Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

High

GSA_kwCzR0hTQS02N3g0LXFyMzUtcXZybc4AAvK5

FlyteAdmin's Default OAuth Authorization Server secret must be rotated
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 1 year ago

High

GSA_kwCzR0hTQS0ydzZtLXE5NDYtMzk5cs4AAvKQ

Dapr Dashboard vulnerable to Incorrect Access Control
Ecosystems: go
Packages: github.com/dapr/dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Critical

GSA_kwCzR0hTQS12aDdnLXAyNmMtajJjd84AAvJw

Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Ecosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 1 year ago

High

GSA_kwCzR0hTQS05cnB3LTJoOTUtNjY2Y84AAvJs

Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package
Ecosystems: go
Packages: github.com/cloudflare/goflow/v3
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1wd3E3LWY3ZjktY20yas4AAvIC

Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload
Ecosystems: go
Packages: github.com/dutchcoders/transfer.sh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS05bW1jLTI3Z3ctdzZtcc4AAvHC

Bytebase allows low-privilege users to view admin projects
Ecosystems: go
Packages: github.com/bytebase/bytebase
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS01cmM0LXY1bWotZzhjNM4AAvHH

Bytebase does not restrict low privilege user to access admin issues
Ecosystems: go
Packages: github.com/bytebase/bytebase
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Critical

GSA_kwCzR0hTQS1jcnhqLWhybXAtNHJ3Zs4AAvG8

Labstack Echo Open Redirect vulnerability
Ecosystems: go
Packages: github.com/labstack/echo/v4
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: over 1 year ago

High

GSA_kwCzR0hTQS1jOXFyLWY2Yzgtcmd4Zs4AAvGw

Hertz contains path traversal via normalizePath function
Ecosystems: go
Packages: github.com/cloudwego/hertz
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: over 1 year ago

High

GSA_kwCzR0hTQS1wNmZoLXhjNnItZzVod84AAvFp

Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
Ecosystems: go
Packages: github.com/brokercap/Bifrost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1tNjlyLTlnNTYtN212OM4AAvDf

HashiCorp Consul vulnerable to authorization bypass
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 1 year ago

High

GSA_kwCzR0hTQS05dzdqLXEzeHctcDl2aM4AAvDN

Hyperledger Fabric subject to Denial of Service via non-validated request
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1tN3c0LXE1dmctNXhmcM4AAvBm

Mattermost subject to Denial of Service via upload of special GIF
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 1 year ago

High

GSA_kwCzR0hTQS1ocjN2LThjcDMtNjhyZs4AAvAj

HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: over 1 year ago

High

GSA_kwCzR0hTQS1nbWhqLXhqZmgtY2Y2bc4AAvAc

Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
Ecosystems: go
Packages: github.com/mohammed90/caddy-ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Critical

GSA_kwCzR0hTQS1nN2o3LWg0cTgtOHcyZs4AAvAZ

Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago

High

GSA_kwCzR0hTQS0yOHE5LTljM2ctdjNmOc4AAvAW

lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Critical

GSA_kwCzR0hTQS03Y2d2LXY4M3YtcnI4N84AAvAP

HashiCorp Vault vulnerable to incorrect metadata access
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1mZzI1LWdxOWctMzJteM4AAu9Y

Cross site scripting in Cloudreve
Ecosystems: go
Packages: github.com/cloudreve/Cloudreve/v3, github.com/HFO4/cloudreve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1jZjdnLWNtN3EtcnE3Zs4AAu8S

SFTPGo WebClient vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/drakkan/sftpgo
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago

High

GSA_kwCzR0hTQS1waGpyLThqOTItdzV2N84AAu6n

CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 1 year ago

High

GSA_kwCzR0hTQS00cDZmLW00ZjktY2g4OM4AAu2R

Binary vulnerable to Slice Memory Allocation with Excessive Size Value
Ecosystems: go
Packages: github.com/gagliardetto/binary
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 1 year ago

Critical

GSA_kwCzR0hTQS1tdjh4LTY2OG0tNTNmZ84AAu2O

Elrond-go has improper initialization
Ecosystems: go
Packages: github.com/ElrondNetwork/elrond-go
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago

