Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1xbXZqLTRxcjktdjU0N84AA3Yf
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Ecosystems: go
Packages: knative.dev/serving
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04NWpqLWM5anItOWpoeM4AA3Xb
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zNDg3LTNqN2MtN2d3as4AA3XX
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1wNXByLXZtM2otanh4Zs4AA3Xm
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qanI3LTM3MnItY3g3eM4AA3XY
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jMzdyLXY4angtN2N2Ms4AA3Xi
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qNGMzLTNoNzMtNzRtOc4AA3Xj
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00Z2h4LThqdzgtcDc2cc4AA3XZ
Mattermost Open Redirect vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1qY2d2LTNwZnEtajRocs4AA3Xh
Mattermost Injection vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qajQ2LTljZ2gtcW1meM4AA3Xc
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1mcHZ3LTZtNXYtaHFmcM4AA3W4
Capsule Proxy Authentication bypass using an empty token
Ecosystems: go
Packages: github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Source: GitHub Advisory Database
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05ampjLWdyZzUtNjdnas4AA3W2
SQL injection vulnerability in Meshery
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yYzdjLTNtajktOGZxaM4AA3S1
Decryption of malicious PBES2 JWE objects can consume unbounded system resources
Ecosystems: go
Packages: github.com/square/go-jose, github.com/go-jose/go-jose/v3
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS0zZjJxLTYyOTQtZm1xNc4AA3P8
Inefficient Regular Expression Complexity in git-urls
Ecosystems: go
Packages: github.com/whilp/git-urls
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS1xMjdoLWh3MnYteDVqbc4AA3Ov
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component
Ecosystems: go
Packages: github.com/free5gc/free5gc
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS02OTQ0LTZwbXYtNm1wMs4AA3M9
free5gc Buffer Overflow vulnerability
Ecosystems: go
Packages: github.com/free5gc/free5gc
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS0zaGZxLWN4OWotOTIzd84AA3K0
Attacker can cause Kyverno user to unintentionally consume insecure image
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1ocTZxLWMyeDYtaG1jaM4AA3Ko
Kubernetes Improper Input Validation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14dnJjLTJ3dmgtNDl2Y84AA3Ht
Gitsign's Rekor public keys fetched from upstream API instead of local TUF client.
Ecosystems: go
Packages: github.com/sigstore/gitsign
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS12OXcyLTU0M2YtaDY5bc4AA3Hs
Fabric vulnerable to crosslinking transaction attack
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yamptLXgzMnAtbTNmN84AA3C1
gnark's range checker gadget allows wider inputs up to word alignment
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS04cGd2LTU2OWgtdzVyd84AA3C0
otelgrpc DoS vulnerability due to unbound cardinality metrics
Ecosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS13cDc2LWNmMmotcnFxN84AA3Ct
Headscale writes bearer tokens to info-level logs
Ecosystems: go
Packages: github.com/juanfont/headscale
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS00cWhjLXY4cjYtOHZ3bc4AA3B2
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yMnh2LXZwcjItNDJtOc4AA2_p
slsa-verifier vulnerable to mproper validation of npm's publish attestations
Ecosystems: go
Packages: github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS03aDhtLXZyeHgtdnI0bc4AA2_V
ZITADEL race condition in lockout policy execution
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Ecosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS02NzU4LTk3OWgtMjQ5eM4AA2-V
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name
Ecosystems: go
Packages: github.com/projectcapsule/capsule-proxy, github.com/projectcapsule/capsule
