Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Browse all Security Advisories for go

Moderate

GSA_kwCzR0hTQS1yNHBnLXZnNTQtd3h4NM4ABBmY

cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Ecosystems: go
Packages: github.com/cert-manager/cert-manager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 17 hours ago

Moderate

GSA_kwCzR0hTQS05YzVwLTM1Z2otanFwNM4ABBlz

Rancher Helm Applications may have sensitive values leaked
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: about 19 hours ago

High

GSA_kwCzR0hTQS03MjI1LW05NTQtMjN2N84ABBlx

ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
Ecosystems: go
Packages: cosmossdk.io/math
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 19 hours ago

High

GSA_kwCzR0hTQS1qNWhxLTVqY3IteHd4N84ABBlw

github.com/rancher/steve's users can issue watch commands for arbitrary resources
Ecosystems: go
Packages: github.com/rancher/steve
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 19 hours ago

Moderate

GSA_kwCzR0hTQS1ocnhoLTl3NjctZzRjds4ABBj8

Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Ecosystems: go
Packages: github.com/rclone/rclone
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 1 day ago

High

GSA_kwCzR0hTQS1oN3dxLWpqOHItcW03cM4ABBb-

Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 4 days ago

High

GSA_kwCzR0hTQS1waG00LXdmM2gtcGMzcs4ABBaC

Unpatched Remote Code Execution in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago

Moderate

GSA_kwCzR0hTQS01cjJnLTU5cHgtM3E5d84ABBYl

Stored XSS using two files in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago

High

GSA_kwCzR0hTQS1wMmgyLTN2ZzktNHA4N84ABBW1

Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
Ecosystems: go
Packages: github.com/cli/cli, github.com/cli/cli/v2
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 days ago

High

GSA_kwCzR0hTQS1yODY0LTI4cHctODY4Ms4ABBWV

Harbor fails to validate the user permissions when updating p2p preheat policies
Ecosystems: go
Packages: github.com/goharbor/harbor/src, github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 7 days ago

High

GSA_kwCzR0hTQS03aHBmLWc0OHYtaHczas4ABBP-

Zoraxy has an authenticated command injection in the Web SSH feature
Ecosystems: go
Packages: github.com/tobychui/zoraxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago

High

GSA_kwCzR0hTQS1ncHBtLWhxM3AtaDRycM4ABBGS

Git credentials are exposed in Atlantis logs
Ecosystems: go
Packages: github.com/runatlantis/atlantis
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago

Moderate

GSA_kwCzR0hTQS0ydzV2LXgyOWctanc3as4ABBEY

Hashicorp Nomad Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 14 days ago

High

GSA_kwCzR0hTQS1xNzh2LWN2MzYtOGZ4as4ABBD0

Devtron has SQL Injection in CreateUser API
Ecosystems: go
Packages: github.com/devtron-labs/devtron
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago

High

GSA_kwCzR0hTQS1wN212LTUzZjItNGN3as4ABBBp

CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago

Low

GSA_kwCzR0hTQS04cG1wLTY3OHctYzh4eM4ABA-V

gitsign may use incorrect Rekor entries during verification
Ecosystems: go
Packages: github.com/sigstore/gitsign
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago

Critical

GSA_kwCzR0hTQS13dnY3LXdtNXYtdzJnds4ABA-U

Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Ecosystems: go
Packages: github.com/j3ssie/osmedeus
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago

Low

GSA_kwCzR0hTQS1naHg0LWNneHctN2g5cM4ABA9J

LocalAI Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/mudler/LocalAI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago

Low

GSA_kwCzR0hTQS0yOXd4LXZoMzMtN3g3cs4ABA9C

Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
Ecosystems: go
Packages: github.com/golang-jwt/jwt/v4
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 17 days ago

Moderate

GSA_kwCzR0hTQS1xM3JwLXZ2bTctajhqZ84ABA7y

Safearchive Path Traversal vulnerability
Ecosystems: go
Packages: github.com/google/safearchive
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago

High

GSA_kwCzR0hTQS02aDh3LWhyZnAtcGZmeM4ABA2e

Plenti arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/plentico/plenti
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago

