Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Loading...
Low
GSA_kwCzR0hTQS04Nmg1LXhjcHgtY2ZxY84AA5jS
ASA-2024-005: Potential slashing evasion during re-delegation
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS14NXI1LTJxcngtcnFqOM4AA5ik
Transparent TLS may not be applied to Marbles with certain manifest configurations
Ecosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xNmg4LTRqMnYtcGpnNM4AA5gv
Minder trusts client-provided mapping from repo name to upstream ID
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mdnY1LWgyOWctZjZ3Nc4AA5dq
User with ci:ReadAction permissions and write permissions to one path in a repository may copy objects from any path in the repository
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1yNTNoLWp2MmctdnB4Ns4AA5dg
Helm's Missing YAML Content Leads To Panic
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1mbWc0LXg4cHctaGpoZ84AA5dK
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04cGYyLXFqNHYtZmo2NM4AA5c1
Apache Answer Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1ybXFwLW12djItNTRjNs4AA5ct
Apache Answer Unrestricted Upload of File with Dangerous Type vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0yNTU3LXg5bWctNzZ3OM4AA5Zz
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00ajkzLWZtOTItcnA0bc4AA5Zy
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14OTg5LTUyZmMtNHZyNM4AA5Zr
Unencrypted traffic between pods when using Wireguard and an external kvstore
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03NDk2LWZndjkteHc4Ms4AA5Zq
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04aHAzLXJtcjcteGg4OM4AA5Wv
Open Redirect in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05M3g4LTY2ajItd3dyNc4AA5Wo
Server-Side Request Forgery in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yOTY5LTc4M2YtNmpxcs4AA5Wp
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12ZnBoLWhqZnYtY3B2Ms4AA5Wx
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jN3ZmLW0zOTQtbTR4NM4AA5Wn
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12cDY2LWdmN3ctOW00eM4AA5Wu
Insufficient Session Expiration in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04aDk1LWpjcDUtcGpwcs4AA5Wt
Improper Validation of Array Index in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12ajM2LTNjY3ItNjU2M84AA5Wr
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mZjcyLWZmNDItYzNnd84AA5Wm
Cross-site Scripting in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12NTNnLTVnanAtMjcycs4AA5Uj
Helm dependency management path traversal
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 2 months ago
High
GSA_kwCzR0hTQS04NHh2LWpmcm0taDRnbc4AA5Rh
registry-support: decompress can delete files outside scope via relative paths
Ecosystems: go
Packages: github.com/devfile/registry-support/registry-library
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zaHY0LXIyZm0taDI3Zs4AA5Rd
Email Validation Bypass And Preventing Sign Up From Email's Owner
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14d212LWN4N3AtZnFmY84AA5Oo
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zMmg3LTdqOTQtOGZjMs4AA5MM
Mattermost vulnerable to denial of service via large number of emoji reactions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1yODMzLXc3NTYtaDVwMs4AA5L7
Mattermost fails to check the required permissions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1xcjhmLWNqdzctODM4bc4AA5L-
Mattermost Jira Plugin does not properly check security levels
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS00ZnA2LTU3NHAtZmMzNc4AA5L6
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1jODY2LThncHctcDNtds4AA5K1
HashiCorp Nomad vulnerable to symlink attacks
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 2 months ago
High
GSA_kwCzR0hTQS04MzNtLTM3ZjctanE1Nc4AA5Kr
Rancher API Server Cross-site Scripting Vulnerability
Ecosystems: go
Packages: github.com/rancher/apiserver
