Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Browse all Security Advisories for go

Loading...
High
GSA_kwCzR0hTQS1mZjVjLTkzOHctOGM5cc4AA8Eq
Grafana Escalation from admin to server admin when auth proxy is used
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qdjMyLTU1NzgtcHhqY84AA8Ep
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 6 months ago
High
GSA_kwCzR0hTQS1yaHhqLWdoNDYtanZ3OM4AA8Eo
Grafana Plugin signature bypass
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 6 months ago
High
GSA_kwCzR0hTQS1teDQ3LTY0OTctM2Z2Ms4AA8En
Grafana account takeover via OAuth vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02M2czLTlqcTMtbWNjds4AA8Em
Grafana API IDOR
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12dzdxLXAycWctNG01Zs4AA8El
Grafana Stored Cross-site Scripting in Unified Alerting
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14YzNwLTI4aHctcTI0Z84AA8Ek
Grafana proxy Cross-site Scripting
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 6 months ago
Low
GSA_kwCzR0hTQS04d2poLTU5Y3ctOXhoNM4AA8Ej
Grafana Forward OAuth Identity Token can allow users to access some data sources
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03NTMzLWM4cXYtam05bc4AA8Ei
Grafana directory traversal for .cvs files
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1tcHdwLTQyeDYtNHdteM4AA8Eh
Grafana Fine-grained access control vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 6 months ago
Low
GSA_kwCzR0hTQS1jOWNwLTljNzUtOXY4Y84AA8Eg
containerd started with non-empty inheritable Linux process capabilities
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1qajU0LTVxMm0tcTdwas4AA8Ef
NATS server TLS missing ciphersuite settings when CLI flags used
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1oZjU0LWZxMm0tcDl2Ns4AA8Eb
dotmesh arbitrary file read and/or write
Ecosystems: go
Packages: github.com/dotmesh-io/dotmesh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1qbXFwLTM3bTUtNDl3aM4AA8EQ
sshproxy vulnerable to SSH option injection
Ecosystems: go
Packages: github.com/cea-hpc/sshproxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS02d3ZmLWYydnctMzQyNc4AA78t
github.com/containers/image allows unexpected authenticated registry accesses
Ecosystems: go
Packages: github.com/containers/image/v5, github.com/containers/image
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 6 months ago
Low
GSA_kwCzR0hTQS03NXI2LTZqZzgtcGZjcc4AA74i
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Ecosystems: go
Packages: github.com/octo-sts/app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1qY3FxLWc2NHYtZ2NtN84AA74Z
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
Ecosystems: go
Packages: github.com/spacemeshos/api, github.com/spacemeshos/go-spacemesh
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mOGNoLXc3NXYtYzg0N84AA74N
1Panel arbitrary file write vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02NDl4LWh4ZngtNTdqMs4AA73H
Vitess vulnerable to infinite memory consumption and vtgate crash
Ecosystems: go
Packages: vitess.io/vitess, github.com/vitessio/vitess
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 7 months ago
Critical
GSA_kwCzR0hTQS14ZmpqLWY2OTktcmM3Oc4AA70K
tiagorlampert CHAOS vulnerable to arbitrary code execution
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS05YzV3LTlxM2YtM2h2N84AA70G
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS00eGM5LThobXEtajY1Ms4AA7xu
go-ethereum vulnerable to DoS via malicious p2p message
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zamdmLXI2OGgteGZxbc4AA7wZ
btcd susceptible to consensus failures
Ecosystems: go
Packages: github.com/btcsuite/btcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xcTIyLWpqOHgtNHd3ds4AA7v6