High

GSA_kwCzR0hTQS01NHF4LThwOHcteGhnOM4AAu2C

SFTPGo vulnerable to recovery codes abuse
Ecosystems: go
Packages: github.com/drakkan/sftpgo/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1yYzRyLXdoMnEtcTZjNM4AAu15

Moby supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 1 year ago

High

GSA_kwCzR0hTQS14aG1mLW1tdjItNGhoeM4AAu14

Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
Ecosystems: go
Packages: github.com/pandatix/go-cvss
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS14eDl3LTQ2NGYtN2g2Zs4AAu10

Harbor fails to validate the user permissions when updating a robot account
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS04YzZwLXY4MzctNzdmNs4AAu1z

Harbor fails to validate the user permissions when updating tag immutability policies
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 1 year ago

High

GSA_kwCzR0hTQS1qZjhwLTN2amgtcHE5NM4AAu1y

Harbor fails to validate the user permissions when viewing Webhook policies
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 1 year ago

High

GSA_kwCzR0hTQS0zNjM3LXY2dnEteHFxd84AAu1x

Harbor fails to validate the user permissions when updating tag retention policies
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS04Z3c3LTRqNDItdzM4OM4AAu1s

Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 1 year ago

High

GSA_kwCzR0hTQS1wMmc3LXh3dnItcnJ3M84AAu1q

Helm Controller denial of service
Ecosystems: go
Packages: github.com/fluxcd/flux2, github.com/fluxcd/helm-controller
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 1 year ago

High

GSA_kwCzR0hTQS1mNTI0LXJmMzMtMmpqcs4AAu1k

OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions
Ecosystems: go
Packages: github.com/open-policy-agent/opa
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 1 year ago

High

GSA_kwCzR0hTQS03aGdjLXBocDUtNzdxcc4AAu1b

Talos worker join token can be used to get elevated access level to the Talos API
Ecosystems: go
Packages: github.com/talos-systems/talos
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1qcjhqLTJqaHAtbTY3ds4AAu1Y

nftables binding to an already bound chain
Ecosystems: go
Packages: github.com/siderolabs/talos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

High

GSA_kwCzR0hTQS0zNHZ3LW00cmgtcjM2cM4AAu1X

Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM
Ecosystems: go
Packages: github.com/talos-systems/talos
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 1 year ago

Low

GSA_kwCzR0hTQS0zNjMzLTVoODItMzlwcc4AAu1W

Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata
Ecosystems: go
Packages: github.com/theupdateframework/go-tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

High

GSA_kwCzR0hTQS1nZ2Y2LTYzOG0tdnFtZ84AAuz0

Netmaker vulnerable to Insufficient Granularity of Access Control
Ecosystems: go
Packages: github.com/gravitl/netmaker
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago

High

GSA_kwCzR0hTQS1wZnc0LXhqZ20tMjY3Y84AAuzz

Dendrite signature checks not applied to some retrieved missing events
Ecosystems: go
Packages: github.com/matrix-org/dendrite
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 1 year ago

High

GSA_kwCzR0hTQS1xdjk4LTMzNjktZzM2NM4AAuzr

KubeVirt vulnerable to arbitrary file read on host
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1yOTQ3LTJjcmcteGMzOc4AAuzX

ouqiang gocron Cross-site scripting vulnerability
Ecosystems: go
Packages: github.com/ouqiang/gocron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

High

GSA_kwCzR0hTQS00d2pqLWp3YzktMng5Ns4AAuwz

Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification
Ecosystems: go
Packages: github.com/containers/podman/v3, github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: over 1 year ago

High

GSA_kwCzR0hTQS1mam04LW03bTYtMmZqcM4AAuw0

Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1odnczLXA5cHgtZ3BjOc4AAuuJ

Gophish before 0.12.0 vulnerable to Open Redirect
Ecosystems: go
Packages: github.com/gophish/gophish
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: over 1 year ago

Critical

GSA_kwCzR0hTQS05dm0zLXI4Z3EtY3I2eM4AAusJ

Casdoor arbitrary file write vulnerability
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1xNzZxLXE4aHctaG1wd84AAusG

Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago

High

GSA_kwCzR0hTQS1nd2M5LW03cmgtajJ3d84AAup1

x/crypto/ssh vulnerable to panic via malformed packets
Ecosystems: go
Packages: golang.org/x/crypto
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: over 1 year ago