High

GSA_kwCzR0hTQS0ycDk2LXA3cWgtNHJncs4ABA2d

Plenti arbitrary file write vulnerability
Ecosystems: go
Packages: github.com/plentico/plenti
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago

High

GSA_kwCzR0hTQS05NWoyLXc4eDctaG04OM4ABA2Z

Ollama Out-of-bounds Read
Ecosystems: go
Packages: github.com/ollama/ollama
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago

Moderate

GSA_kwCzR0hTQS1jcGg1LTNwZ3ItYzgyZ84ABA2F

Gnark out-of-memory during deserialization with crafted inputs
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 21 days ago

High

GSA_kwCzR0hTQS1nMjMzLTJwNHItM3E3ds4ABA2E

Hashicorp Vault vulnerable to denial of service through memory exhaustion
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 21 days ago

Moderate

GSA_kwCzR0hTQS01YzR3LThoaGgtM2MzaM4ABA1Z

Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 22 days ago

Moderate

GSA_kwCzR0hTQS05OXdyLWMycHgtZ3JtaM4ABA1X

Hashicorp Consul Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 22 days ago

High

GSA_kwCzR0hTQS1jaGdtLTdyNTItd2hqas4ABA1Y

Hashicorp Consul Path Traversal vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: 22 days ago

Moderate

GSA_kwCzR0hTQS1mNzQ4LTdocGctODhjaM4ABAzB

NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Ecosystems: go
Packages: github.com/NVIDIA/nvidia-container-toolkit
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 23 days ago

Critical

GSA_kwCzR0hTQS1tamp3LTU1M3gtODdwcc4ABAzA

NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
Ecosystems: go
Packages: github.com/NVIDIA/nvidia-container-toolkit
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 23 days ago

Low

GSA_kwCzR0hTQS02NmM0LTJnMnYtNTRxd84ABAyx

Grafana org admin can delete pending invites in different org
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 23 days ago

High

GSA_kwCzR0hTQS1xanZjLXA4OGotajlybc4ABAxq

Kyverno's PolicyException objects can be created in any namespace by default
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 23 days ago

Moderate

GSA_kwCzR0hTQS02bXZwLWdoNzctN3Z3aM4ABAwn

Mattermost Server allows user to get private channel names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago

Moderate

GSA_kwCzR0hTQS1nMzc2LW0zaDMtbWo0cs4ABAwy

Mattermost server allows authenticated user to delete arbitrary post
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago

Moderate

GSA_kwCzR0hTQS03NjJnLTlwN2YtbXJ3d84ABAwp

Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago

Moderate

GSA_kwCzR0hTQS03NjJ2LXJxN3EtZmY5N84ABAw6

Mattermost Server vulnerable to application crash from attacker-generated large response
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago

Moderate

GSA_kwCzR0hTQS13Y3g5LWNjcGotaHgzY84ABAuW

Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect')
Ecosystems: go
Packages: github.com/coder/coder/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago

Moderate

GSA_kwCzR0hTQS1naGp3LTMyeHctZmZ3cs4ABAt8

Argo Workflows Controller: Denial of Service via malicious daemon Workflows
Ecosystems: go
Packages: github.com/argoproj/argo-workflows/v3
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 24 days ago

Low

GSA_kwCzR0hTQS1obTU3LWgyN3gtNTk5Y84ABAtz

Mattermost incorrectly issues two sessions when using desktop SSO
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago

Critical

GSA_kwCzR0hTQS03aDY1LTRwMjItMzlqNs4ABArB

github.com/crossplane/crossplane: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 27 days ago

Critical

GSA_kwCzR0hTQS14N3hqLWp2d3AtOTdyds4ABArA

RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Ecosystems: go
Packages: github.com/rancher/rke2
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 27 days ago

Critical

GSA_kwCzR0hTQS1oOTltLTY3NTUtcmd3Y84ABAq_

Rancher Remote Code Execution via Cluster/Node Drivers
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: 27 days ago

High

GSA_kwCzR0hTQS14ajd3LXI3NTMtdmo4ds4ABAq-

Exposure of vSphere's CPI and CSI credentials in Rancher
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: 27 days ago

