Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
go Security Advisories
Loading...
Moderate
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 1 day ago
GSA_kwCzR0hTQS14ODRjLXAyZzktcnF2Oc4AA7ME
IPv6 enabled on IPv4-only network interfacesEcosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 1 day ago
Low
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
GSA_kwCzR0hTQS02bTloLTJwcjItOWo4Zs4AA7Lw
1Panel's password verification is suspected to have a timing attack vulnerabilityEcosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Moderate
Ecosystems: go
Packages: github.com/evmos/evmos/v13, github.com/evmos/evmos/v13/x/vesting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
GSA_kwCzR0hTQS1tOTljLXEyNnItbTdtN84AA7I6
Evmos vulnerable to unauthorized account creation with vesting moduleEcosystems: go
Packages: github.com/evmos/evmos/v13, github.com/evmos/evmos/v13/x/vesting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Critical
Ecosystems: go
Packages: github.com/evmos/evmos/v11
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
GSA_kwCzR0hTQS12NnJ3LWhoZ2ctd2M0eM4AA7I5
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploitEcosystems: go
Packages: github.com/evmos/evmos/v11
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
High
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
GSA_kwCzR0hTQS04Y3BoLW02ODUtNnY2cs4AA7DZ
OpenFGA Authorization BypassEcosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 4 days ago
GSA_kwCzR0hTQS0yZ3Z3LXc2ZmotN20zY84AA7Bd
Argo CD's API server does not enforce project sourceNamespacesEcosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 4 days ago
Moderate
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
GSA_kwCzR0hTQS03ZjRqLTY0cDYtNWg1ds4AA7BQ
Traefik affected by HTTP/2 CONTINUATION flood in net/httpEcosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
GSA_kwCzR0hTQS1nOGZjLXZyY2ctOHZqZ84AA7BP
Constallation has pods exposed to peers in VPCEcosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 days ago
GSA_kwCzR0hTQS00dnd4LTU0bXctdnFmd84AA69W
Traefik vulnerable to denial of service with Content-length headerEcosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 days ago
Moderate
Ecosystems: go
Packages: github.com/apache/solr-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
GSA_kwCzR0hTQS1nOXF4LTI1dmotcmY1M84AA69T
Apache Solr Operator liveness and readiness probes may leak basic auth credentialsEcosystems: go
Packages: github.com/apache/solr-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
GSA_kwCzR0hTQS1jNXJ2LWhqamMtanY3bc4AA68X
tiagorlampert CHAOS vulnerable to Cross Site ScriptingEcosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
High
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
GSA_kwCzR0hTQS1wM2o2LWY0NWgtaHc1Zs4AA68J
tiagorlampert CHAOS vulnerable to command injectionsEcosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 8 days ago
GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e
Cosign malicious artifacts can cause machine-wide DoSEcosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 8 days ago
Moderate
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 8 days ago
GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d
Cosign malicious attachments can cause system-wide denial of serviceEcosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 8 days ago
Low
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 9 days ago
GSA_kwCzR0hTQS1qODVxLTQ2aGctMzZwMs4AA658
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is usedEcosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 9 days ago
Critical
Ecosystems: go
Packages: github.com/tharsis/evmos/v5, github.com/tharsis/evmos/v4, github.com/tharsis/evmos/v3, github.com/tharsis/evmos/v2, github.com/tharsis/evmos, github.com/evmos/evmos/v5, github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v16
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 9 days ago
GSA_kwCzR0hTQS0zZnA1LTJ4d2gtZnhtNs4AA657
Evmos transaction execution not accounting for all state transition after interaction with precompilesEcosystems: go
Packages: github.com/tharsis/evmos/v5, github.com/tharsis/evmos/v4, github.com/tharsis/evmos/v3, github.com/tharsis/evmos/v2, github.com/tharsis/evmos, github.com/evmos/evmos/v5, github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v16
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 9 days ago
Critical
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
GSA_kwCzR0hTQS13eDQzLWc1NWctMmpmNM4AA64K
LocalAI Command Injection in audioToWavEcosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Low
Ecosystems: go
Packages: github.com/kopia/kopia