High

GSA_kwCzR0hTQS02OWNnLXA4NzktNzYyMs4AAuoj

golang.org/x/net/http2 Denial of Service vulnerability
Ecosystems: go
Packages: golang.org/x/net/http2, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: over 1 year ago

High

GSA_kwCzR0hTQS1xZjdqLTI1ZzktcjYzZs4AAulL

elrond-go MultiESDTNFTTransfer call on a SC address with missing function name
Ecosystems: go
Packages: github.com/ElrondNetwork/elrond-go
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1ycDR2LWhobTYtcmN2Oc4AAulK

Pinniped Supervisor Insufficient Session Expiration vulnerability
Ecosystems: go
Packages: go.pinniped.dev
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: over 1 year ago

High

GSA_kwCzR0hTQS14d2YzLTZyZ3YtOTM5cs4AAulJ

Flux CLI Workload Injection
Ecosystems: go
Packages: github.com/fluxcd/flux2
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago

High

GSA_kwCzR0hTQS1jOGZqLTRwbTgtbXAyY84AAui6

Broken Authorization in ZITADEL Actions
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS03aGZwLXFmdzMtNWp4aM4AAui3

Helm Vulnerable to denial of service through string value parsing
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1wZmhyLXBjY3AtaHdtaM4AAuix

Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1ncnZ2LWgyZjktN3Y5Y84AAuiv

gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth
Ecosystems: go
Packages: github.com/matrix-org/gomatrixserverlib, github.com/matrix-org/dendrite
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago

High

GSA_kwCzR0hTQS02eGYzLTVocDcteHFxZ84AAubG

Improper token validation leading to code execution in Teleport
Ecosystems: go
Packages: github.com/gravitational/teleport
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago

High

GSA_kwCzR0hTQS1mOTJ2LWdyYzItdzJmZ84AAuFq

Ethermint vulnerable to DoS through unintended Contract Selfdestruct
Ecosystems: go
Packages: github.com/Kava-Labs/kava, github.com/crypto-org-chain/cronos, github.com/evmos/evmos, github.com/evmos/ethermint
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 1 year ago

High

GSA_kwCzR0hTQS04NDQ5LTdnYzItcHdycM4AAuFF

HashiCorp Consul Template could reveal Vault secret contents in error messages
Ecosystems: go
Packages: github.com/hashicorp/consul-template
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1maHY4LW00ajQtY3d3Ms4AAt-G

Gitea allowed assignment of private issues
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 1 year ago

High

GSA_kwCzR0hTQS1nd2o1LXdwNnItNXE5Zs4AAt8B

Cronos vulnerable to DoS through unintended Contract Selfdestruct
Ecosystems: go
Packages: github.com/crypto-org-chain/cronos
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 1 year ago

High

GSA_kwCzR0hTQS12anh2LTQ1ZzktOTI5Ns4AAt51

cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 1 year ago

High

GSA_kwCzR0hTQS03MzlmLWh3NmgtN3dxOM4AAt50

PolicyController before 0.2.1 may bypass attestation verification
Ecosystems: go
Packages: github.com/sigstore/policy-controller
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1ycW1nLWhyZzQtZm02Oc4AAt0I

Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 1 year ago

High

GSA_kwCzR0hTQS1oM3FtLWpycmYtY2dqM84AAtvz

graphql-go has infinite recursion in the type definition parser
Ecosystems: go
Packages: github.com/graphql-go/graphql
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1qeHF2LWpjdmgtN2dyNM4AAtvs

Atlantis Events vulnerable to Timing Attack
Ecosystems: go
Packages: github.com/runatlantis/atlantis
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1tN2dyLTV3NWctMzZqZs4AAtmL

Out-of-bounds Read can lead to client side denial of service
Ecosystems: go
Packages: github.com/caddyserver/caddy
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: almost 2 years ago

High

GSA_kwCzR0hTQS00Nzd2LXc4Mm0tNjM0as4AAtaO

Shoutrrr util package DoS via sending 2000, 4000, or 6000 character messages
Ecosystems: go
Packages: github.com/containrrr/shoutrrr
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: almost 2 years ago

Low

GSA_kwCzR0hTQS13YzV2LXI0OHYtZzR2aM4AAtaF

Cilium host policy bypass in endpoint-routes mode with dual-stack
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1xd3JqLTlobXAtZ3B4aM4AAtZ2