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14dnE2LWg4OTgtd2NqOM4AA29G
Mattermost denial of service vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13NDk2LWY1cXEtbTU4as4AA29F
Mattermost vulnerable to excessive memory consumption
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS01cjVoLXE5MzQtY2NjcM4AA29C
Calico Typha denial of service vulnerability
Ecosystems: go
Packages: github.com/projectcalico/calico
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1yNjdtLW1mN3YtcXA3as4AA29D
Mattermost password hash disclosure vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1yNmNjLTd3ajctZ2Z4Ms4AA26g
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
Ecosystems: go
Packages: github.com/kubernetes-csi/csi-proxy
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qZzd3LWN4anYtOThjMs4AA21G
SpiceDB leaks information in log files when URI cannot be parsed
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS03ZnhtLWY0NzQtaGY4d84AA209
Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1xNzhjLWd3cXctamNtY84AA20_
Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1tcjQ1LXJ4OHEtd2NtOc4AA207
xkeys seal encryption used fixed key for all encryption
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/nkeys
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qcTM1LTg1Y2otZmo0cM4AA2xO
/sys/devices/virtual/powercap accessible by default to containers
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS0zcTZtLXY4NGYtNnA5aM4AA2xM
quic-go vulnerable to pointer dereference that can lead to panic
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zNWM3LXczNWYteHdnaM4AA2xD
Kube-proxy may unintentionally forward traffic
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS00N3h3LXZ3Nm0tdzlmcc4AA2wh
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vagrant
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List Filters
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us
Cosmos packet-forward-middleware vulnerable to chain-halt
Ecosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS01d2o0LXdmZnEtMzM3OM4AA2tO
Ingress nginx annotation injection causes arbitrary command execution
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1mcDlmLTQ0YzItY3cyN84AA2tB
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1ndnJtLXcyZjktZjc3cc4AA2sh
Ingress-nginx path sanitization can be bypassed
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1tNDI1LW1xOTQtMjU3Z84AA2sQ
gRPC-Go HTTP/2 Rapid Reset vulnerability
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00cjV4LXgyODMtd205Ns4AA2oW
Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
Ecosystems: go
Packages: github.com/jumpserver/koko
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1jcXZ2LXIzZzMtMjZyZs4AA2nX
free5GC udm vulnerable to Invalid Curve Attack
Ecosystems: go
Packages: github.com/free5gc/udm
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xMjRtLTZoMzgtNXhqOM4AA2kK
ydb-go-sdk token in custom credentials object can leak through logs
Ecosystems: go
Packages: github.com/ydb-platform/ydb-go-sdk/v3
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1obXE0LWMycjQtNXE4aM4AA2kJ
Artifact Hub arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI
Artifact Hub allows unsafe rego built-in
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1nNnBxLXg1MzktN3c0as4AA2kH
Artifact Hub has Incorrect Docker Hub registry check
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1mcjJnLTloam0td3IyM84AA2kD
NATS.io: Adding accounts for just the system account adds auth bypass
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1ocjRmLTZqaDgtZjJ2cc4AA2i_
OpenFGA DoS vulnerability
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tNWpjLXI0Z2YtYzZwOM4AA2i-
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS03NWo3LXc3OTgtY3d3eM4AA2i9
Arduino Create Agent path traversal - local privilege escalation vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tanE2LXB2OWMtcXBwcc4AA2i8