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 7 months ago
High
GSA_kwCzR0hTQS1ncW1mLWpxZ3Ytdjhmd84AA7v4
Pterodactyl Wings vulnerable to Arbitrary File Write/Read
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 7 months ago
High
GSA_kwCzR0hTQS02ZmcyLWh2ajktODMyZs4AA7vf
piraeus-operator allows attacker to impersonate service account
Ecosystems: go
Packages: github.com/piraeusdatastore/piraeus-operator/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12ODRoLTY1M3YtNHBxOc4AA7vR
Some CORS middleware allow untrusted origins
Ecosystems: go
Packages: github.com/jub0bs/fcors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12aHh2LWZnNG0tcDJ3OM4AA7vQ
Some CORS middleware allow untrusted origins
Ecosystems: go
Packages: github.com/jub0bs/cors
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS13Y2NnLXY2MzgtajlxMs4AA7iq
karmada vulnerable to arbitrary code execution via a crafted command
Ecosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00cTYzLW1yMm0tNTdoZs4AA7if
kubevirt allows a local attacker to execute arbitrary code via a crafted command
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xNXFqLXgyaDUtMzk0Nc4AA7eF
Zitadel exposing internal database user name and host information
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00anJ4LTV3NGgtM2dwbc4AA7co
Navidrome Parameter Tampering vulnerability
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0yY2dxLWg4eHctMnY1as4AA7Z-
CRI-O vulnerable to an arbitrary systemd property injection
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 months ago
High
GSA_kwCzR0hTQS02MzYyLWd2NG0tNTN3d84AA7Zm
Calico privilege escalation vulnerability
Ecosystems: go
Packages: github.com/projectcalico/calico
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 7 months ago
High
GSA_kwCzR0hTQS02cnF2LTVjZzctbTR4M84AA7ZT
Buffer Overflow vulnerability in osrg gobgp
Ecosystems: go
Packages: github.com/osrg/gobgp/v3
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05bTZwLXg0aDItNmZycc4AA7V4
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 7 months ago
Low
GSA_kwCzR0hTQS01Zmg3LTdtdzctbW14Nc4AA7VJ
Mattermost allows team admins to promote guests to team admins
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 7 months ago
Low
GSA_kwCzR0hTQS01cXg5LTlmZmotNXI4Zs4AA7VE
Mattermost fails to fully validate role changes
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 7 months ago
Low
GSA_kwCzR0hTQS1wMndxLTRnZ3AtNDVmM84AA7U_
Mattermost fails to limit the size of a request path
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12eDk3LThxOHEtcWdxNc4AA7VB
Mattermost's detailed error messages reveal the full file path
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13ajM3LW1wcTkteHJjbc4AA7VH
Mattermost fails to limit the number of active sessions
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04Zjk5LWcycGoteDh3M84AA7VG
Mattermost crashes web clients via a malformed custom status
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 months ago
High
GSA_kwCzR0hTQS03ajdqLTY2Y3YtbTIzOc4AA7UD
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tOXc2LXdwM2gtdnE4Z84AA7T7
CoreDNS may return invalid cache entries
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 7 months ago
High
GSA_kwCzR0hTQS14NW03LTYzYzYtZng3Oc4AA7T3
Cluster Monitoring Operator contains a credentials leak
Ecosystems: go
Packages: github.com/openshift/cluster-monitoring-operator
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jM3d2LXFtamotNDVyNs4AA7S8
Information disclosure in podman
Ecosystems: go
Packages: github.com/containers/podman/v2
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 7 months ago
High
GSA_kwCzR0hTQS02ZzU2LXY5cWctanA5Ms4AA7S7
Heketi Arbitrary Code Execution
Ecosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 7 months ago
High
GSA_kwCzR0hTQS1mOXhmLWpxNGotdnF3NM4AA7Sr
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 7 months ago
High
GSA_kwCzR0hTQS1wdnhqLTI1bTYtN3Zxcs4AA7Sq
Rancher Privilege escalation vulnerability via malicious "Connection" header
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 7 months ago
High
GSA_kwCzR0hTQS1ndmg5LXhncnEtcjhod84AA7Sp
Rancher's Steve API Component Improper authorization check allows privilege escalation
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 7 months ago
High
GSA_kwCzR0hTQS0yOGc3LTg5NmgtNjk1ds4AA7So
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1yN2g3LWNoaDQtNXJ2bc4AA7Sn
Improper Access Control in Gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 7 months ago
High
GSA_kwCzR0hTQS05ZjhjLXBmdnYtcDRnbc4AA7Sm
Buffer Overflow in gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 7 months ago
Critical
GSA_kwCzR0hTQS04MjhyLXIyYzgtcmZ3M84AA7Sl
Privilege Escalation in kubevirt
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yNzZnLWc4N2Ytdnc4Zs4AA7Sk
Kubelet Incorrect Privilege Assignment
Ecosystems: go
Packages: k8s.io/kubernetes/cmd/kubelet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01eGZnLXd2OTgtMjY0bc4AA7Sj
Sensitive Information leak via Log File in Kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01eDk2LWo3OTctNXFxd84AA7Si
Sensitive Information leak via Log File in Kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 7 months ago
High
GSA_kwCzR0hTQS1yMjNoLTNqbXctcTdocs4AA7Sh
Access Restriction Bypass in go-ipfs
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01NXFqLWdqM3gtanE5cs4AA7Sg
Denial of service in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes/pkg/kubelet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zM2M1LTlmeDUtZnZqbc4AA7Sf
Privilege Escalation in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes, k8s.io/apimachinery
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1tcTM1LXg5OXItNTRmY84AA7Se
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip)
Ecosystems: go
Packages: github.com/u-root/u-root/pkg/cpio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wcGY4LWhocHAtZjVoas4AA7QS
Hugo Markdown titles do not escaped in internal render hooks
Ecosystems: go
Packages: github.com/gohugoio/hugo
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 7 months ago
Low
GSA_kwCzR0hTQS1weGh3LTU5NnItcndxNc4AA7Ph
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 7 months ago
High
GSA_kwCzR0hTQS0zaDZjLWM0NzUtam03ds4AA7PT
Arbitrary Code Execution in Gitea
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0ybW03LXg1aDYtNXB2cc4AA7PS
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 7 months ago
Low
GSA_kwCzR0hTQS14ODgzLTJ2bWcteHdmN84AA7PJ
Authelia's Group Changes may not have the expected results (YAML file backend)
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jdnFyLW13aDYtMnZjNs4AA7OC
Apache Answer: XSS vulnerability when changing personal website
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS14ODRjLXAyZzktcnF2Oc4AA7ME
IPv6 enabled on IPv4-only network interfaces
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 7 months ago
Low
GSA_kwCzR0hTQS02bTloLTJwcjItOWo4Zs4AA7Lw
1Panel's password verification is suspected to have a timing attack vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1xNjRoLTM5aHYtNGNmN84AA7KO
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
Ecosystems: go
Packages: github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tOTljLXEyNnItbTdtN84AA7I6
Evmos vulnerable to unauthorized account creation with vesting module
Ecosystems: go