Critical

GSA_kwCzR0hTQS03aDhtLXB2dzMtNWdoNM4ABAq9

Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: 27 days ago

High

GSA_kwCzR0hTQS0zcm13LTc2bTYtNGdqY84ABAq8

User Registration Bypass in Zitadel
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago

Moderate

GSA_kwCzR0hTQS02Y2Y1LXc5aDMtNHJxds4ABAq7

Denied Host Validation Bypass in Zitadel Actions
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago

Moderate

GSA_kwCzR0hTQS1tcXI5LWhqcjgtMm05d84ABAqm

Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
Ecosystems: go
Packages: github.com/libp2p/go-libp2p-kad-dht
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 27 days ago

Low

GSA_kwCzR0hTQS1yamZ2LXBqdngtbWpnds4ABAoo

AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers
Ecosystems: go
Packages: sigs.k8s.io/aws-load-balancer-controller
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 28 days ago

Moderate

GSA_kwCzR0hTQS0zd3d4LTYzZnYtcGZxNs4ABAhN

Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 1 month ago

High

GSA_kwCzR0hTQS1wNXdmLWNtcjQteHJ3cs4ABAbh

Permissive Regular Expression in tacquito
Ecosystems: go
Packages: github.com/facebookincubator/tacquito
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago

Critical

GSA_kwCzR0hTQS1xOTltLXFjdjQtZnBtN84ABAao

Grafana Command Injection And Local File Inclusion Via Sql Expressions
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS04anBnLTYyamMtaHdocs4ABATC

VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Ecosystems: go
Packages: github.com/kubernetes-sigs/image-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS14aHIzLXdmN2otaDI1Nc4ABATH

Infinite loop in github.com/gomarkdown/markdown
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 1 month ago

Critical

GSA_kwCzR0hTQS05MjI0LWdndnctd2g3ds4ABATP

VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Ecosystems: go
Packages: github.com/kubernetes-sigs/image-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago

Low

GSA_kwCzR0hTQS0zYzMyLTRocTktNndnas4ABAQV

SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 month ago

Low

GSA_kwCzR0hTQS12djZjLTY5cjYtY2hnOc4ABAQQ

Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly
Ecosystems: go
Packages: github.com/landlock-lsm/go-landlock
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS1wMjZyLWdmZ2MtYzQ3aM4ABAQI

KubeSphere IDOR vulnerability
Ecosystems: go
Packages: github.com/kubesphere/kubesphere
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS04cm0yLTkzbXEtanFoY84ABANU

Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Ecosystems: go
Packages: github.com/codeclysm/extract, github.com/codeclysm/extract/v4, github.com/codeclysm/extract/v3
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 1 month ago

Critical

GSA_kwCzR0hTQS1qMmhyLXE5M3gtZ3h2aM4ABANS

SSOReady has an XML Signature Bypass via differential XML parsing
Ecosystems: go
Packages: github.com/ssoready/ssoready
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago

High

GSA_kwCzR0hTQS1ycjhqLTd3MzQteHA1as4ABALz

Vault Community Edition privilege escalation vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS04cHBoLWdmaHAtdzIyNs4ABALg

Alist reflected Cross-Site Scripting vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS00Z2Z3LXdmN2MtdzZnMs4ABALS

Authd allows attacker-controlled usernames to yield controllable UIDs
Ecosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago

High

GSA_kwCzR0hTQS0yN3ZoLWg2bWMtcTZnOM4ABALR

btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
Ecosystems: go
Packages: github.com/btcsuite/btcd
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: about 1 month ago

Low

GSA_kwCzR0hTQS13N3FyLXE5ZmgtZmozNc4ABAJK

Dozzle uses unsafe hash for passwords
Ecosystems: go
Packages: github.com/amir20/dozzle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS01ODZwLTc0OWotZmh3cM4ABAIr

Buildah allows arbitrary directory mount
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 1 month ago

High

GSA_kwCzR0hTQS05Y3A5LThndzItOHY3bc4ABAFg

Adguard Home arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/AdguardTeam/AdGuardHome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS14d2dqLXZwbTktcTJycc4AA_71