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS00eDVxLXE3d2MtcTIycM4AA2i7
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS12OWpoLWo4cHgtOTh2cc4AA2iM
go-ethereum vulnerable to denial of service via crafted GraphQL query
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS03cDkyLXg0MjMtdndqNs4AA2gZ
Plonk verifier KZG multi point verification
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS0yNjd2LTN2MzItZzZxNc4AA2gX
Cross-site Scripting via missing Binding syntax validation
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS05d21jLXJnNGgtMjh3ds4AA2gR
github.com/kumahq/kuma affected by CVE-2023-44487
Ecosystems: go
Packages: github.com/kumahq/kuma
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1tdjczLWY2OXgtNDQ0cM4AA2gQ
Go Fiber CSRF Token Validation Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05NHc5LTk3cDMtcDM2OM4AA2gP
CSRF Token Reuse Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03djRwLTMyOHYtOHY1Z84AA2fi
Traefik vulnerable to HTTP/2 request causing denial of service
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1yY2p2LW1ncDgtcXZtcs4AA2eX
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
Ecosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace, go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron, go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho, go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zN3g1LXFwbTgtNTNycc4AA2eH
Google Sheets data source plugin for Grafana information disclosure vulnerability
Ecosystems: go
Packages: github.com/grafana/google-sheets-datasource
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mdzljLTc1aGgtODlwNs4AA2ds
Grafana privilege escalation vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS04Z3dqLW02dmgtMmc2as4AA2Zu
kOps privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kops
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS00Mzc0LXA2NjctcDZjOM4AA2ZJ
HTTP/2 rapid reset can cause excessive work in net/http
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12NjgzLXJjeHgtdnBmZs4AA2X6
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tcTZmLTV4aDUtaGdjZs4AA2X3
Harbor timing attack risk
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2
HTTP/2 Stream Cancellation Attack
Ecosystems: maven, swift, go
Packages: org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS12eDc0LWY1MjgtZnhxZ84AA2Va
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset
Ecosystems: go
Packages: github.com/nghttp2/nghttp2
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02MjJoLWgycDgtNzQzeM4AA2R2
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Ecosystems: go
Packages: github.com/neuvector/neuvector
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1wZmZnLTkyY2cteGY1Y84AA2Qs
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Ecosystems: go
Packages: github.com/consensys/gnark-crypto
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00OTh3LTVqNDktdnFqZ84AA2PN
gnark unsoundness in variable comparison / non-unique binary decomposition
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1tYzk3LTk5ajQtdm0yds4AA2MF
Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled
Ecosystems: go
Packages: github.com/charmbracelet/soft-serve
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1oOHdoLWY3Z3ctZndwcs4AA2I9
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oNjl2LW12aDktaGZycc4AA2I8
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1ycDY1LWpwYzctOGg4cM4AA2I7
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05aHdwLWNqN20td2p3NM4AA2I2
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zM3I3LXdqZmMtN3c5OM4AA2Iz
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS04NmM2LTNnNjMtNXc2NM4AA2Id
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yaG05LWg4NzMtcGdxaM4AA2IH
OpenFGA Vulnerable to DoS from circular relationship definitions
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05eGZxLThqM3IteHA1Z84AA2Hb