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1yOGY0LWh2MjMtNnFwNs4AA5Kq
Norman API Cross-site Scripting Vulnerability
Ecosystems: go
Packages: github.com/rancher/norman
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 2 months ago
High
GSA_kwCzR0hTQS14Zmo3LXFmOHctMmdjcs4AA5Kp
Rancher 'Audit Log' leaks sensitive information
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 2 months ago
High
GSA_kwCzR0hTQS1jODVyLWZ3YzctNDV2Y84AA5Ko
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04cjMzLXE1ajUtcmg3Z84AA5Jo
APM Server vulnerable to Insertion of Sensitive Information into Log File
Ecosystems: go
Packages: github.com/elastic/apm-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12aDczLXEzcnctcXg3d84AA5En
Boundary vulnerable to session hijacking through TLS certificate tampering
Ecosystems: go
Packages: github.com/hashicorp/boundary
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05eGZ3LWpqcTItN3Y4aM4AA5Eg
1Panel set-cookie is missing the Secure keyword
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS12amc2LTkzZnYtcXY2NM4AA5Co
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1wbTNtLTMycjMtN21maM4AA5Cn
Etcd embed auto compaction retention negative value causing a compaction loop or a crash
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qODZ2LTJ2anItZmc4Zs4AA5Cm
Etcd Gateway TLS endpoint validation only confirms TCP reachability
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS01eDRnLXE1cmMtMzZqcM4AA5Cl
Etcd pkg Insecure ciphers are allowed by default
Ecosystems: go
Packages: go.etcd.io/etcd/client/pkg/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1nNXA2LTMyN20tM2Z4eM4AA5Bp
Talos Linux ships runc vulnerable to the escape to the host attack
Ecosystems: go
Packages: github.com/siderolabs/talos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14dzczLXJ3MzgtNnZqY84AA4_x
Classic builder cache poisoning
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: 3 months ago
High
GSA_kwCzR0hTQS14eDh3LW1xMjMtMjlnNM4AA4_w
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12Z2gzLW13eHEtcmNwOM4AA4--
Hashicorp Vault may expose sensitive log information
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
High
GSA_kwCzR0hTQS04cGp4LWpqODYtajQ3cM4AA4-8
Grafana path traversal
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jbWY0LWgzeGMtanc4d84AA4-7
Grafana Cross Site Request Forgery (CSRF)
Ecosystems: go
Packages: github.com/grafana/grafana/pkg/web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zZnd4LXBqZ3ctMzU1OM4AA4-5
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12NWdxLXF2anEtOHA1M84AA4-4
Grafana Cross-site Scripting (XSS)
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1xcnFyLTN4NWotMnh3Oc4AA4-3
Docker Moby Authentication Bypass
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02ZzJxLXc1ajMtZndoNM4AA4-2
containerd environment variable leak
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1ycTk1LXhmNjYtajY4Oc4AA4-1
Improper Authentication in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02Zmo1LW04MjItcnF4OM4AA4-0
moby docker daemon crash during image pull of malicious image
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03NDUyLXhxcGotNnJwY84AA4-z
moby Access to remapped root allows privilege escalation to real root
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02aHdnLXc1amctOWM2eM4AA4-y
Path Traversal in Moby builder
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ycGdwLTlobWctajI1eM4AA4-x
Enumeration of users in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02bTcyLTQ2N3ctOTRyaM4AA4-w
Privilege Escalation in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 3 months ago
High
GSA_kwCzR0hTQS00OTZnLWZyMzMtd2hyZs4AA4-v
Denial of service in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00cHdwLWN4NjctNWNweM4AA6O3
Grafana Arbitrary File Read
Ecosystems: go
Packages: github.com/grafana/grafana/pkg/tsdb/mysql
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS14cjdyLWY4eHEtdmZ2ds4AA4-u