Packages: github.com/evmos/evmos/v13, github.com/evmos/evmos/v13/x/vesting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12NnJ3LWhoZ2ctd2M0eM4AA7I5
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Ecosystems: go
Packages: github.com/evmos/evmos/v11
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS04Y3BoLW02ODUtNnY2cs4AA7DZ
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yZ3Z3LXc2ZmotN20zY84AA7Bd
Argo CD's API server does not enforce project sourceNamespaces
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03ZjRqLTY0cDYtNWg1ds4AA7BQ
Traefik affected by HTTP/2 CONTINUATION flood in net/http
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1nOGZjLXZyY2ctOHZqZ84AA7BP
Constallation has pods exposed to peers in VPC
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS00dnd4LTU0bXctdnFmd84AA69W
Traefik vulnerable to denial of service with Content-length header
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nOXF4LTI1dmotcmY1M84AA69T
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Ecosystems: go
Packages: github.com/apache/solr-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jNXJ2LWhqamMtanY3bc4AA68X
tiagorlampert CHAOS vulnerable to Cross Site Scripting
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1wM2o2LWY0NWgtaHc1Zs4AA68J
tiagorlampert CHAOS vulnerable to command injections
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e
Cosign malicious artifacts can cause machine-wide DoS
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d
Cosign malicious attachments can cause system-wide denial of service
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
Low
GSA_kwCzR0hTQS1qODVxLTQ2aGctMzZwMs4AA658
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0zZnA1LTJ4d2gtZnhtNs4AA657
Evmos transaction execution not accounting for all state transition after interaction with precompiles
Ecosystems: go
Packages: github.com/tharsis/evmos/v5, github.com/tharsis/evmos/v4, github.com/tharsis/evmos/v3, github.com/tharsis/evmos/v2, github.com/tharsis/evmos, github.com/evmos/evmos/v5, github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v16
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS13eDQzLWc1NWctMmpmNM4AA64K
LocalAI Command Injection in audioToWav
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Ecosystems: go
Packages: github.com/kopia/kopia
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 7 months ago
High
GSA_kwCzR0hTQS1ndjN3LW01N3AtM3djNM4AA6wY
gin-vue-admin background arbitrary code coverage vulnerability
Ecosystems: go
Packages: github.com/flipped-aurora/gin-vue-admin/server
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1nZ3A1LTI4eDQteGNqOc4AA6wX
Minder GetRepositoryByName data leak
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS01ang1LWhxeDUtMnZyas4AA6uv
Ollama DNS rebinding vulnerability
Ecosystems: go
Packages: github.com/ollama/ollama
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yaGg0LXJoN2MtN3I1ds4AA6r1
Archiver Path Traversal vulnerability
Ecosystems: go
Packages: github.com/mholt/archiver, github.com/mholt/archiver/v3
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 8 months ago
High
GSA_kwCzR0hTQS02N3J2LXFwdzItNnFycs4AA6qo
Grafana: Users outside an organization can delete a snapshot with its key
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1qNDk2LWNyZ2gtMzRteM4AA6qW
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks
Ecosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v8, github.com/cosmos/ibc-go/v7, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v4
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00Njg1LTJ4NXItNjVwas4AA6qH
Pebble service manager's file pull API allows access by any user
Ecosystems: go
Packages: github.com/canonical/pebble