Consensys gnark-crypto allows Signature Malleability
Ecosystems: go
Packages: github.com/Consensys/gnark-crypto
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02anF3LWp3ZjUtcnA4aM4AA2HB
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00eHAyLXc2NDItN21jeM4AA2C6
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS0yNG01LXI2aHYtY2NncM4AA2C5
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1yNWhtLW1wM2otMjg1Z84AA2C4
sing-box vulnerable to improper authentication in the SOCKS inbound
Ecosystems: go
Packages: github.com/sagernet/sing, github.com/sagernet/sing-box
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1najJyLXBod2ctNnJ3d84AA2C0
Kubernetes users may update Pod labels to bypass network policy
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS12Znc1LWhyZ3EtaDV3Zs4AA2Bv
x/net/html Vulnerable to DoS During HTML Parsing
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS05Mmh4LTNtaDYtaGM0Oc4AA2A6
kube-apiserver authentication bypass vulnerability
Ecosystems: go
Packages: github.com/openshift/apiserver-library-go
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02ZjRtLWo1NnctNTVjM84AA2A3
Kiali content spoofing vulnerability
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1tOXhxLTZoMmotNjVyMs4AA2Ar
Markdown vulnerable to Out-of-bounds Read while parsing citations
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS14NGhoLXZqbTctZzJqds4AA1-x
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input
Ecosystems: go
Packages: github.com/contribsys/faktory
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS0zNjRjLXZ2cXgtNDQ2Y84AA19Z
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04Yzh3LWY3d3AtMmpyMs4AA19Y
Sender can cause a receiver to overwrite files during ZIP extraction in Croc
Ecosystems: go
Packages: github.com/schollz/croc
Source: GitHub Advisory Database
Published: 6 months ago
Statistics
Advisories: 17,222
Packages: 7,996
Repositories: 522
Ecosystems: 12
Filter by Package
github.com/usememos/memos 59 github.com/mattermost/mattermost-server/v6 37 github.com/mattermost/mattermost/server/v8 34 github.com/answerdev/answer 34 k8s.io/kubernetes 30 github.com/argoproj/argo-cd 29 github.com/grafana/grafana 28 github.com/hashicorp/vault 27 github.com/hashicorp/consul 24 gogs.io/gogs 24 github.com/hashicorp/nomad 23 github.com/rancher/rancher 20 github.com/argoproj/argo-cd/v2 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 19 helm.sh/helm/v3 18 golang.org/x/net 16 github.com/docker/docker 16 github.com/goharbor/harbor 15 github.com/containerd/containerd 13 github.com/nats-io/nats-server/v2 13 code.gitea.io/gitea 13 github.com/opencontainers/runc 12 github.com/traefik/traefik/v2 11 github.com/moby/moby 11 github.com/cloudflare/cfrpki 11 github.com/cosmos/cosmos-sdk 10 github.com/greenpau/caddy-security 10 github.com/go-gitea/gitea 10 github.com/openfga/openfga 10 golang.org/x/crypto 9 github.com/1Panel-dev/1Panel 9 github.com/sylabs/singularity 9 github.com/zitadel/zitadel 9 istio.io/istio 8 go.etcd.io/etcd 8 github.com/containers/podman/v4 8 github.com/kubeedge/kubeedge 8 github.com/cri-o/cri-o 8 github.com/pomerium/pomerium 8 github.com/beego/beego 7 github.com/mattermost/mattermost-server 7 github.com/kubernetes/kubernetes 7 github.com/nats-io/jwt 7 github.com/google/fscrypt 7 helm.sh/helm 7 k8s.io/ingress-nginx 7 github.com/gravitl/netmaker 6 github.com/beego/beego/v2 6 github.com/russellhaering/gosaml2 6 github.com/hyperledger/fabric 6 github.com/russellhaering/goxmldsig 6 github.com/cubefs/cubefs 6 github.com/traefik/traefik 6 github.com/treeverse/lakefs 6 github.com/pterodactyl/wings 6 github.com/fluxcd/flux2 6 github.com/hashicorp/go-getter 6 github.com/pion/dtls 6 github.com/kyverno/kyverno 5 github.com/moby/buildkit 5 github.com/fluxcd/kustomize-controller 5 github.com/tidwall/gjson 5 github.com/kiali/kiali 5 github.com/tendermint/tendermint 5 github.com/schollz/croc/v9 5 github.com/hashicorp/go-getter/v2 