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 9 days ago
GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON outputEcosystems: go
Packages: github.com/kopia/kopia
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 9 days ago
High
Ecosystems: go
Packages: github.com/flipped-aurora/gin-vue-admin/server
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 10 days ago
GSA_kwCzR0hTQS1ndjN3LW01N3AtM3djNM4AA6wY
gin-vue-admin background arbitrary code coverage vulnerabilityEcosystems: go
Packages: github.com/flipped-aurora/gin-vue-admin/server
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 10 days ago
Moderate
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
GSA_kwCzR0hTQS1nZ3A1LTI4eDQteGNqOc4AA6wX
Minder GetRepositoryByName data leakEcosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
High
Ecosystems: go
Packages: github.com/ollama/ollama
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
GSA_kwCzR0hTQS01ang1LWhxeDUtMnZyas4AA6uv
Ollama DNS rebinding vulnerabilityEcosystems: go
Packages: github.com/ollama/ollama
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Moderate
Ecosystems: go
Packages: github.com/mholt/archiver, github.com/mholt/archiver/v3
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 13 days ago
GSA_kwCzR0hTQS1yaGg0LXJoN2MtN3I1ds4AA6r1
Archiver Path Traversal vulnerabilityEcosystems: go
Packages: github.com/mholt/archiver, github.com/mholt/archiver/v3
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 13 days ago
Moderate
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 14 days ago
GSA_kwCzR0hTQS02N3J2LXFwdzItNnFycs4AA6qo
Grafana: Users outside an organization can delete a snapshot with its keyEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 14 days ago
Critical
Ecosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v8, github.com/cosmos/ibc-go/v7, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v4
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 14 days ago
GSA_kwCzR0hTQS1qNDk2LWNyZ2gtMzRteM4AA6qW
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooksEcosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v8, github.com/cosmos/ibc-go/v7, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v4
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 14 days ago
Moderate
Ecosystems: go
Packages: github.com/canonical/pebble
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 15 days ago
GSA_kwCzR0hTQS00Njg1LTJ4NXItNjVwas4AA6qH
Pebble service manager's file pull API allows access by any userEcosystems: go
Packages: github.com/canonical/pebble
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 15 days ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
GSA_kwCzR0hTQS1tY3c2LTMyNTYtNjRnZ84AA6qB
Mattermost Server doesn't limit the number of user preferencesEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
GSA_kwCzR0hTQS13cDQzLXZwcmgtYzN3Nc4AA6qC
Mattermost fails to authenticate the source of certain types of post actionsEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
GSA_kwCzR0hTQS13Njd2LXBoNHgtZjQ4cc4AA6p_
Mattermost Server Improper Access ControlEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
GSA_kwCzR0hTQS14cDlqLThwNjgtOXE5M84AA6p2
Mattermost Server Improper Access ControlEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
Ecosystems: go
Packages: golang.org/x/net, net/http, golang.org/x/net/http2
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 15 days ago
GSA_kwCzR0hTQS00djd4LXBxeGYtY3g3bc4AA6pf
net/http, x/net/http2: close connections when receiving too many headersEcosystems: go
Packages: golang.org/x/net, net/http, golang.org/x/net/http2
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 15 days ago
Moderate
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 15 days ago
GSA_kwCzR0hTQS1qMnJwLWdtcXYtZnJods4AA6pX
HashiCorpVault does not correctly validate OCSP responsesEcosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 15 days ago
Moderate
Ecosystems: go
Packages: github.com/temporalio/temporal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS13bXhjLXYzOXItcDl3Zs4AA6nq
Temporal Server Denial of ServiceEcosystems: go
Packages: github.com/temporalio/temporal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 17 days ago
GSA_kwCzR0hTQS12amhmLTZ4ZnItNXA5Z84AA6lt
KubeVirt NULL pointer dereference flawEcosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 17 days ago
Moderate
Ecosystems: go
Packages: github.com/temporalio/ui-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 17 days ago
GSA_kwCzR0hTQS04ZjI1LXc3cWotcjdoY84AA6i3
Temporal UI Server cross-site scripting vulnerabilityEcosystems: go
Packages: github.com/temporalio/ui-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 17 days ago