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tY3c2LTMyNTYtNjRnZ84AA6qB
Mattermost Server doesn't limit the number of user preferences
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13Njd2LXBoNHgtZjQ4cc4AA6p_
Mattermost Server Improper Access Control
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS13cDQzLXZwcmgtYzN3Nc4AA6qC
Mattermost fails to authenticate the source of certain types of post actions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS14cDlqLThwNjgtOXE5M84AA6p2
Mattermost Server Improper Access Control
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00djd4LXBxeGYtY3g3bc4AA6pf
net/http, x/net/http2: close connections when receiving too many headers
Ecosystems: go
Packages: golang.org/x/net, net/http, golang.org/x/net/http2
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qMnJwLWdtcXYtZnJods4AA6pX
HashiCorpVault does not correctly validate OCSP responses
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13bXhjLXYzOXItcDl3Zs4AA6nq
Temporal Server Denial of Service
Ecosystems: go
Packages: github.com/temporalio/temporal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 637
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
github.com/usememos/memos 64 github.com/mattermost/mattermost/server/v8 61 github.com/grafana/grafana 49 github.com/rancher/rancher 38 github.com/hashicorp/vault 37 github.com/mattermost/mattermost-server/v6 37 k8s.io/kubernetes 35 github.com/answerdev/answer 34 github.com/argoproj/argo-cd 31 github.com/hashicorp/consul 29 github.com/docker/docker 29 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 github.com/cilium/cilium 25 gogs.io/gogs 25 github.com/ethereum/go-ethereum 20 code.gitea.io/gitea 20 github.com/goharbor/harbor 19 github.com/traefik/traefik/v2 18 golang.org/x/net 18 helm.sh/helm/v3 17 github.com/zitadel/zitadel 16 github.com/containerd/containerd 14 github.com/nats-io/nats-server/v2 14 github.com/mattermost/mattermost-server 13 github.com/opencontainers/runc 13 github.com/openfga/openfga 12 github.com/go-gitea/gitea 12 github.com/1Panel-dev/1Panel 12 github.com/cloudflare/cfrpki 11 github.com/pomerium/pomerium 11 github.com/greenpau/caddy-security 10 github.com/traefik/traefik/v3 10 github.com/traefik/traefik 10 github.com/cri-o/cri-o 10 github.com/authzed/spicedb 9 golang.org/x/crypto 9 github.com/cosmos/cosmos-sdk 9 github.com/containers/podman/v4 9 github.com/kubernetes/kubernetes 9 github.com/sylabs/singularity 9 github.com/hashicorp/go-getter 8 github.com/pterodactyl/wings 8 go.etcd.io/etcd/v3 8 github.com/kubeedge/kubeedge 8 github.com/apache/incubator-answer 8 github.com/cometbft/cometbft 8 github.com/stacklok/minder 8 istio.io/istio 8 github.com/beego/beego/v2 8 github.com/google/fscrypt 7 github.com/casdoor/casdoor 7 helm.sh/helm 7 k8s.io/ingress-nginx 7 github.com/hyperledger/fabric 7 github.com/containers/buildah 7 github.com/beego/beego 7 github.com/moby/moby 7 github.com/coredns/coredns 6 github.com/gofiber/fiber/v2 6 kubevirt.io/kubevirt 6 github.com/sigstore/cosign 6 github.com/fluxcd/flux2 6 github.com/gravitl/netmaker 6 github.com/containers/podman/v3 6 github.com/cubefs/cubefs 6 github.com/pion/dtls 6 github.com/treeverse/lakefs 6 github.com/apache/trafficcontrol 6 github.com/kyverno/kyverno 6 github.com/consensys/gnark 6 github.com/containers/podman 5 github.com/0xJacky/Nginx-UI 5 github.com/russellhaering/goxmldsig 5 github.com/KubeOperator/kubepi 5 github.com/nats-io/jwt 5 github.com/mattermost/mattermost-server/v5 5 github.com/foxcpp/maddy 5 github.com/kiali/kiali 5 github.com/russellhaering/gosaml2 5 github.com/alist-org/alist/v3 5 github.com/IBAX-io/go-ibax 5 github.com/navidrome/navidrome 5 github.com/gin-gonic/gin 5 github.com/tendermint/tendermint 