FlyteAdmin Insufficient AccessToken Expiration Check
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS03Z2djLTVyODQteGY1NM4AAtZZ

Mattermost users could access some sensitive information via API call
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago

High

GSA_kwCzR0hTQS05Nmp2LXZqMzkteDRqNs4AAtU8

Argo CD improper access control bug can allow malicious user to escalate privileges to admin level
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1wcDNmLTk4cWctNWc3Nc4AAtU9

aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9
Ecosystems: go
Packages: sigs.k8s.io/aws-iam-authenticator
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 2 years ago

Low

GSA_kwCzR0hTQS1wbWpnLTUyaDktNzJxds4AAtUK

Argo CD SSO users vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 2 years ago

High

GSA_kwCzR0hTQS03OTQzLTgyamctd213Nc4AAtUJ

Argo CD certificate verification is skipped for connections to OIDC providers
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS02d3ZjLTZwd3ctcXI0cs4AAtNl

DoS in KubeEdge's Websocket Client in package Viaduct
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS13cmNyLXg0cWotajU0M84AAtNb

KubeEdge Cloud Stream and Edge Stream DoS from large stream message
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1xcHgzLTk1NjUtNXh3bc4AAtNU

KubeEdge CloudCore Router memory exhaustion vulnerability
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS14M3B4LTJwOTUtZjZqcs4AAtNM

KubeEdge DoS when signing the CSR from EdgeCore
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS13NTJqLTM0NTctcTl3cs4AAtNA

KubeEdge Cloud AdmissionController component DoS
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS12d202LXFjNzctdjJyaM4AAtM_

KubeEdge Edge ServiceBus module DoS
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago

High

GSA_kwCzR0hTQS03Mng0LWNxNnItanA0cM4AAtKS

Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1ycXBoLTI1cTktOWpocM4AAtJk

Insecure cookies in Openshift Origin
Ecosystems: go
Packages: github.com/openshift/origin
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1mMmdyLTcyOTktNDg3aM4AAtH1

DOS and excessive memory usage when passing untrusted user input to to dag import
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS05eDRoLTh3Z20tOHhmZ84AAtHx

Malformed CAR panics and excessive memory usage
Ecosystems: go
Packages: github.com/ipld/go-car/v2, github.com/ipld/go-car
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

High

GSA_kwCzR0hTQS14djU5LWdjM3ItcmY5Ms4AAtHT

Insufficient Session Expiration in Nakama
Ecosystems: go
Packages: github.com/heroiclabs/nakama
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago

Critical

GSA_kwCzR0hTQS05NWY5LTk0dmMtNjY1aM4AAtG_

Path Traversal in Beego
Ecosystems: go
Packages: github.com/beego/beego/v2, github.com/beego/beego
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 2 years ago

Critical

GSA_kwCzR0hTQS04cjk0LTRoM2MtOTM5Zs4AAtHO

Improper Restriction of Excessive Authentication Attempts
Ecosystems: go
Packages: github.com/heroiclabs/nakama/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

High

GSA_kwCzR0hTQS0ybTR4LTRxOWotdzk3Z84AAtDP

Denial of service in Open Policy Agent
Ecosystems: go
Packages: github.com/open-policy-agent/opa
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS04ZjRmLXY5eDUtY2c2as4AAs_Q

CloudCore UDS Server: Malicious Message can crash CloudCore
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: almost 2 years ago

High

GSA_kwCzR0hTQS0zamhtLTg3bTYteDk1Oc4AAs_O

Path traversal mitigation bypass in OctoRPKI
Ecosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS14OTM4LWZ2ZnctN2poNc4AAs_M

CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1xeDJqLTg1cTUtZmZwOM4AAs72

Query predicate bypass in Zalando Skipper
Ecosystems: go
Packages: github.com/zalando/skipper
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1wNzgyLXhncDQtOGhyOM4AAs76

golang.org/x/sys/unix has Incorrect privilege reporting in syscall
Ecosystems: go
Packages: golang.org/x/sys
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: almost 2 years ago

Critical

GSA_kwCzR0hTQS14Z2djLXFwcmcteDZtd84AAs7K

Weave GitOps leaked cluster credentials into logs on connection errors
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1qaHFwLXZmNHctcnB3cc4AAs5e