Moderate
Ecosystems: go
Packages: github.com/ca17/teamsacs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
GSA_kwCzR0hTQS1od3Z3LWdoMjMtcXB2cc4AA6ix
CA17 TeamsACS Cross Site Scripting vulnerabilityEcosystems: go
Packages: github.com/ca17/teamsacs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
High
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 18 days ago
GSA_kwCzR0hTQS1jMzN4LXhxcmYtYzQ3OM4AA6ir
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion AttackEcosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 18 days ago
Moderate
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
GSA_kwCzR0hTQS1qaHZmLTdjODUtM2M5Z84AA6gZ
LocalAI cross-site request forgery vulnerabilityEcosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
Moderate
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
GSA_kwCzR0hTQS1oY3cyLTJyOWMtZ2M2cM4AA6gM
CasaOS Username Enumeration - Bypass of CVE-2024-24766Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 21 days ago
GSA_kwCzR0hTQS1qaHd4LW1od3ctcmdjM84AA6dx
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerabilityEcosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 21 days ago
High
Ecosystems: go
Packages: github.com/containers/podman/v5, github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 22 days ago
GSA_kwCzR0hTQS04NzR2LXBqNzItOTJmM84AA6ay
Podman affected by CVE-2024-1753 container escape at build timeEcosystems: go
Packages: github.com/containers/podman/v5, github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 22 days ago
High
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 22 days ago
GSA_kwCzR0hTQS1wd3FtLXg1eDYtNTU4Ns4AA6au
Cilium has insecure IPsec transport encryptionEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 22 days ago
High
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
GSA_kwCzR0hTQS1ocjV3LWN3d3EtMnY0bc4AA6as
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP BypassEcosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
Moderate
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
GSA_kwCzR0hTQS1ncDhnLWY0MmYtOTVxMs4AA6ar
ZITADEL's actions can overload reserved claimsEcosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
High
Ecosystems: go
Packages: github.com/microsoft/go-crypto-openssl/openssl, github.com/golang-fips/openssl/v2, github.com/microsoft/go-crypto-openssl, github.com/golang-fips/openssl/openssl, github.com/golang-fips/go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS03OGh4LWdwNmctN21qNs4AA6LJ
Memory leaks in code encrypting and verifying RSA payloadsEcosystems: go
Packages: github.com/microsoft/go-crypto-openssl/openssl, github.com/golang-fips/openssl/v2, github.com/microsoft/go-crypto-openssl, github.com/golang-fips/openssl/openssl, github.com/golang-fips/go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 1 month ago
GSA_kwCzR0hTQS1tcTM5LTRndjQtbXZweM4AA6LH
Moby's external DNS requests from 'internal' networks could lead to data exfiltrationEcosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS1wbWYzLWMzNm0tZzVjZs4AA6JC
Container escape at build timeEcosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS1oZnJnLTRqd3ItamZwas4AA6Gn
Improper HTML sanitization in ZITADELEcosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 1 month ago
GSA_kwCzR0hTQS12NnEyLTRxcjMtNWN3Ns4AA6Gm
Unencrypted traffic between nodes when using WireGuard and L7 policiesEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 1 month ago
GSA_kwCzR0hTQS1qODloLXFydnIteGMzNs4AA6Gl
Unencrypted traffic between nodes when using IPsec and L7 policiesEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 month ago
GSA_kwCzR0hTQS02OG1qLTlwanEtbWM4Nc4AA6Gk
Intermittent HTTP policy bypassEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 1 month ago
GSA_kwCzR0hTQS0ydmdnLTloNnctbTQ1NM4AA6Gi
Bypassing Rate Limit and Brute Force Protection Using Cache OverflowEcosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 1 month ago
GSA_kwCzR0hTQS02djg1LXdyOTItcTRwN84AA6Gh
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded EnvironmentEcosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 1 month ago
GSA_kwCzR0hTQS14MzJtLW12ZmotNTJ4ds4AA6Fg
Bypassing Brute Force Protection via Application Crash and In-Memory Data LossEcosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/go-vela/cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS00amhqLTNndjMtYzNncs4AA6CS
CLI for Vela Insecure Variable SubstitutionEcosystems: go
Packages: github.com/go-vela/cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/go-vela/sdk-go
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 1 month ago
GSA_kwCzR0hTQS12OG14LWhwMnEtZ3c4Nc4AA6CR
