec-dagpb
2
https://github.com/dvsekhvalnov/jose2go
2
https://github.com/ecnepsnai/web
2
https://github.com/edgelesssys/marblerun
2
https://github.com/influxdata/influxdb
2
https://github.com/imgproxy/imgproxy
2
https://github.com/IceWhaleTech/CasaOS
2
https://github.com/elastic/beats
2
https://github.com/theupdateframework/go-tuf
2
https://github.com/cloudflare/circl
2
https://github.com/bottlerocket-os/bottlerocket
2
https://github.com/opencontainers/distribution-spec
2
https://github.com/rancher/wrangler
2
https://github.com/projectcapsule/capsule-proxy
2
https://github.com/sigstore/rekor
2
https://github.com/atredispartners/advisories
2
https://github.com/swaggo/http-swagger
2
https://github.com/openshift/apiserver-library-go
2
https://github.com/brokercap/Bifrost
2
https://github.com/stripe/smokescreen
2
https://github.com/argoproj/argo-events
2
https://github.com/zalando/skipper
2
https://github.com/owncast/owncast
2
https://github.com/russellhaering/goxmldsig
2
https://github.com/buger/jsonparser
2
https://github.com/peterzen/goresolver
2
https://github.com/pingcap/tidb
2
https://github.com/supranational/blst
2
https://github.com/apptainer/apptainer
2
https://github.com/pires/go-proxyproto
2