5 github.com/foxcpp/maddy 5 github.com/authzed/spicedb 5 github.com/cometbft/cometbft 5 github.com/pion/dtls/v2 5 github.com/gofiber/fiber/v2 5 github.com/mattermost/mattermost-server/v5 5 github.com/KubeOperator/kubepi 5 github.com/0xJacky/Nginx-UI 5 go.etcd.io/etcd/v3 5 github.com/gophish/gophish 5 github.com/containers/buildah 5 github.com/dexidp/dex 4 github.com/ipfs/go-ipfs 4 github.com/ory/fosite 4 github.com/alist-org/alist/v3 4 github.com/gin-gonic/gin 4 github.com/open-policy-agent/opa 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/argoproj/argo-workflows/v3 4 github.com/containers/podman/v3 4 github.com/aws/aws-sdk-go 4 github.com/concourse/concourse 4 github.com/apache/incubator-answer 4 github.com/git-lfs/git-lfs 4 github.com/lestrrat-go/jwx/v2 4 github.com/lestrrat-go/jwx 4 github.com/crewjam/saml 4 github.com/sigstore/cosign 4 github.com/apache/trafficcontrol 4 github.com/casdoor/casdoor 4 github.com/free5gc/free5gc 4 github.com/arduino/arduino-create-agent 4 github.com/dhowden/tag 4 golang.org/x/net/http2 3 github.com/dutchcoders/transfer.sh 3 golang.org/x/text 3 github.com/libp2p/go-libp2p 3 github.com/fluxcd/helm-controller 3 go.etcd.io/etcd/client/v3 3 github.com/minio/minio 3 github.com/cheqd/cheqd-node 3 github.com/traefik/traefik/v3 3 github.com/crypto-org-chain/cronos 3 github.com/coredns/coredns 3 github.com/owncast/owncast 3 github.com/nats-io/jwt/v2 3 github.com/ElrondNetwork/elrond-go 3 github.com/syncthing/syncthing 3 github.com/hashicorp/boundary 3 github.com/consensys/gnark 3 github.com/IceWhaleTech/CasaOS-UserService 3 k8s.io/client-go 3 github.com/projectcalico/calico 3 github.com/notaryproject/notation 3 github.com/flyteorg/flyteadmin 3 golang.org/x/image 3 github.com/hashicorp/vault/vault 3 github.com/apache/servicecomb-service-center 3 github.com/docker/distribution 3 github.com/jackc/pgx/v4 3 github.com/artifacthub/hub 3 github.com/crossplane/crossplane 3 github.com/go-vela/server 3 github.com/cortexproject/cortex 3 github.com/ory/oathkeeper 3 github.com/phachon/mm-wiki 3 github.com/lightningnetwork/lnd 3 github.com/openshift/origin 3 github.com/caddyserver/caddy 3 gopkg.in/yaml.v2 3 github.com/square/go-jose 3 github.com/weaveworks/weave-gitops 3 github.com/miekg/dns 3 github.com/cosmos/ethermint 2 github.com/kata-containers/runtime 2 github.com/zalando/skipper 2 github.com/codenotary/immudb 2 github.com/theupdateframework/go-tuf 2 github.com/gofiber/fiber 2 github.com/stacklok/minder 2 github.com/pires/go-proxyproto 2 github.com/cloudflare/circl 2 github.com/apache/thrift 2 github.com/u-root/u-root 2 github.com/mattermost/mattermost-plugin-jira 2 google.golang.org/protobuf 2 github.com/nats-io/nats-server 2 github.com/ulikunitz/xz 2 github.com/woodpecker-ci/woodpecker 2 github.com/sap/cloud-security-client-go 2 tailscale.com 2 github.com/notaryproject/notation-go 2 github.com/sigstore/rekor 2 github.com/openshift/apiserver-library-go 2 github.com/ipld/go-codec-dagpb 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 2 github.com/pydio/cells 2 github.com/netlify/gotrue 2 github.com/authelia/authelia/v4 2 github.com/etcd-io/etcd 2 github.com/Masterminds/goutils 2 github.com/mutagen-io/mutagen 2 github.com/imgproxy/imgproxy/v3 2 github.com/nats-io/nats-streaming-server 2 github.com/siderolabs/talos 2 protobuf 2 github.com/protocolbuffers/protobuf 2 google/protobuf 2 Google.Protobuf 2 github.com/navidrome/navidrome 2 mellium.im/xmpp 2 github.com/hashicorp/terraform 2 github.com/projectcapsule/capsule-proxy 2 github.com/unknwon/cae 2 github.com/fkie-cad/yapscan 2 github.com/buildkite/elastic-ci-stack-for-aws/v6 2 github.com/quic-go/quic-go 2 github.com/apptainer/apptainer 2 github.com/multiversx/mx-chain-go 2 rancher/rancher 2 github.com/jaegertracing/jaeger 2 github.com/ansible-semaphore/semaphore 2 github.com/go-yaml/yaml 2 github.com/containers/podman 2 google.golang.org/grpc 2 github.com/kitabisa/teler-waf 2 github.com/dvsekhvalnov/jose2go 2 github.com/IceWhaleTech/CasaOS 2 github.com/talos-systems/talos 2 github.com/ecnepsnai/web 2