Golang SDK for Vela Insecure Variable SubstitutionEcosystems: go
Packages: github.com/go-vela/sdk-go
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/go-vela/server
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 1 month ago
GSA_kwCzR0hTQS02OXA0LWo1djUteDIzNM4AA6CQ
Server/API for Vela Insecure Variable SubstitutionEcosystems: go
Packages: github.com/go-vela/server
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/go-vela/types
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 month ago
GSA_kwCzR0hTQS03djM4LXczMm0td3g0bc4AA6CP
Types for Vela Insecure Variable SubstitutionEcosystems: go
Packages: github.com/go-vela/types
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 month ago
Critical
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 1 month ago
GSA_kwCzR0hTQS1qd3Y1LThtcXYtZzM4N84AA6CM
Cross-site scripting on application summary componentEcosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/projectdiscovery/nuclei/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS13NXd4LTZnMnItcjc4cc4AA6CJ
Nuclei allows unsigned code template execution through workflowsEcosystems: go
Packages: github.com/projectdiscovery/nuclei/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 month ago
GSA_kwCzR0hTQS00OTRoLTk5MjQteHd3Oc4AA6B3
Pterodactyl Wings vulnerable to improper isolation of server file accessEcosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/fluid-cloudnative/fluid
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 1 month ago
GSA_kwCzR0hTQS13eDhxLTRnbTktcmoyZ84AA6B0
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntimeEcosystems: go
Packages: github.com/fluid-cloudnative/fluid
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 month ago
GSA_kwCzR0hTQS1nNjIzLWpjZ2ctbWhtbc4AA6Bz
Users with `create` but not `override` privileges can perform local syncEcosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/go-vela/worker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS1wd3g1LTZ3eGctcHg1aM4AA6Ac
Insecure Variable Substitution in VelaEcosystems: go
Packages: github.com/go-vela/worker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 1 month ago
GSA_kwCzR0hTQS05NXJ4LW05bTUtbTk0ds4AA56u
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptionsEcosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS1tcTR4LXIydzMtajdtcs4AA54b
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS14MnZnLTV3cmYtdmo2ds4AA53Z
1Panel is vulnerable to command injectionEcosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 1 month ago
GSA_kwCzR0hTQS1oajN2LW02ODQtdjI1Oc4AA52y
JWX vulnerable to a denial of service attack using compressed JWE messageEcosystems: go
Packages: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: gopkg.in/go-jose/go-jose.v2, github.com/go-jose/go-jose/v3, github.com/go-jose/go-jose/v4
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 1 month ago
GSA_kwCzR0hTQS1jNXEyLTdyNGMtbXY2Z84AA51M
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)Ecosystems: go
Packages: gopkg.in/go-jose/go-jose.v2, github.com/go-jose/go-jose/v3, github.com/go-jose/go-jose/v4
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
GSA_kwCzR0hTQS01bXhmLTQyZjUtajc4Ms4AA503
Grafana's users with permissions to create a data source can CRUD all data sourcesEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/cloudevents/sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS01cGY2LTJxd3gtcHhtMs4AA5zw
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentialsEcosystems: go
Packages: github.com/cloudevents/sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS0yNnczLXE0ajgtNHhqcM4AA5zI
1Panel open source panel project has an unauthorized vulnerability.Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS1jNjl4LTV4bXctdjQ0eM4AA5zG
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerabilityEcosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS1jOTY3LTI2NTItZ2Zqbc4AA5zF
CasaOS Username EnumerationEcosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS1oNWdmLWNtbTgtY2c3Y84AA5zE
CasaOS-UserService allows unauthorized access to any fileEcosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
Ecosystems: go
Packages: google.golang.org/protobuf/internal/encoding/json, google.golang.org/protobuf/encoding/protojson, google.golang.org/protobuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS04cjNmLTg0NGMtbWMzN84AA5yO
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSONEcosystems: go
Packages: google.golang.org/protobuf/internal/encoding/json, google.golang.org/protobuf/encoding/protojson, google.golang.org/protobuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
GSA_kwCzR0hTQS12NjI3LTY5djIteHgzN84AA5xb