5 github.com/schollz/croc/v9 5 github.com/gophish/gophish 5 go.etcd.io/etcd 5 github.com/juju/juju 5 github.com/owncast/owncast 5 github.com/argoproj/argo-workflows/v3 5 github.com/ipfs/go-ipfs 5 github.com/open-policy-agent/opa 5 github.com/hashicorp/go-getter/v2 5 github.com/fluxcd/kustomize-controller 5 github.com/pion/dtls/v2 5 github.com/moby/buildkit 5 github.com/oauth2-proxy/oauth2-proxy 4 github.com/concourse/concourse 4 github.com/containers/podman/v2 4 golang.org/x/net/http2 4 github.com/projectcalico/calico 4 github.com/lightningnetwork/lnd 4 github.com/ollama/ollama 4 github.com/arduino/arduino-create-agent 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/dhowden/tag 4 github.com/snapcore/snapd 4 github.com/dexidp/dex 4 github.com/cortexproject/cortex 4 github.com/lestrrat-go/jwx 4 golang.org/x/image 4 github.com/lestrrat-go/jwx/v2 4 github.com/crewjam/saml 4 github.com/minio/minio 4 github.com/evmos/evmos/v13 4 github.com/evmos/evmos/v16 4 github.com/evmos/evmos/v11 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/git-lfs/git-lfs 4 github.com/ory/fosite 4 github.com/tidwall/gjson 4 github.com/evmos/evmos/v7 4 github.com/free5gc/free5gc 4 github.com/evmos/evmos/v6 4 github.com/layer5io/meshery 4 github.com/crossplane/crossplane 4 github.com/gogs/gogs 4 github.com/aws/aws-sdk-go 4 github.com/apache/servicecomb-service-center 3 github.com/docker/distribution 3 github.com/evmos/evmos/v10 3 github.com/artifacthub/hub 3 vitess.io/vitess 3 github.com/ory/oathkeeper 3 github.com/heketi/heketi 3 github.com/btcsuite/btcd 3 github.com/evmos/evmos/v12 3 github.com/syncthing/syncthing 3 github.com/AlexxIT/go2rtc 3 github.com/projectdiscovery/nuclei/v3 3 github.com/IceWhaleTech/CasaOS 3 github.com/containers/podman/v5 3 github.com/dutchcoders/transfer.sh 3 go.etcd.io/etcd/client/v3 3 github.com/evmos/evmos/v9 3 github.com/caddyserver/caddy 3 google.golang.org/grpc 3 github.com/evmos/evmos/v8 3 github.com/nats-io/nats-streaming-server 3 github.com/weaveworks/weave-gitops 3 github.com/CosmWasm/wasmd 3 github.com/tharsis/evmos 3 github.com/tiagorlampert/CHAOS 3 github.com/miekg/dns 3 github.com/flyteorg/flyteadmin 3 github.com/libp2p/go-libp2p 3 github.com/quic-go/quic-go 3 github.com/phachon/mm-wiki 3 github.com/authelia/authelia/v4 3 golang.org/x/text 3 github.com/notaryproject/notation 3 github.com/sigstore/cosign/v2 3 github.com/crypto-org-chain/cronos 3 github.com/square/go-jose 3 k8s.io/client-go 3 github.com/edgelesssys/constellation/v2 3 github.com/go-vela/server 3 github.com/hashicorp/boundary 3 github.com/zitadel/zitadel/v2 3 github.com/mholt/archiver 3 github.com/go-skynet/LocalAI 3 github.com/ElrondNetwork/elrond-go 3 github.com/AdguardTeam/AdGuardHome 3 github.com/cheqd/cheqd-node 3 github.com/gofiber/fiber 3 github.com/openshift/origin 3 github.com/evmos/evmos/v18 3 github.com/evmos/evmos/v14 3 github.com/evmos/evmos/v15 3 github.com/evmos/evmos/v17 3 github.com/fluxcd/helm-controller 3 gopkg.in/yaml.v2 3 github.com/metal3-io/baremetal-operator 2 tailscale.com 2 github.com/cosmos/ibc-go/v7 2 github.com/protocolbuffers/protobuf 2 google/protobuf 2 protobuf 2 github.com/kubernetes-sigs/image-builder 2 github.com/ntbosscher/gobase 2 Google.Protobuf 2 github.com/containers/image 2 github.com/ubuntu/authd 2 github.com/pydio/cells 2 sigs.k8s.io/secrets-store-csi-driver 2 github.com/minio/console 2 github.com/cloudflare/cloudflared 2 github.com/go-jose/go-jose/v3 2
Filter by Repository