Vulnerable juju introspection abstract UNIX domain socket
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS04djR3LWY0cjktN2g2eM4AA_70

Vulnerable juju hook tool abstract UNIX domain socket
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 months ago

High

GSA_kwCzR0hTQS14NXEzLWM4cm0tdzc4N84AA_7z

PAM module may allow accessing with the credentials of another user
Ecosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

Low

GSA_kwCzR0hTQS13cHIyLWo2Z3ItcGp3Oc4AA_7y

OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Ecosystems: go
Packages: github.com/opentofu/opentofu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS1taDk4LTc2M2gtbTl2NM4AA_7w

JUJU_CONTEXT_ID is a predictable authentication secret
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 2 months ago

High

GSA_kwCzR0hTQS1yN3JoLWp3dzUtNWZqcs4AA_7j

Pomerium service account access token may grant unintended access to databroker API
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: about 2 months ago

High

GSA_kwCzR0hTQS05bWp3LTc5cjYtYzltOM4AA_6G

Portainer improperly uses an encryption algorithm in the AesEncrypt function
Ecosystems: go
Packages: github.com/portainer/portainer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS1maHFxLThmNjUtNXhmY84AA_6C

Improper Input Validation in Buildah and Podman
Ecosystems: go
Packages: github.com/containers/podman/v4, github.com/containers/podman/v3, github.com/containers/podman/v2, github.com/containers/podman, github.com/containers/podman/v5, github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 2 months ago

High

GSA_kwCzR0hTQS0zaDN4LTJod3YtaHI1Ms4AA_6A

Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
Ecosystems: go
Packages: github.com/golang-fips/openssl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS1tYzc2LTU5MjUtYzVwNs4AA_5_

Link Following in github.com/containers/common
Ecosystems: go
Packages: github.com/containers/common
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 2 months ago

High

GSA_kwCzR0hTQS00ZjhyLXFxcjktZnE4as4AA_5h

Incorrect delegation lookups can make go-tuf download the wrong artifact
Ecosystems: go
Packages: github.com/theupdateframework/go-tuf/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

High

GSA_kwCzR0hTQS1qZzc0LW13Z3ctdjZ4M84AA_zy

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago

High

GSA_kwCzR0hTQS1oNGg1LTk4MzMtdjJwNM4AA_zt

Rancher agents can be hijacked by taking over the Rancher Server URL
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS13YzQzLTczdzcteDJmNc4AA_zB

Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Ecosystems: go
Packages: github.com/ory/kratos
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS01OWhmLW1wZjgtcHFqaM4AA_yl

Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS1tNWd2LW01Zjktd2d2NM4AA_yA

Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability
Ecosystems: go
Packages: github.com/grafana/agent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS1jaHF4LTM2cm0tcmY4aM4AA_x0

Grafana Alloy on Windows has Unquoted Search Path or Element vulnerability
Ecosystems: go
Packages: github.com/grafana/alloy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS00OGNyLWoyY3gtbWNyOM4AA_xB

Apache Answer: Avatar URL leaked user email addresses
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

Critical

GSA_kwCzR0hTQS05OGhmLW04N3ctY3E2aM4AA_wD

Mellium allows Authentication Bypass by Spoofing
Ecosystems: go
Packages: mellium.im/xmpp
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 months ago

Critical

GSA_kwCzR0hTQS01OHZqLWN2NXctdjR2Ns4AA_tD

Navidrome has Multiple SQL Injections and ORM Leak
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago

High

GSA_kwCzR0hTQS1qajk0LTZmNWMtNjVyOM4AA_sW

ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Ecosystems: go
Packages: github.com/zitadel/zitadel/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago

High

GSA_kwCzR0hTQS1xcjJoLTdwd20taDM5M84AA_sV

ZITADEL's Service Users Deactivation not Working
Ecosystems: go
Packages: github.com/zitadel/zitadel/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago

High

GSA_kwCzR0hTQS0ydzVqLXFmdnctMmhmNc4AA_sU

ZITADEL's User Grant Deactivation not Working
Ecosystems: go
Packages: github.com/zitadel/zitadel/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago

Critical

GSA_kwCzR0hTQS02MmM4LW1oNTMtNGNxds4AA_sN

HTTP client can manipulate custom HTTP headers that are added by Traefik
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 2 months ago

Critical

Advisories: 20,668
Packages: 9,040
Repositories: 637
Ecosystems: 12

Filter by Severity

Moderate 8,836 High 7,269 Critical 3,070 Low 1,144

Filter by Ecosystem

maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9

Filter by Package

github.com/usememos/memos 64 github.com/mattermost/mattermost/server/v8 61 github.com/grafana/grafana 49 github.com/rancher/rancher 38 github.com/hashicorp/vault 37 github.com/mattermost/mattermost-server/v6 37 k8s.io/kubernetes 35 github.com/answerdev/answer 34 github.com/argoproj/argo-cd 31 github.com/docker/docker 29 github.com/hashicorp/consul 29 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 github.com/cilium/cilium 25 gogs.io/gogs 25 github.com/ethereum/go-ethereum 20 code.gitea.io/gitea 20 github.com/goharbor/harbor 19 github.com/traefik/traefik/v2 18 golang.org/x/net 18 helm.sh/helm/v3 17 github.com/zitadel/zitadel 16 github.com/nats-io/nats-server/v2 14 github.com/containerd/containerd 14 github.com/opencontainers/runc 13 github.com/mattermost/mattermost-server 13 github.com/go-gitea/gitea 12 github.com/1Panel-dev/1Panel 12 github.com/openfga/openfga 12 github.com/pomerium/pomerium 11 github.com/cloudflare/cfrpki 11 github.com/greenpau/caddy-security 10 github.com/traefik/traefik/v3 10 github.com/traefik/traefik 10 github.com/cri-o/cri-o 10 github.com/containers/podman/v4 9 golang.org/x/crypto 9 github.com/authzed/spicedb 9 github.com/kubernetes/kubernetes 9 github.com/sylabs/singularity 9 github.com/cosmos/cosmos-sdk 9 github.com/cometbft/cometbft 8 github.com/beego/beego/v2 8 github.com/stacklok/minder 8 github.com/kubeedge/kubeedge 8 github.com/hashicorp/go-getter 8 go.etcd.io/etcd/v3 8 istio.io/istio 8 github.com/apache/incubator-answer 8 github.com/pterodactyl/wings 8 github.com/beego/beego 7 helm.sh/helm 7 github.com/hyperledger/fabric 7 k8s.io/ingress-nginx 7 github.com/moby/moby 7 github.com/casdoor/casdoor 7 github.com/containers/buildah 7 github.com/google/fscrypt 7 github.com/containers/podman/v3 6 github.com/kyverno/kyverno 6 github.com/gofiber/fiber/v2 6 github.com/fluxcd/flux2 6 kubevirt.io/kubevirt 6 github.com/consensys/gnark 6 github.com/pion/dtls 6 github.com/treeverse/lakefs 6 github.com/sigstore/cosign 6 github.com/apache/trafficcontrol 6 github.com/coredns/coredns 6 github.com/gravitl/netmaker 6 github.com/cubefs/cubefs 6 github.com/argoproj/argo-workflows/v3 5 github.com/gophish/gophish 5 github.com/schollz/croc/v9 5 github.com/owncast/owncast 5 github.com/containers/podman 5 github.com/KubeOperator/kubepi 5 github.com/hashicorp/go-getter/v2 5 github.com/moby/buildkit 5 github.com/0xJacky/Nginx-UI 5 github.com/IBAX-io/go-ibax 5 github.com/russellhaering/gosaml2 5 github.com/ipfs/go-ipfs 5 github.com/gin-gonic/gin 5 github.com/nats-io/jwt 5 github.com/open-policy-agent/opa 5 github.com/foxcpp/maddy 5 github.com/navidrome/navidrome 5 github.com/pion/dtls/v2 5 github.com/alist-org/alist/v3 5 github.com/kiali/kiali 5 github.com/tendermint/tendermint 5 go.etcd.io/etcd 5 github.com/russellhaering/goxmldsig 5 github.com/juju/juju 5 