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated userEcosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 2 months ago
GSA_kwCzR0hTQS1yM3c3LW1mcG0tYzJ2d84AA5wI
Incorrect TLS certificate auth method in VaultEcosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 2 months ago
High
Ecosystems: go
Packages: github.com/coder/coder, github.com/coder/coder/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS03Y2MyLXI2NTgtN3hwZs4AA5wH
Coder's OIDC authentication allows email with partially matching domain to registerEcosystems: go
Packages: github.com/coder/coder, github.com/coder/coder/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS03andoLTN2cnEtcTNtOM4AA5wG
pgproto3 SQL Injection via Protocol Message Size OverflowEcosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1tcnd3LTI3dmMtZ2dods4AA5wA
pgx SQL Injection via Protocol Message Size OverflowEcosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
Ecosystems: go
Packages: github.com/zeromicro/go-zero
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
GSA_kwCzR0hTQS1mZ3h2LWd3NTUtcjVmcc4AA5wB
Authorization Bypass Through User-Controlled Key in go-zeroEcosystems: go
Packages: github.com/zeromicro/go-zero
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/jackc/pgx/v4, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1tN3dyLTJ4ZjctY205cM4AA5v_
pgx SQL Injection via Line Comment CreationEcosystems: go
Packages: github.com/jackc/pgx/v4, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1qdzQ0LTRmM2otcTM5Ns4AA5uc
Helm shows secrets in clear textEcosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: about 2 months ago
GSA_kwCzR0hTQS1oM203LXJxYzQtN2g5cM4AA5sZ
Integer overflow in chunking helper causes dispatching to miss elements or panicEcosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS12bTltLTU3anItNHB4aM4AA5qH
Mattermost fails to limit the number of role namesEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS0zZzM1LXY1M3ItZ3B4Y84AA5qJ
Mattermost race conditionEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1yNGZtLWc2NWgtY3I1NM4AA5qG
Mattermost incorrectly allows access individual postsEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1od2pmLTQ2NjctZ3F3eM4AA5qF
Mattermost allows attackers access to posts in channels they are not a member ofEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS03djN2LTk4NHYtaDc0cs4AA5p_
Mattermost leaks details of AD/LDAP groups of a teamsEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS02bXgzLTlxZmgtNzdnas4AA5qA
Mattermost denial of service through long emoji valueEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1meDQ4LXh2NnEtNmdwM84AA5p9
Mattermost post fetching without auditing in compliance exportEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1wZnc2LTVyeDMteGgzY84AA5p-
Mattermost fails to check the "invite_guest" permissionEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS14Z3hqLWo5OGMtNTlyds4AA5p6
Mattermost fails to properly restrict the access of files attached to postsEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/swaggo/http-swagger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS00OXc3LTVyMzMtam05bc4AA5ok
http-swagger XSS via PUT requestsEcosystems: go
Packages: github.com/swaggo/http-swagger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/dvsekhvalnov/jose2go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS02Mjk0LTZyZ3AtZnI3cs4AA5mt
jose2go vulnerable to denial of service via large p2c valueEcosystems: go
Packages: github.com/dvsekhvalnov/jose2go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS01NTVwLW00djYtY3F4ds4AA5lr
ASA-2024-004: Default configuration param for Evidence may limit window of validityEcosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS04Nmg1LXhjcHgtY2ZxY84AA5jS
ASA-2024-005: Potential slashing evasion during re-delegationEcosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
Ecosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 2 months ago
GSA_kwCzR0hTQS14NXI1LTJxcngtcnFqOM4AA5ik
Transparent TLS may not be applied to Marbles with certain manifest configurationsEcosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
GSA_kwCzR0hTQS1xNmg4LTRqMnYtcGpnNM4AA5gv
Minder trusts client-provided mapping from repo name to upstream IDEcosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1mdnY1LWgyOWctZjZ3Nc4AA5dq
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repositoryEcosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Statistics
Advisories: 17,470
Packages: 8,115
Repositories: 531
Ecosystems: 12
Packages: 8,115
Repositories: 531
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
github.com/usememos/memos
59
github.com/mattermost/mattermost/server/v8