https://github.com/usememos/memos 64 https://github.com/kubernetes/kubernetes 52 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 40 https://github.com/answerdev/answer 34 https://github.com/rancher/rancher 34 https://github.com/go-gitea/gitea 32 https://github.com/cilium/cilium 25 https://github.com/gogs/gogs 24 https://github.com/hashicorp/consul 22 https://github.com/zitadel/zitadel 19 https://github.com/goharbor/harbor 19 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/hashicorp/vault 17 https://github.com/moby/moby 17 https://github.com/ethereum/go-ethereum 16 https://github.com/etcd-io/etcd 16 https://github.com/mattermost/mattermost 16 https://github.com/hashicorp/nomad 14 https://github.com/containerd/containerd 14 https://github.com/golang/go 13 https://github.com/containers/podman 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/openfga/openfga 12 https://github.com/opencontainers/runc 12 https://github.com/cloudflare/cfrpki 11 https://github.com/pomerium/pomerium 11 https://github.com/nats-io/nats-server 11 https://github.com/greenpau/caddy-security 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/cri-o/cri-o 10 https://github.com/beego/beego 9 https://github.com/authzed/spicedb 9 https://github.com/hashicorp/go-getter 8 https://github.com/stacklok/minder 8 https://github.com/istio/istio 8 https://github.com/kubeedge/kubeedge 8 https://github.com/pterodactyl/wings 8 https://github.com/cometbft/cometbft 8 https://github.com/docker/docker 8 https://github.com/google/fscrypt 7 https://github.com/casdoor/casdoor 7 https://github.com/hpcng/singularity 7 https://github.com/hyperledger/fabric 7 https://github.com/containers/buildah 7 https://github.com/kubernetes/ingress-nginx 7 https://github.com/evmos/evmos 7 https://github.com/sigstore/cosign 6 https://github.com/schollz/croc 6 https://github.com/argoproj/argo-workflows 6 https://github.com/pion/dtls 6 https://github.com/Consensys/gnark 6 https://github.com/cubefs/cubefs 6 https://github.com/moby/buildkit 6 https://github.com/kyverno/kyverno 6 https://github.com/fluxcd/flux2 6 https://github.com/gofiber/fiber 6 https://github.com/treeverse/lakeFS 6 https://github.com/gravitl/netmaker 6 https://github.com/juju/juju 5 https://github.com/crewjam/saml 5 https://github.com/foxcpp/maddy 5 https://github.com/ipfs/go-ipfs 5 https://github.com/open-policy-agent/opa 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/free5gc/free5gc 5 https://github.com/gophish/gophish 5 https://github.com/0xJacky/nginx-ui 5 https://github.com/tendermint/tendermint 5 https://github.com/dhowden/tag 4 https://github.com/siderolabs/talos 4 https://github.com/dexidp/dex 4 https://github.com/kubevirt/kubevirt 4 https://github.com/crossplane/crossplane 4 https://github.com/lestrrat-go/jwx 4 https://github.com/arduino/arduino-create-agent 4 https://github.com/russellhaering/gosaml2 4 https://github.com/coredns/coredns 4 https://github.com/meshery/meshery 4 https://github.com/containous/traefik 4 https://github.com/minio/minio 4 https://github.com/woodpecker-ci/woodpecker 4 https://github.com/concourse/concourse 4 https://github.com/navidrome/navidrome 4 https://github.com/oauth2-proxy/oauth2-proxy 4 https://github.com/ollama/ollama 4 https://github.com/aws/aws-sdk-go 4 https://github.com/ory/fosite 4 https://github.com/owncast/owncast 4 https://github.com/projectdiscovery/nuclei 4 https://github.com/tidwall/gjson 4 https://github.com/git-lfs/git-lfs 4 https://github.com/grafana/bugbounty 4 https://github.com/alist-org/alist 4 https://github.com/gin-gonic/gin 4 https://github.com/IceWhaleTech/CasaOS-UserService 4 https://github.com/snapcore/snapd 4 https://github.com/flyteorg/flyteadmin 3 https://github.com/vitessio/vitess 3 https://github.com/nats-io/jwt 3 https://github.com/tailscale/tailscale 3 https://github.com/go-yaml/yaml 3 https://github.com/syncthing/syncthing 3 https://github.com/sylabs/singularity 