github.com/mattermost/mattermost-server/v5 5 github.com/fluxcd/kustomize-controller 5 github.com/hashicorp/go-getter/s3/v2 4 github.com/arduino/arduino-create-agent 4 github.com/gogs/gogs 4 github.com/ollama/ollama 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/cortexproject/cortex 4 github.com/aws/aws-sdk-go 4 github.com/snapcore/snapd 4 github.com/evmos/evmos/v16 4 github.com/concourse/concourse 4 github.com/evmos/evmos/v13 4 github.com/projectcalico/calico 4 github.com/evmos/evmos/v7 4 github.com/evmos/evmos/v6 4 github.com/dexidp/dex 4 github.com/lestrrat-go/jwx/v2 4 github.com/free5gc/free5gc 4 github.com/lestrrat-go/jwx 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/crossplane/crossplane 4 golang.org/x/image 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/minio/minio 4 github.com/layer5io/meshery 4 github.com/tidwall/gjson 4 github.com/crewjam/saml 4 github.com/lightningnetwork/lnd 4 github.com/containers/podman/v2 4 github.com/git-lfs/git-lfs 4 golang.org/x/net/http2 4 github.com/ory/fosite 4 github.com/evmos/evmos/v11 4 github.com/dhowden/tag 4 github.com/tharsis/evmos 3 github.com/ElrondNetwork/elrond-go 3 github.com/dutchcoders/transfer.sh 3 github.com/miekg/dns 3 github.com/quic-go/quic-go 3 github.com/btcsuite/btcd 3 github.com/AdguardTeam/AdGuardHome 3 github.com/weaveworks/weave-gitops 3 github.com/square/go-jose 3 github.com/fluxcd/helm-controller 3 github.com/libp2p/go-libp2p 3 github.com/nats-io/nats-streaming-server 3 github.com/caddyserver/caddy 3 github.com/notaryproject/notation 3 github.com/syncthing/syncthing 3 github.com/tiagorlampert/CHAOS 3 github.com/docker/distribution 3 github.com/gofiber/fiber 3 github.com/CosmWasm/wasmd 3 github.com/openshift/origin 3 github.com/IceWhaleTech/CasaOS 3 golang.org/x/text 3 github.com/AlexxIT/go2rtc 3 go.etcd.io/etcd/client/v3 3 github.com/edgelesssys/constellation/v2 3 github.com/containers/podman/v5 3 github.com/cheqd/cheqd-node 3 github.com/crypto-org-chain/cronos 3 google.golang.org/grpc 3 k8s.io/client-go 3 github.com/sigstore/cosign/v2 3 github.com/projectdiscovery/nuclei/v3 3 github.com/flyteorg/flyteadmin 3 github.com/apache/servicecomb-service-center 3 github.com/go-skynet/LocalAI 3 github.com/ory/oathkeeper 3 github.com/authelia/authelia/v4 3 github.com/mholt/archiver 3 vitess.io/vitess 3 github.com/hashicorp/boundary 3 github.com/phachon/mm-wiki 3 github.com/artifacthub/hub 3 github.com/zitadel/zitadel/v2 3 github.com/go-vela/server 3 github.com/evmos/evmos/v8 3 github.com/evmos/evmos/v9 3 github.com/evmos/evmos/v10 3 github.com/evmos/evmos/v12 3 github.com/evmos/evmos/v14 3 github.com/evmos/evmos/v15 3 github.com/evmos/evmos/v17 3 github.com/evmos/evmos/v18 3 gopkg.in/yaml.v2 3 github.com/heketi/heketi 3 github.com/edgelesssys/marblerun 2 github.com/brokercap/Bifrost 2 github.com/flynn/noise 2 github.com/rclone/rclone 2 github.com/fluid-cloudnative/fluid 2 github.com/projectdiscovery/interactsh 2 github.com/zinclabs/zinc 2 github.com/zincsearch/zincsearch 2 github.com/ntbosscher/gobase 2 github.com/CosmWasm/wasmvm 2 cosmwasm-vm 2 github.com/go-vela/worker 2 github.com/argoproj/argo-events 2 github.com/minio/console 2 github.com/google/exposure-notifications-verification-server 2 github.com/cloudflare/circl 2

Filter by Repository