Filter by Repository
https://github.com/usememos/memos 59 https://github.com/kubernetes/kubernetes 42 https://github.com/answerdev/answer 34 https://github.com/argoproj/argo-cd 34 https://github.com/go-gitea/gitea 23 https://github.com/rancher/rancher 21 https://github.com/grafana/grafana 21 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/helm/helm 19 https://github.com/hashicorp/consul 18 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/goharbor/harbor 15 https://github.com/ethereum/go-ethereum 15 https://github.com/containerd/containerd 13 https://github.com/golang/go 13 https://github.com/moby/moby 12 https://github.com/hashicorp/nomad 11 https://github.com/traefik/traefik 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencontainers/runc 11 https://github.com/cosmos/cosmos-sdk 10 https://github.com/containers/podman 10 https://github.com/nats-io/nats-server 10 https://github.com/openfga/openfga 10 https://github.com/greenpau/caddy-security 10 https://github.com/1Panel-dev/1Panel 9 https://github.com/zitadel/zitadel 9 https://github.com/docker/docker 8 https://github.com/kubeedge/kubeedge 8 https://github.com/istio/istio 8 https://github.com/cri-o/cri-o 8 https://github.com/pomerium/pomerium 8 https://github.com/hpcng/singularity 7 https://github.com/kubernetes/ingress-nginx 7 https://github.com/beego/beego 7 https://github.com/google/fscrypt 7 https://github.com/schollz/croc 6 https://github.com/pterodactyl/wings 6 https://github.com/pion/dtls 6 https://github.com/containers/buildah 6 https://github.com/moby/buildkit 6 https://github.com/mattermost/mattermost 6 https://github.com/cubefs/cubefs 6 https://github.com/fluxcd/flux2 6 https://github.com/hyperledger/fabric 6 https://github.com/hashicorp/go-getter 6 https://github.com/gravitl/netmaker 6 https://github.com/treeverse/lakeFS 6 https://github.com/foxcpp/maddy 5 https://github.com/ipfs/go-ipfs 5 https://github.com/crewjam/saml 5 https://github.com/kyverno/kyverno 5 https://github.com/free5gc/free5gc 5 https://github.com/gofiber/fiber 5 https://github.com/cometbft/cometbft 5 https://github.com/gophish/gophish 5 https://github.com/authzed/spicedb 5 https://github.com/argoproj/argo-workflows 5 https://github.com/0xJacky/nginx-ui 5 https://github.com/russellhaering/gosaml2 5 https://github.com/tidwall/gjson 5 https://github.com/tendermint/tendermint 5 https://github.com/dhowden/tag 4 https://github.com/dexidp/dex 4 https://github.com/gin-gonic/gin 4 https://github.com/git-lfs/git-lfs 4 https://github.com/containous/traefik 4 https://github.com/ory/fosite 4 https://github.com/concourse/concourse 4 https://github.com/casdoor/casdoor 4 https://github.com/caddyserver/caddy 4 https://github.com/open-policy-agent/opa 4 https://github.com/aws/aws-sdk-go 4 https://github.com/siderolabs/talos 4 https://github.com/sigstore/cosign 4 https://github.com/oauth2-proxy/oauth2-proxy 4 https://github.com/lestrrat-go/jwx 4 https://github.com/arduino/arduino-create-agent 4 https://github.com/nats-io/jwt 4 https://github.com/moby/libnetwork 3 https://github.com/minio/minio 3 https://github.com/dutchcoders/transfer.sh 3 https://github.com/ElrondNetwork/elrond-go 3 https://github.com/flyteorg/flyteadmin 3 https://github.com/libp2p/go-libp2p 3 https://github.com/gogits/gogs 3 https://github.com/phachon/mm-wiki 3 https://github.com/go-vela/server 3 https://github.com/ory/oathkeeper 3 https://github.com/go-yaml/yaml 3 https://github.com/sylabs/singularity 3 https://github.com/open-telemetry/opentelemetry-go-contrib 3 https://github.com/grafana/bugbounty 3 https://github.com/openshift/origin 3 https://github.com/syncthing/syncthing 3 https://github.com/tailscale/tailscale 3 https://github.com/KubeOperator/KubePi 3 https://github.com/kiali/kiali 3 