38
github.com/mattermost/mattermost-server/v6
37
github.com/answerdev/answer
34
k8s.io/kubernetes
30
github.com/argoproj/argo-cd
29
github.com/grafana/grafana
28
github.com/hashicorp/vault
28
github.com/hashicorp/nomad
26
github.com/hashicorp/consul
26
gogs.io/gogs
24
github.com/argoproj/argo-cd/v2
22
github.com/cilium/cilium
20
github.com/rancher/rancher
20
github.com/ethereum/go-ethereum
19
helm.sh/helm/v3
18
github.com/docker/docker
17
golang.org/x/net
17
github.com/goharbor/harbor
15
github.com/containerd/containerd
13
github.com/traefik/traefik/v2
13
code.gitea.io/gitea
13
github.com/nats-io/nats-server/v2
13
github.com/opencontainers/runc
12
github.com/cloudflare/cfrpki
11
github.com/moby/moby
11
github.com/openfga/openfga
11
github.com/cosmos/cosmos-sdk
10
github.com/go-gitea/gitea
10
github.com/greenpau/caddy-security
10
github.com/1Panel-dev/1Panel
10
github.com/sylabs/singularity
9
golang.org/x/crypto
9
github.com/zitadel/zitadel
9
github.com/containers/podman/v4
8
go.etcd.io/etcd
8
github.com/cri-o/cri-o
8
istio.io/istio
8
github.com/kubeedge/kubeedge
8
github.com/pomerium/pomerium
8
github.com/google/fscrypt
7
github.com/beego/beego
7
github.com/mattermost/mattermost-server
7
github.com/kubernetes/kubernetes
7
k8s.io/ingress-nginx
7
github.com/nats-io/jwt
7
github.com/traefik/traefik
7
helm.sh/helm
7
github.com/russellhaering/goxmldsig
6
github.com/beego/beego/v2
6
github.com/pion/dtls
6
github.com/treeverse/lakefs
6
github.com/gravitl/netmaker
6
github.com/hashicorp/go-getter
6
github.com/authzed/spicedb
6
github.com/hyperledger/fabric
6
github.com/fluxcd/flux2
6
github.com/sigstore/cosign
6
github.com/pterodactyl/wings
6
github.com/russellhaering/gosaml2
6
github.com/cubefs/cubefs
6
github.com/hashicorp/go-getter/v2
5
github.com/pion/dtls/v2
5
github.com/tidwall/gjson
5
github.com/kyverno/kyverno
5
github.com/schollz/croc/v9
5
github.com/tendermint/tendermint
5
github.com/mattermost/mattermost-server/v5
5
github.com/moby/buildkit
5
github.com/kiali/kiali
5
github.com/foxcpp/maddy
5
github.com/cometbft/cometbft
5
go.etcd.io/etcd/v3
5
github.com/traefik/traefik/v3
5
github.com/gofiber/fiber/v2
5
github.com/fluxcd/kustomize-controller
5
github.com/KubeOperator/kubepi
5
github.com/0xJacky/Nginx-UI
5
github.com/gophish/gophish
5
github.com/containers/buildah
5
github.com/free5gc/free5gc
4
github.com/aws/aws-sdk-go
4
github.com/ipfs/go-ipfs
4
github.com/crewjam/saml
4
github.com/arduino/arduino-create-agent
4
github.com/dhowden/tag
4
github.com/git-lfs/git-lfs
4
golang.org/x/net/http2
4
github.com/dexidp/dex
4
github.com/ory/fosite
4
github.com/gin-gonic/gin
4
github.com/open-policy-agent/opa
4
github.com/alist-org/alist/v3
4
github.com/argoproj/argo-workflows/v3
4
github.com/containers/podman/v3
4
github.com/concourse/concourse
4
github.com/oauth2-proxy/oauth2-proxy
4
github.com/casdoor/casdoor
4
github.com/hashicorp/go-getter/gcs/v2
4
github.com/hashicorp/go-getter/s3/v2
4
github.com/apache/trafficcontrol
4
github.com/IceWhaleTech/CasaOS-UserService
4
github.com/lestrrat-go/jwx
4
github.com/apache/incubator-answer
4
github.com/lestrrat-go/jwx/v2
4
github.com/syncthing/syncthing
3
github.com/owncast/owncast
3
github.com/projectcalico/calico
3
github.com/notaryproject/notation
3
github.com/mholt/archiver
3
github.com/docker/distribution
3
github.com/ory/oathkeeper
3
github.com/apache/servicecomb-service-center
3
github.com/quic-go/quic-go
3
github.com/hashicorp/vault/vault
3
github.com/crossplane/crossplane
3
github.com/miekg/dns
3
gopkg.in/yaml.v2
3
github.com/lightningnetwork/lnd
3
github.com/stacklok/minder
3
github.com/consensys/gnark
3
github.com/openshift/origin
3
github.com/ElrondNetwork/elrond-go
3
go.etcd.io/etcd/client/v3
3
github.com/crypto-org-chain/cronos
3
k8s.io/client-go
3
github.com/minio/minio
3
github.com/nats-io/jwt/v2
3
golang.org/x/text
3
github.com/sigstore/cosign/v2
3
github.com/flyteorg/flyteadmin
3
github.com/cheqd/cheqd-node
3
github.com/libp2p/go-libp2p
3
github.com/fluxcd/helm-controller
3
github.com/coredns/coredns
3
github.com/tharsis/evmos
3
github.com/phachon/mm-wiki
3
github.com/cortexproject/cortex
3
github.com/go-vela/server
3
github.com/jackc/pgx/v4
3
github.com/edgelesssys/constellation/v2
3
golang.org/x/image
3
github.com/hashicorp/boundary
3
github.com/caddyserver/caddy
3
kubevirt.io/kubevirt
3
github.com/weaveworks/weave-gitops
3
github.com/square/go-jose
3
github.com/artifacthub/hub
3
github.com/dutchcoders/transfer.sh
3
github.com/argoproj/argo-events
2
github.com/talos-systems/talos
2
github.com/hpcng/singularity
2
github.com/navidrome/navidrome
2
github.com/dvsekhvalnov/jose2go
2
github.com/go-vela/worker
2