runc vulnerable to container breakout through process.cwd trickery and leaked fds
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05cDI2LTY5OHItdzRoeM4AA4-t
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
High
GSA_kwCzR0hTQS1tM3I2LWg3d3YtN3h4ds4AA4-s
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00djk4LTdxbXctcnFyOM4AA4-r
BuildKit vulnerable to possible host system access from mount stub cleaner
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS13cjZ2LTlmNzUtdmgyZ84AA4-q
Buildkit's interactive containers API does not validate entitlements check
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ocHhyLXc5dzctZzRnds4AA4-o
stereoscope vulnerable to tar path traversal when processing OCI tar archives
Ecosystems: go
Packages: github.com/anchore/stereoscope
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yOHhwLTUybXEtcm1tOM4AA49h
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/apache/servicecomb-service-center
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 3 months ago
High
GSA_kwCzR0hTQS05eGM5LXhxN3ctdnBjcs4AA49b
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability
Ecosystems: go
Packages: github.com/apache/servicecomb-service-center
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 3 months ago
High
GSA_kwCzR0hTQS00bXA3LTJtMjktZ3F4Zs4AA49E
HashiCorp Vault Authentication bypass
Ecosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13cjJ2LTlycHEtYzM1cc4AA49D
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 3 months ago
High
GSA_kwCzR0hTQS0yeGhxLWd2NmMtcDIyNM4AA49C
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jaGg2LXBwd3Etamg5Ms4AA49A
Improper Preservation of Permissions in etcd
Ecosystems: go
Packages: github.com/etcd-io/etcd
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02d2gyLThodzctanc5NM4AA48_
Grafana XSS via adding a link in General feature
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jbXEyLWo4djgtMnE0NM4AA48-
Grafana XSS in Dashboard Text Panel
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tOTc5LXc5d2otcWZqOc4AA489
HashiCorp Vault Improper Privilege Management
Ecosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1qNnZ2LXZ2MjYtcmg3Y84AA488
HashiCorp Vault Improper Privilege Management
Ecosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oM3EyLTh3aHgtYzI5aM4AA485
`goreleaser release --debug` shows secrets
Ecosystems: go
Packages: github.com/goreleaser/goreleaser
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tcngzLWd4angtaGpxas4AA47t
Authentik vulnerable to PKCE downgrade attack
Ecosystems: go
Packages: goauthentik.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1xY2pxLTdmN3YtcHZjOM4AA47s
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS14dnE5LTR2cHYtMjI3bc4AA47r
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yeHB3LTg1dnctZng4N84AA45T
OpenFGA denial of service
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1ncjc5LTl2NnYtZ2M5cs4AA430
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
Ecosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 3 months ago
High
GSA_kwCzR0hTQS1nNHgzLW1mcGotZjMzNc4AA4mp
chasquid HTTP Request/Response Smuggling vulnerability
Ecosystems: go
Packages: github.com/albertito/chasquid
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01N3d4LW02MzYtZzNnOM4AA4lw
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 3 months ago
High
GSA_kwCzR0hTQS05Mm13LXEyNTYtNXZ3Z84AA4lC
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 3 months ago
High
GSA_kwCzR0hTQS1xcjhyLW00OTUtN2hjNM4AA4kV
Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1mNmpoLWh2ZzItOTUyNc4AA4iq
crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber)
Ecosystems: go
Packages: github.com/kudelskisecurity/crystals-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00bXEyLWdjNGotY213Ns4AA4Y6
Django Template Engine Vulnerable to XSS
Ecosystems: go
Packages: github.com/gofiber/template/django/v3