https://github.com/IceWhaleTech/CasaOS-UserService 3 https://github.com/ipfs/boxo 3 https://github.com/square/go-jose 3 https://github.com/alist-org/alist 3 https://github.com/artifacthub/hub 3 https://github.com/cheqd/cheqd-node 3 https://github.com/Consensys/gnark 3 https://github.com/cortexproject/cortex 3 https://github.com/weaveworks/weave-gitops 3 https://github.com/crossplane/crossplane 3 https://github.com/kubevirt/kubevirt 2 https://github.com/kubernetes-sigs/secrets-store-csi-driver 2 https://github.com/zalando/skipper 2 https://github.com/argoproj/argo-events 2 https://github.com/crypto-org-chain/cronos 2 https://github.com/kitabisa/teler-waf 2 https://github.com/kitabisa/teler 2 https://github.com/atredispartners/advisories 2 https://github.com/jackc/pgproto3 2 https://github.com/ipld/go-codec-dagpb 2 https://github.com/authelia/authelia 2 https://github.com/bitly/oauth2_proxy 2 https://github.com/bottlerocket-os/bottlerocket 2 https://github.com/influxdata/influxdb 2 https://github.com/imgproxy/imgproxy 2 https://github.com/brokercap/Bifrost 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/distribution/distribution 2 https://github.com/zinclabs/zinc 2 https://github.com/minio/console 2 https://github.com/miekg/dns 2 https://github.com/microcosm-cc/bluemonday 2 https://github.com/mholt/archiver 2 https://github.com/mellium/xmpp 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/sylabs/sif 2 https://github.com/Masterminds/goutils 2 https://github.com/lightningnetwork/lnd 2 https://github.com/1Panel-dev/KubePi 2 https://github.com/drakkan/sftpgo 2 https://github.com/apache/trafficcontrol 2 https://github.com/labstack/echo 2 https://github.com/labring/sealos 2 https://github.com/apptainer/apptainer 2 https://github.com/golang/crypto 2 https://github.com/coredns/coredns 2 https://github.com/go-jose/go-jose 2 https://github.com/u-root/u-root 2 https://github.com/coreos/etcd 2 https://github.com/go-git/go-git 2 https://github.com/edgelesssys/constellation 2 https://github.com/cosmos/ethermint 2 https://github.com/vitessio/vitess 2 https://github.com/edgelesssys/marblerun 2 https://github.com/flynn/noise 2 https://github.com/fluid-cloudnative/fluid 2 https://github.com/flipped-aurora/gin-vue-admin 2 https://github.com/fleetdm/fleet 2 https://github.com/fkie-cad/yapscan 2 https://github.com/facebook/fbthrift 2 https://github.com/envoyproxy/envoy 2 https://github.com/heroiclabs/nakama 2 https://github.com/theupdateframework/go-tuf 2 https://github.com/buger/jsonparser 2 https://github.com/hashicorp/terraform 2 https://github.com/dvsekhvalnov/jose2go 2 https://github.com/cloudflare/circl 2 https://github.com/cloudflare/cloudflared 2 https://github.com/gphper/ginadmin 2 https://github.com/codenotary/immudb 2 https://github.com/ecnepsnai/web 2 https://github.com/Consensys/gnark-crypto 2 https://github.com/containers/libpod 2 https://github.com/woodpecker-ci/woodpecker 2 https://github.com/gotify/server 2 https://github.com/ulikunitz/xz 2 https://github.com/google/exposure-notifications-verification-server 2 https://github.com/unknwon/cae 2 https://github.com/elastic/beats 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/pires/go-proxyproto 2 https://github.com/multiversx/mx-chain-go 2 https://github.com/mutagen-io/mutagen 2 https://github.com/sigstore/rekor 2 https://github.com/supranational/blst 2 https://github.com/sajari/docconv 2 https://github.com/navidrome/navidrome 2 https://github.com/ntbosscher/gobase 2 https://github.com/pingcap/tidb 2 https://github.com/peterzen/goresolver 2 https://github.com/prometheus/prometheus 2 https://github.com/Netflix/security-bulletins 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/netlify/gotrue 2 https://github.com/stripe/smokescreen 2 https://github.com/owncast/owncast 2 https://github.com/notaryproject/notation 2 https://github.com/notaryproject/notation-go 2 https://github.com/quic-go/quic-go 2