github.com/jaegertracing/jaeger
2
github.com/multiversx/mx-chain-go
2
github.com/apptainer/apptainer
2
github.com/go-skynet/LocalAI
2
github.com/jackc/pgx
2
github.com/tiagorlampert/CHAOS
2
github.com/jackc/pgproto3
2
github.com/buildkite/elastic-ci-stack-for-aws/v6
2
Google.Protobuf
2
google/protobuf
2
github.com/protocolbuffers/protobuf
2
protobuf
2
github.com/jackc/pgproto3/v2
2
github.com/siderolabs/talos
2
github.com/woodpecker-ci/woodpecker
2
github.com/etcd-io/etcd
2
github.com/clastix/capsule-proxy
2
github.com/theupdateframework/go-tuf
2
github.com/flipped-aurora/gin-vue-admin/server
2
github.com/IceWhaleTech/CasaOS
2
github.com/gphper/ginadmin
2
github.com/sigstore/rekor
2
github.com/kitabisa/teler-waf
2
github.com/prometheus/prometheus
2
github.com/notaryproject/notation-go
2
github.com/microcosm-cc/bluemonday
2
github.com/pingcap/tidb
2
github.com/influxdata/influxdb
2
github.com/kata-containers/runtime
2
github.com/codenotary/immudb
2
github.com/google/exposure-notifications-verification-server
2
mellium.im/xmpp
2
github.com/apache/thrift
2
github.com/minio/console
2
github.com/ansible-semaphore/semaphore
2
github.com/unknwon/cae
2
github.com/hashicorp/terraform
2
google.golang.org/grpc
2
github.com/imgproxy/imgproxy/v3
2
github.com/mattermost/mattermost-plugin-jira
2
github.com/u-root/u-root
2
github.com/rancher/wrangler
2
sigs.k8s.io/secrets-store-csi-driver
2
github.com/gofiber/fiber
2
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
2
Filter by Repository
https://github.com/usememos/memos
59
https://github.com/kubernetes/kubernetes
42
https://github.com/argoproj/argo-cd
36
https://github.com/answerdev/answer
34
https://github.com/go-gitea/gitea
23
https://github.com/grafana/grafana
21
https://github.com/rancher/rancher
21
https://github.com/cilium/cilium
20
https://github.com/gogs/gogs
20
https://github.com/helm/helm
19
https://github.com/hashicorp/consul
18
https://github.com/hashicorp/vault
16
https://github.com/etcd-io/etcd
16
https://github.com/goharbor/harbor
15
https://github.com/ethereum/go-ethereum
15
https://github.com/traefik/traefik
13
https://github.com/hashicorp/nomad
13
https://github.com/golang/go
13
https://github.com/containerd/containerd
13
https://github.com/moby/moby
13
https://github.com/openfga/openfga
11
https://github.com/opencontainers/runc
11
https://github.com/cloudflare/cfrpki
11
https://github.com/1Panel-dev/1Panel
10
https://github.com/greenpau/caddy-security
10
https://github.com/nats-io/nats-server
10
https://github.com/cosmos/cosmos-sdk
10
https://github.com/containers/podman
10
https://github.com/zitadel/zitadel
9
https://github.com/istio/istio
8
https://github.com/kubeedge/kubeedge
8
https://github.com/mattermost/mattermost
8
https://github.com/cri-o/cri-o
8
https://github.com/pomerium/pomerium
8
https://github.com/docker/docker
8
https://github.com/hpcng/singularity
7
https://github.com/kubernetes/ingress-nginx
7
https://github.com/google/fscrypt
7
https://github.com/beego/beego
7
https://github.com/sigstore/cosign
6
https://github.com/schollz/croc
6
https://github.com/pterodactyl/wings
6
https://github.com/pion/dtls
6
https://github.com/authzed/spicedb
6
https://github.com/containers/buildah
6
https://github.com/moby/buildkit
6
https://github.com/cubefs/cubefs
6
https://github.com/fluxcd/flux2
6
https://github.com/hyperledger/fabric
6
https://github.com/gravitl/netmaker
6
https://github.com/hashicorp/go-getter
6
https://github.com/treeverse/lakeFS
6
https://github.com/foxcpp/maddy
5
https://github.com/kyverno/kyverno
5
https://github.com/crewjam/saml
5
https://github.com/free5gc/free5gc
5
https://github.com/ipfs/go-ipfs
5
https://github.com/cometbft/cometbft
5
https://github.com/gofiber/fiber
5
https://github.com/gophish/gophish
5
https://github.com/argoproj/argo-workflows
5
https://github.com/0xJacky/nginx-ui
5
https://github.com/russellhaering/gosaml2
5
https://github.com/tidwall/gjson
5
https://github.com/tendermint/tendermint
5
https://github.com/oauth2-proxy/oauth2-proxy
4
https://github.com/arduino/arduino-create-agent
4
https://github.com/grafana/bugbounty
4
https://github.com/ory/fosite
4
https://github.com/casdoor/casdoor
4
https://github.com/containous/traefik
4
https://github.com/IceWhaleTech/CasaOS-UserService
4
https://github.com/aws/aws-sdk-go
4
https://github.com/siderolabs/talos
4
https://github.com/dhowden/tag
4
https://github.com/lestrrat-go/jwx
4
https://github.com/nats-io/jwt
4
https://github.com/dexidp/dex
4
https://github.com/concourse/concourse
4
https://github.com/git-lfs/git-lfs
4
https://github.com/caddyserver/caddy
4
https://github.com/open-policy-agent/opa
4
https://github.com/gin-gonic/gin