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 3 months ago
High
GSA_kwCzR0hTQS04cjI1LTY4d20tanczNc4AA4Y5
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1weG1yLXEyeDMtOXg5bc4AA4Y4
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1oMzc0LW1tNTctODc5Y84AA4Y3
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00NDlwLTNoODktcHc4OM4AA4Vg
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Ecosystems: go
Packages: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5, github.com/go-git/go-git/v4
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wNHJ4LTd3dmctZndyY84AA4U1
CRI-O's pods can break out of resource confinement on cgroupv2
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wcHh4LTVtOWgtNnZ4Zs4AA4Ux
quic-go's path validation mechanism can be exploited to cause denial of service
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wdmNyLXY4ajgtajVxM84AA4So
Parsing JSON serialized payload without protected field can lead to segfault
Ecosystems: go
Packages: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1janFmLTg3N3AtN20zZs4AA4Qp
snapd Race Condition vulnerability
Ecosystems: go
Packages: github.com/snapcore/snapd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 4 months ago
High
GSA_kwCzR0hTQS05NzYzLTRmOTQtZ2ZjaM4AA4Ql
CIRCL's Kyber: timing side-channel (kyberslash2)
Ecosystems: go
Packages: github.com/cloudflare/circl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00MzdtLTdoajUtOW1wd84AA4Ng
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Ecosystems: go
Packages: github.com/openkruise/kruise
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 4 months ago
Low
GSA_kwCzR0hTQS03eGcyLTgzZjgtMzltcs4AA4Lf
The DES/3DES cipher was used as part of the TLS protocol by installation tools
Ecosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Statistics
Advisories: 17,583
Packages: 8,150
Repositories: 531
Ecosystems: 12
Filter by Severity
Moderate 7,510 High 6,132 Critical 2,698 Low 961
Filter by Ecosystem
maven 5,501 pypi 3,537 npm 3,519 packagist 3,218 go 1,835 nuget 1,388 rubygems 812 cargo 772 swift 31 hex 29 actions 16 pub 8
Filter by Package
github.com/usememos/memos 59 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 30 github.com/argoproj/argo-cd 29 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 22 github.com/rancher/rancher 20 github.com/cilium/cilium 20 github.com/docker/docker 19 github.com/ethereum/go-ethereum 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 code.gitea.io/gitea 14 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 github.com/containerd/containerd 13 github.com/moby/moby 12 github.com/opencontainers/runc 12 github.com/cloudflare/cfrpki 11 github.com/openfga/openfga 11 github.com/greenpau/caddy-security 10 github.com/1Panel-dev/1Panel 10 github.com/cosmos/cosmos-sdk 10 github.com/go-gitea/gitea 10 github.com/sylabs/singularity 9 github.com/zitadel/zitadel 9 golang.org/x/crypto 9 github.com/cri-o/cri-o 8 istio.io/istio 8 github.com/kubeedge/kubeedge 8 go.etcd.io/etcd 8 github.com/containers/podman/v4 8 github.com/pomerium/pomerium 8 helm.sh/helm 7 github.com/traefik/traefik 7 github.com/beego/beego 7 github.com/kubernetes/kubernetes 7 github.com/nats-io/jwt 7 github.com/mattermost/mattermost-server 7 github.com/google/fscrypt 7 k8s.io/ingress-nginx 7 github.com/authzed/spicedb 6 github.com/hashicorp/go-getter 6 github.com/russellhaering/gosaml2 6 github.com/pterodactyl/wings 6 github.com/beego/beego/v2 6 github.com/hyperledger/fabric 6 github.com/gravitl/netmaker 6 github.com/russellhaering/goxmldsig 6 github.com/cubefs/cubefs 6 github.com/pion/dtls 6 github.com/sigstore/cosign 6 github.com/treeverse/lakefs 6 github.com/fluxcd/flux2 6 github.com/schollz/croc/v9 5 github.com/tidwall/gjson 5 github.com/cometbft/cometbft 5 github.com/kiali/kiali 5 go.etcd.io/etcd/v3 5 github.com/mattermost/mattermost-server/v5 5 github.com/gofiber/fiber/v2 5 