DoS through large manifest files in Argo CD
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1xNHc1LTRncTItOTh2bc4AAs5a

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago

Critical

GSA_kwCzR0hTQS1oNHc5LTZ4NzgtOHZyas4AAs5Z

Argo CD's external URLs for Deployments can include JavaScript
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago

High

GSA_kwCzR0hTQS0ybTdoLTg2cXEtZnA0ds4AAs5Y

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1nNjNoLXE4NTUtdnAzcc4AArtG

Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users
Ecosystems: go
Packages: github.com/edgexfoundry/app-functions-sdk-go/v2, github.com/edgexfoundry/device-sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: almost 2 years ago

High

GSA_kwCzR0hTQS1xcGd4LTY0aDItZ2MzY84AArtE

Insecure path traversal in Git Trigger Source can lead to arbitrary file read
Ecosystems: go
Packages: github.com/argoproj/argo-events
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: almost 2 years ago

Statistics

Advisories: 18,330
Packages: 8,279
Repositories: 534
Ecosystems: 12

Filter by Severity

Moderate 7,912 High 6,344 Critical 2,806 Low 981

Filter by Ecosystem

maven 5,520 packagist 3,801 pypi 3,705 npm 3,535 go 1,889 nuget 1,390 rubygems 814 cargo 776 swift 31 hex 30 actions 16 pub 8