3 https://github.com/go-vela/server 3 https://github.com/cheqd/cheqd-node 3 https://github.com/openshift/origin 3 https://github.com/open-telemetry/opentelemetry-go-contrib 3 https://github.com/ory/oathkeeper 3 https://github.com/caddyserver/caddy 3 https://github.com/gogits/gogs 3 https://github.com/phachon/mm-wiki 3 https://github.com/drakkan/sftpgo 3 https://github.com/kiali/kiali 3 https://github.com/dutchcoders/transfer.sh 3 https://github.com/edgelesssys/constellation 3 https://github.com/KubeOperator/KubePi 3 https://github.com/weaveworks/weave-gitops 3 https://github.com/kubernetes-sigs/secrets-store-csi-driver 3 https://github.com/theupdateframework/go-tuf 3 https://github.com/ElrondNetwork/elrond-go 3 https://github.com/ipfs/boxo 3 https://github.com/CosmWasm/wasmd 3 https://github.com/libp2p/go-libp2p 3 https://github.com/lightningnetwork/lnd 3 https://github.com/cortexproject/cortex 3 https://github.com/tiagorlampert/CHAOS 3 https://github.com/heketi/heketi 3 https://github.com/flipped-aurora/gin-vue-admin 3 https://github.com/moby/libnetwork 3 https://github.com/u-root/u-root 3 https://github.com/AlexxIT/go2rtc 3 https://github.com/square/go-jose 3 https://github.com/apache/trafficcontrol 3 https://github.com/quic-go/quic-go 3 https://github.com/artifacthub/hub 3 https://github.com/apache/incubator-answer 3 https://github.com/authelia/authelia 3 https://github.com/zalando/skipper 2 https://github.com/temporalio/temporal 2 https://github.com/containers/libpod 2 https://github.com/argoproj/argo-events 2 https://github.com/minio/console 2 https://github.com/fluid-cloudnative/fluid 2 https://github.com/miekg/dns 2 https://github.com/microcosm-cc/bluemonday 2 https://github.com/mickael-kerjean/filestash 2 https://github.com/spiffe/spire 2 https://github.com/rs/cors 2 https://github.com/mholt/archiver 2 https://github.com/metal3-io/baremetal-operator 2 https://github.com/fleetdm/fleet 2 https://github.com/containers/image 2 https://github.com/grpc/grpc-go 2 https://github.com/flynn/noise 2 https://github.com/AdguardTeam/AdGuardHome 2 https://github.com/Consensys/gnark-crypto 2 https://github.com/mudler/localai 2 https://github.com/multiversx/mx-chain-go 2 https://github.com/mutagen-io/mutagen 2 https://github.com/coder/coder 2 https://github.com/codenotary/immudb 2 https://github.com/rclone/rclone 2 https://github.com/rancher/wrangler 2 https://github.com/Netflix/security-bulletins 2 https://github.com/netlify/gotrue 2 https://github.com/ubuntu/authd 2 https://github.com/envoyproxy/envoy 2 https://github.com/crypto-org-chain/cronos 2 https://github.com/imgproxy/imgproxy 2 https://github.com/influxdata/influxdb 2 https://github.com/dapr/dapr 2 https://github.com/elastic/beats 2 https://github.com/ipld/go-codec-dagpb 2 https://github.com/kitabisa/teler-waf 2 https://github.com/kitabisa/teler 2 https://github.com/edgelesssys/marblerun 2 https://github.com/jackc/pgproto3 2 https://github.com/sigstore/gitsign 2 https://github.com/jackc/pgx 2 https://github.com/distribution/distribution 2 https://github.com/ecnepsnai/web 2 https://github.com/dvsekhvalnov/jose2go 2 https://github.com/fkie-cad/yapscan 2 https://github.com/hashicorp/terraform 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/runatlantis/atlantis 2 https://github.com/coreos/etcd 2 https://github.com/russellhaering/goxmldsig 2 https://github.com/Masterminds/goutils 2 https://github.com/cosmos/ethermint 2 https://github.com/cosmos/ibc-go 2 https://github.com/heroiclabs/nakama 2 https://github.com/facebook/fbthrift 2 https://github.com/sajari/docconv 2 https://github.com/apptainer/apptainer 2 https://github.com/labstack/echo 2 https://github.com/labring/sealos 2