github.com/fluxcd/kustomize-controller 5 github.com/containers/buildah 5 github.com/KubeOperator/kubepi 5 github.com/kyverno/kyverno 5 github.com/hashicorp/go-getter/v2 5 github.com/traefik/traefik/v3 5 github.com/0xJacky/Nginx-UI 5 github.com/gophish/gophish 5 github.com/moby/buildkit 5 github.com/tendermint/tendermint 5 github.com/pion/dtls/v2 5 github.com/foxcpp/maddy 5 github.com/apache/incubator-answer 5 github.com/alist-org/alist/v3 4 github.com/git-lfs/git-lfs 4 github.com/free5gc/free5gc 4 github.com/arduino/arduino-create-agent 4 github.com/open-policy-agent/opa 4 github.com/crewjam/saml 4 github.com/aws/aws-sdk-go 4 github.com/argoproj/argo-workflows/v3 4 github.com/casdoor/casdoor 4 github.com/dhowden/tag 4 github.com/dexidp/dex 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/concourse/concourse 4 github.com/lestrrat-go/jwx/v2 4 github.com/lestrrat-go/jwx 4 github.com/ipfs/go-ipfs 4 github.com/containers/podman/v3 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/apache/trafficcontrol 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/ory/fosite 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/gin-gonic/gin 4 golang.org/x/net/http2 4 github.com/ElrondNetwork/elrond-go 3 go.etcd.io/etcd/client/v3 3 github.com/flyteorg/flyteadmin 3 github.com/miekg/dns 3 github.com/apache/servicecomb-service-center 3 github.com/minio/minio 3 github.com/crossplane/crossplane 3 github.com/docker/distribution 3 github.com/syncthing/syncthing 3 gopkg.in/yaml.v2 3 github.com/fluxcd/helm-controller 3 golang.org/x/text 3 github.com/hashicorp/vault/vault 3 github.com/dutchcoders/transfer.sh 3 k8s.io/client-go 3 github.com/caddyserver/caddy 3 github.com/hashicorp/boundary 3 github.com/cortexproject/cortex 3 github.com/consensys/gnark 3 github.com/owncast/owncast 3 github.com/libp2p/go-libp2p 3 golang.org/x/image 3 github.com/coredns/coredns 3 github.com/crypto-org-chain/cronos 3 github.com/openshift/origin 3 github.com/stacklok/minder 3 github.com/edgelesssys/constellation/v2 3 github.com/cheqd/cheqd-node 3 github.com/jackc/pgx/v4 3 github.com/sigstore/cosign/v2 3 github.com/nats-io/jwt/v2 3 github.com/go-vela/server 3 github.com/projectcalico/calico 3 github.com/authelia/authelia/v4 3 kubevirt.io/kubevirt 3 github.com/weaveworks/weave-gitops 3 github.com/quic-go/quic-go 3 github.com/ory/oathkeeper 3 github.com/artifacthub/hub 3 github.com/lightningnetwork/lnd 3 github.com/square/go-jose 3 github.com/phachon/mm-wiki 3 github.com/notaryproject/notation 3 github.com/mholt/archiver 3 github.com/tharsis/evmos 3 Google.Protobuf 2 github.com/multiversx/mx-chain-go 2 github.com/cloudflare/circl 2 github.com/peterzen/goresolver 2 github.com/jaegertracing/jaeger 2 github.com/navidrome/navidrome 2 github.com/fleetdm/fleet/v4 2 github.com/dvsekhvalnov/jose2go 2 github.com/apptainer/apptainer 2 github.com/nats-io/nats-streaming-server 2 github.com/tiagorlampert/CHAOS 2 github.com/go-yaml/yaml 2 google/protobuf 2 github.com/siderolabs/talos 2 github.com/ansible-semaphore/semaphore 2 github.com/buildkite/elastic-ci-stack-for-aws/v6 2 protobuf 2 github.com/unknwon/cae 2 rancher/rancher 2 github.com/etcd-io/etcd 2 github.com/clastix/capsule-proxy 2 github.com/woodpecker-ci/woodpecker 2 github.com/theupdateframework/go-tuf 2 github.com/gphper/ginadmin 2 github.com/sigstore/rekor 2 vitess.io/vitess 2 github.com/containers/podman 2 github.com/IceWhaleTech/CasaOS 2 github.com/kitabisa/teler-waf 2 github.com/labstack/echo/v4 2 github.com/ipld/go-codec-dagpb 2 github.com/notaryproject/notation-go 2 github.com/openshift/apiserver-library-go 2 github.com/kata-containers/runtime 2 github.com/codenotary/immudb 2 tailscale.com 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/zalando/skipper 2 github.com/apache/thrift 2 mellium.im/xmpp 2 github.com/talos-systems/talos 2 github.com/mutagen-io/mutagen 2 github.com/pires/go-proxyproto 2 github.com/microcosm-cc/bluemonday 2 github.com/prometheus/prometheus 2 github.com/nats-io/nats-server 2 github.com/flipped-aurora/gin-vue-admin/server 2 github.com/sap/cloud-security-client-go 2 github.com/bitly/oauth2_proxy 2 github.com/swaggo/http-swagger 2