Filter by Package

github.com/usememos/memos 59 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/hashicorp/vault 28 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 19 github.com/docker/docker 19 code.gitea.io/gitea 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/nats-io/nats-server/v2 13 github.com/mattermost/mattermost-server 13 github.com/traefik/traefik/v2 13 github.com/containerd/containerd 13 github.com/moby/moby 12 github.com/go-gitea/gitea 12 github.com/opencontainers/runc 12 github.com/zitadel/zitadel 11 github.com/openfga/openfga 11 github.com/cloudflare/cfrpki 11 github.com/1Panel-dev/1Panel 10 github.com/greenpau/caddy-security 10 github.com/cosmos/cosmos-sdk 10 golang.org/x/crypto 9 github.com/kubernetes/kubernetes 9 github.com/cri-o/cri-o 9 github.com/sylabs/singularity 9 istio.io/istio 8 github.com/containers/podman/v4 8 github.com/pomerium/pomerium 8 github.com/kubeedge/kubeedge 8 go.etcd.io/etcd 8 github.com/nats-io/jwt 7 github.com/traefik/traefik 7 github.com/beego/beego 7 k8s.io/ingress-nginx 7 helm.sh/helm 7 github.com/google/fscrypt 7 github.com/hashicorp/go-getter 7 github.com/authzed/spicedb 6 github.com/russellhaering/gosaml2 6 github.com/hyperledger/fabric 6 github.com/cubefs/cubefs 6 github.com/apache/trafficcontrol 6 github.com/gravitl/netmaker 6 github.com/pion/dtls 6 github.com/treeverse/lakefs 6 github.com/beego/beego/v2 6 github.com/russellhaering/goxmldsig 6 github.com/pterodactyl/wings 6 github.com/sigstore/cosign 6 github.com/fluxcd/flux2 6 kubevirt.io/kubevirt 5 github.com/hashicorp/go-getter/v2 5 github.com/tidwall/gjson 5 github.com/containers/buildah 5 github.com/schollz/croc/v9 5 github.com/KubeOperator/kubepi 5 github.com/apache/incubator-answer 5 github.com/mattermost/mattermost-server/v5 5 github.com/fluxcd/kustomize-controller 5 github.com/gofiber/fiber/v2 5 github.com/moby/buildkit 5 github.com/IBAX-io/go-ibax 5 github.com/kyverno/kyverno 5 github.com/pion/dtls/v2 5 go.etcd.io/etcd/v3 5 github.com/cometbft/cometbft 5 github.com/kiali/kiali 5 github.com/0xJacky/Nginx-UI 5 github.com/ipfs/go-ipfs 5 github.com/tendermint/tendermint 5 github.com/foxcpp/maddy 5 github.com/traefik/traefik/v3 5 github.com/gophish/gophish 5 github.com/open-policy-agent/opa 4 github.com/free5gc/free5gc 4 golang.org/x/net/http2 4 github.com/dhowden/tag 4 github.com/aws/aws-sdk-go 4 github.com/crewjam/saml 4 github.com/arduino/arduino-create-agent 4 github.com/concourse/concourse 4 github.com/casdoor/casdoor 4 github.com/containers/podman/v3 4 github.com/argoproj/argo-workflows/v3 4 github.com/dexidp/dex 4 github.com/alist-org/alist/v3 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/ory/fosite 4 github.com/caddyserver/caddy 4 github.com/lestrrat-go/jwx 4 github.com/lestrrat-go/jwx/v2 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/gin-gonic/gin 4 github.com/git-lfs/git-lfs 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/phachon/mm-wiki 3 github.com/hashicorp/vault/vault 3 github.com/flyteorg/flyteadmin 3 github.com/cheqd/cheqd-node 3 github.com/nats-io/jwt/v2 3 github.com/go-vela/server 3 github.com/apache/servicecomb-service-center 3 github.com/docker/distribution 3 github.com/navidrome/navidrome 3 github.com/coredns/coredns 3 github.com/syncthing/syncthing 3 github.com/ElrondNetwork/elrond-go 3 github.com/jackc/pgx/v4 3 gopkg.in/yaml.v2 3 github.com/cortexproject/cortex 3 github.com/minio/minio 3 github.com/consensys/gnark 3 go.etcd.io/etcd/client/v3 3 github.com/projectcalico/calico 3 github.com/lightningnetwork/lnd 3 github.com/ory/oathkeeper 3 github.com/notaryproject/notation 3 github.com/fluxcd/helm-controller 3 golang.org/x/text 3 github.com/sigstore/cosign/v2 3 github.com/quic-go/quic-go 3 github.com/stacklok/minder 3 github.com/heketi/heketi 3 github.com/owncast/owncast 3 github.com/openshift/origin 3 k8s.io/client-go 3 github.com/miekg/dns 3 github.com/libp2p/go-libp2p 3 github.com/tharsis/evmos 3 github.com/authelia/authelia/v4 3 github.com/crossplane/crossplane 3 golang.org/x/image 3 github.com/crypto-org-chain/cronos 3 github.com/hashicorp/boundary 3 github.com/mholt/archiver 3 github.com/dutchcoders/transfer.sh 3 github.com/weaveworks/weave-gitops 3 github.com/edgelesssys/constellation/v2 3 github.com/square/go-jose 3 github.com/artifacthub/hub 3 github.com/cloudflare/circl 2 gopkg.in/src-d/go-git.v4 2 github.com/woodpecker-ci/woodpecker 2 github.com/minio/console 2 github.com/go-yaml/yaml 2 github.com/ansible-semaphore/semaphore 2 github.com/pires/go-proxyproto 2 github.com/rancher/wrangler 2 github.com/flynn/noise 2 github.com/gphper/ginadmin 2 mellium.im/xmpp 2 github.com/clastix/capsule-proxy 2 github.com/etcd-io/etcd 2 github.com/mutagen-io/mutagen 2 github.com/unknwon/cae 2 github.com/openshift/apiserver-library-go 2 vitess.io/vitess 2 github.com/bytebase/bytebase 2 github.com/hashicorp/terraform 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/influxdata/influxdb 2 github.com/protocolbuffers/protobuf 2 github.com/gotify/server 2 github.com/brokercap/Bifrost 2 github.com/imgproxy/imgproxy/v3 2 github.com/prometheus/prometheus 2 github.com/dvsekhvalnov/jose2go 2 github.com/containers/podman/v2 2 github.com/pingcap/tidb 2 github.com/microcosm-cc/bluemonday 2 github.com/sap/cloud-security-client-go 2 github.com/facebook/fbthrift 2 github.com/talos-systems/talos 2 protobuf 2 github.com/flipped-aurora/gin-vue-admin/server 2 github.com/containers/podman 2 github.com/swaggo/http-swagger 2 github.com/gohugoio/hugo 2 github.com/apache/thrift 2 github.com/labstack/echo/v4 2 github.com/ipld/go-codec-dagpb 2 github.com/codenotary/immudb 2 github.com/kata-containers/runtime 2 github.com/ecnepsnai/web 2 github.com/kitabisa/teler-waf 2 github.com/IceWhaleTech/CasaOS 2 github.com/projectcapsule/capsule-proxy 2

Filter by Repository