4
https://github.com/cheqd/cheqd-node
3
https://github.com/kiali/kiali
3
https://github.com/quic-go/quic-go
3
https://github.com/edgelesssys/constellation
3
https://github.com/artifacthub/hub
3
https://github.com/dutchcoders/transfer.sh
3
https://github.com/libp2p/go-libp2p
3
https://github.com/open-telemetry/opentelemetry-go-contrib
3
https://github.com/syncthing/syncthing
3
https://github.com/ipfs/boxo
3
https://github.com/openshift/origin
3
https://github.com/crossplane/crossplane
3
https://github.com/gogits/gogs
3
https://github.com/square/go-jose
3
https://github.com/tailscale/tailscale
3
https://github.com/cortexproject/cortex
3
https://github.com/alist-org/alist
3
https://github.com/moby/libnetwork
3
https://github.com/sylabs/singularity
3
https://github.com/stacklok/minder
3
https://github.com/flyteorg/flyteadmin
3
https://github.com/Consensys/gnark
3
https://github.com/minio/minio
3
https://github.com/ory/oathkeeper
3
https://github.com/go-vela/server
3
https://github.com/flipped-aurora/gin-vue-admin
3
https://github.com/phachon/mm-wiki
3
https://github.com/go-yaml/yaml
3
https://github.com/weaveworks/weave-gitops
3
https://github.com/evmos/evmos
3
https://github.com/KubeOperator/KubePi
3
https://github.com/ElrondNetwork/elrond-go
3
https://github.com/coreos/etcd
2
https://github.com/labstack/echo
2
https://github.com/labring/sealos
2
https://github.com/coredns/coredns
2
https://github.com/lightningnetwork/lnd
2
https://github.com/Masterminds/goutils
2
https://github.com/woodpecker-ci/woodpecker
2
https://github.com/containers/libpod
2
https://github.com/mattermost/mattermost-plugin-jira
2
https://github.com/mellium/xmpp
2
https://github.com/mholt/archiver
2
https://github.com/microcosm-cc/bluemonday
2
https://github.com/miekg/dns
2
https://github.com/Consensys/gnark-crypto
2
https://github.com/minio/console
2
https://github.com/sylabs/sif
2
https://github.com/codenotary/immudb
2
https://github.com/multiversx/mx-chain-go
2
https://github.com/heroiclabs/nakama
2
https://github.com/elastic/beats
2
https://github.com/hashicorp/terraform
2
https://github.com/envoyproxy/envoy
2
https://github.com/facebook/fbthrift
2
https://github.com/fkie-cad/yapscan
2
https://github.com/gphper/ginadmin
2
https://github.com/fleetdm/fleet
2
https://github.com/fluid-cloudnative/fluid
2
https://github.com/gotify/server
2
https://github.com/flynn/noise
2
https://github.com/vitessio/vitess
2
https://github.com/ulikunitz/xz
2
https://github.com/google/exposure-notifications-verification-server
2
https://github.com/unknwon/cae
2
https://github.com/golang/crypto
2
https://github.com/go-jose/go-jose
2
https://github.com/go-git/go-git
2
https://github.com/u-root/u-root
2
https://github.com/mutagen-io/mutagen
2
https://github.com/kubevirt/kubevirt
2
https://github.com/kubernetes-sigs/secrets-store-csi-driver
2
https://github.com/cosmos/ethermint
2
https://github.com/temporalio/temporal
2
https://github.com/crypto-org-chain/cronos
2
https://github.com/kitabisa/teler-waf
2
https://github.com/kitabisa/teler
2
https://github.com/distribution/distribution
2
https://github.com/jackc/pgproto3
2
https://github.com/ipld/go-codec-dagpb
2
https://github.com/drakkan/sftpgo
2
https://github.com/dvsekhvalnov/jose2go
2
https://github.com/influxdata/influxdb
2
https://github.com/imgproxy/imgproxy
2
https://github.com/IceWhaleTech/CasaOS
2
https://github.com/ecnepsnai/web
2
https://github.com/theupdateframework/go-tuf
2
https://github.com/sigstore/rekor
2
https://github.com/opencontainers/distribution-spec
2
https://github.com/swaggo/http-swagger
2
https://github.com/supranational/blst
2
https://github.com/openshift/apiserver-library-go
2
https://github.com/owncast/owncast
2
https://github.com/peterzen/goresolver
2
https://github.com/pingcap/tidb
2
https://github.com/apache/trafficcontrol
2
https://github.com/SAP/cloud-security-client-go
2
https://github.com/sajari/docconv
2
https://github.com/buger/jsonparser
2
https://github.com/pires/go-proxyproto
2
https://github.com/brokercap/Bifrost
2
https://github.com/russellhaering/goxmldsig
2
https://github.com/stripe/smokescreen
2
https://github.com/bottlerocket-os/bottlerocket
2
https://github.com/apptainer/apptainer
2
https://github.com/zalando/skipper
2
https://github.com/argoproj/argo-events
2
https://github.com/bitly/oauth2_proxy
2
https://github.com/projectcapsule/capsule-proxy
2
https://github.com/rancher/wrangler
2
https://github.com/projectdiscovery/nuclei
2
https://github.com/atredispartners/advisories
2
https://github.com/authelia/authelia
2
https://github.com/edgelesssys/marblerun
2
https://github.com/zinclabs/zinc
2
https://github.com/spiffe/spire
2