Filter by Repository
https://github.com/usememos/memos 59 https://github.com/kubernetes/kubernetes 42 https://github.com/argoproj/argo-cd 36 https://github.com/answerdev/answer 34 https://github.com/go-gitea/gitea 24 https://github.com/rancher/rancher 21 https://github.com/grafana/grafana 21 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/goharbor/harbor 15 https://github.com/ethereum/go-ethereum 15 https://github.com/moby/moby 14 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/traefik/traefik 13 https://github.com/containerd/containerd 13 https://github.com/openfga/openfga 11 https://github.com/opencontainers/runc 11 https://github.com/cloudflare/cfrpki 11 https://github.com/1Panel-dev/1Panel 10 https://github.com/greenpau/caddy-security 10 https://github.com/nats-io/nats-server 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/containers/podman 10 https://github.com/zitadel/zitadel 9 https://github.com/mattermost/mattermost 8 https://github.com/istio/istio 8 https://github.com/kubeedge/kubeedge 8 https://github.com/cri-o/cri-o 8 https://github.com/pomerium/pomerium 8 https://github.com/docker/docker 8 https://github.com/hpcng/singularity 7 https://github.com/kubernetes/ingress-nginx 7 https://github.com/google/fscrypt 7 https://github.com/beego/beego 7 https://github.com/sigstore/cosign 6 https://github.com/schollz/croc 6 https://github.com/pterodactyl/wings 6 https://github.com/pion/dtls 6 https://github.com/authzed/spicedb 6 https://github.com/containers/buildah 6 https://github.com/moby/buildkit 6 https://github.com/cubefs/cubefs 6 https://github.com/fluxcd/flux2 6 https://github.com/hyperledger/fabric 6 https://github.com/gravitl/netmaker 6 https://github.com/hashicorp/go-getter 6 https://github.com/treeverse/lakeFS 6 https://github.com/foxcpp/maddy 5 https://github.com/kyverno/kyverno 5 https://github.com/crewjam/saml 5 https://github.com/free5gc/free5gc 5 https://github.com/ipfs/go-ipfs 5 https://github.com/cometbft/cometbft 5 https://github.com/gofiber/fiber 5 https://github.com/gophish/gophish 5 https://github.com/argoproj/argo-workflows 5 https://github.com/0xJacky/nginx-ui 5 https://github.com/russellhaering/gosaml2 5 https://github.com/tendermint/tendermint 5 https://github.com/tidwall/gjson 5 https://github.com/grafana/bugbounty 4 https://github.com/open-policy-agent/opa 4 https://github.com/lestrrat-go/jwx 4 https://github.com/dhowden/tag 4 https://github.com/dexidp/dex 4 https://github.com/casdoor/casdoor 4 https://github.com/siderolabs/talos 4 https://github.com/arduino/arduino-create-agent 4 https://github.com/IceWhaleTech/CasaOS-UserService 4 https://github.com/gin-gonic/gin 4 https://github.com/aws/aws-sdk-go 4 https://github.com/oauth2-proxy/oauth2-proxy 4 https://github.com/ory/fosite 4 https://github.com/git-lfs/git-lfs 4 https://github.com/containous/traefik 4 https://github.com/concourse/concourse 4 https://github.com/nats-io/jwt 4 https://github.com/caddyserver/caddy 4 https://github.com/cheqd/cheqd-node 3 https://github.com/authelia/authelia 3 https://github.com/quic-go/quic-go 3 https://github.com/libp2p/go-libp2p 3 https://github.com/edgelesssys/constellation 3 https://github.com/ipfs/boxo 3 https://github.com/dutchcoders/transfer.sh 3 https://github.com/openshift/origin 3 https://github.com/kiali/kiali 3 https://github.com/open-telemetry/opentelemetry-go-contrib 3 https://github.com/crossplane/crossplane 3 https://github.com/KubeOperator/KubePi 3 https://github.com/weaveworks/weave-gitops 3 https://github.com/phachon/mm-wiki 3 https://github.com/ory/oathkeeper 3 https://github.com/cortexproject/cortex 3 https://github.com/tailscale/tailscale 3 https://github.com/minio/minio 3 https://github.com/flyteorg/flyteadmin 3 https://github.com/go-vela/server 3 https://github.com/stacklok/minder 3 https://github.com/flipped-aurora/gin-vue-admin 3 https://github.com/Consensys/gnark 3 https://github.com/go-yaml/yaml 3 https://github.com/sylabs/singularity 3 https://github.com/alist-org/alist 3 https://github.com/moby/libnetwork 3 https://github.com/evmos/evmos 3 https://github.com/ElrondNetwork/elrond-go 3 https://github.com/syncthing/syncthing 3 https://github.com/square/go-jose 3 https://github.com/artifacthub/hub 3 https://github.com/gogits/gogs 3 https://github.com/sylabs/sif 2 https://github.com/labring/sealos 2 https://github.com/codenotary/immudb 2 https://github.com/multiversx/mx-chain-go 2 https://github.com/labstack/echo 2 https://github.com/minio/console 2 https://github.com/Consensys/gnark-crypto 2 https://github.com/coreos/etcd 2 https://github.com/miekg/dns 2 https://github.com/microcosm-cc/bluemonday 2 https://github.com/mholt/archiver 2 https://github.com/coredns/coredns 2 https://github.com/mellium/xmpp 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/lightningnetwork/lnd 2 https://github.com/containers/libpod 2 https://github.com/woodpecker-ci/woodpecker 2 https://github.com/Masterminds/goutils 2 https://github.com/heroiclabs/nakama 2 https://github.com/elastic/beats 2 https://github.com/hashicorp/terraform 2 https://github.com/envoyproxy/envoy 2 https://github.com/facebook/fbthrift 2 https://github.com/fkie-cad/yapscan 2 https://github.com/gphper/ginadmin 2 https://github.com/fleetdm/fleet 2 https://github.com/fluid-cloudnative/fluid 2 https://github.com/gotify/server 2 https://github.com/flynn/noise 2 https://github.com/vitessio/vitess 2 https://github.com/ulikunitz/xz 2 https://github.com/google/exposure-notifications-verification-server 2 https://github.com/unknwon/cae 2 https://github.com/golang/crypto 2 https://github.com/go-jose/go-jose 2 https://github.com/go-git/go-git 2 https://github.com/kubevirt/kubevirt 2 https://github.com/kubernetes-sigs/secrets-store-csi-driver 2 https://github.com/cosmos/ethermint 2 https://github.com/temporalio/temporal 2 https://github.com/crypto-org-chain/cronos 2 https://github.com/kitabisa/teler-waf 2 https://github.com/kitabisa/teler 2 https://github.com/distribution/distribution 2 https://github.com/jackc/pgproto3 2 https://github.com/ipld/go-codec-dagpb 2 https://github.com/drakkan/sftpgo 2 https://github.com/dvsekhvalnov/jose2go 2 https://github.com/influxdata/influxdb 2 https://github.com/imgproxy/imgproxy 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/ecnepsnai/web 2 https://github.com/theupdateframework/go-tuf 2 https://github.com/edgelesssys/marblerun 2 https://github.com/u-root/u-root 2 https://github.com/ntbosscher/gobase 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/swaggo/http-swagger 2 https://github.com/supranational/blst 2 https://github.com/openshift/apiserver-library-go 2 https://github.com/owncast/owncast 2 https://github.com/peterzen/goresolver 2 https://github.com/apache/trafficcontrol 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/sajari/docconv 2 https://github.com/pingcap/tidb 2 https://github.com/buger/jsonparser 2 https://github.com/pires/go-proxyproto 2 https://github.com/brokercap/Bifrost 2 https://github.com/russellhaering/goxmldsig 2 https://github.com/stripe/smokescreen 2 https://github.com/bottlerocket-os/bottlerocket 2 https://github.com/apptainer/apptainer 2 https://github.com/zalando/skipper 2 https://github.com/argoproj/argo-events 2 https://github.com/bitly/oauth2_proxy 2 https://github.com/projectcapsule/capsule-proxy 2 https://github.com/rancher/wrangler 2 https://github.com/projectdiscovery/nuclei 2 https://github.com/atredispartners/advisories 2 https://github.com/prometheus/prometheus 2 https://github.com/mutagen-io/mutagen 2 https://github.com/zinclabs/zinc 2