Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
go Security Advisories
Loading...
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 months ago
GSA_kwCzR0hTQS13NDk2LWY1cXEtbTU4as4AA29F
Mattermost vulnerable to excessive memory consumptionEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/projectcalico/calico
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 6 months ago
GSA_kwCzR0hTQS01cjVoLXE5MzQtY2NjcM4AA29C
Calico Typha denial of service vulnerabilityEcosystems: go
Packages: github.com/projectcalico/calico
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago
GSA_kwCzR0hTQS14dnE2LWg4OTgtd2NqOM4AA29G
Mattermost denial of service vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/kubernetes-csi/csi-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1yNmNjLTd3ajctZ2Z4Ms4AA26g
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validationEcosystems: go
Packages: github.com/kubernetes-csi/csi-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 6 months ago
GSA_kwCzR0hTQS1qZzd3LWN4anYtOThjMs4AA21G
SpiceDB leaks information in log files when URI cannot be parsedEcosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 6 months ago
High
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
GSA_kwCzR0hTQS03ZnhtLWY0NzQtaGY4d84AA209
Kubernetes privilege escalation vulnerabilityEcosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
High
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
GSA_kwCzR0hTQS1xNzhjLWd3cXctamNtY84AA20_
Kubernetes privilege escalation vulnerabilityEcosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/nkeys
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: 6 months ago
GSA_kwCzR0hTQS1tcjQ1LXJ4OHEtd2NtOc4AA207
xkeys seal encryption used fixed key for all encryptionEcosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/nkeys
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1qcTM1LTg1Y2otZmo0cM4AA2xO
/sys/devices/virtual/powercap accessible by default to containersEcosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 6 months ago
GSA_kwCzR0hTQS0zcTZtLXY4NGYtNnA5aM4AA2xM
quic-go vulnerable to pointer dereference that can lead to panicEcosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 6 months ago
Moderate
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 6 months ago
GSA_kwCzR0hTQS0zNWM3LXczNWYteHdnaM4AA2xD
Kube-proxy may unintentionally forward trafficEcosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 6 months ago
Low
Ecosystems: go
Packages: github.com/hashicorp/vagrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS00N3h3LXZ3Nm0tdzlmcc4AA2wh
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerabilityEcosystems: go
Packages: github.com/hashicorp/vagrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 6 months ago
GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List FiltersEcosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us
Cosmos packet-forward-middleware vulnerable to chain-haltEcosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS01d2o0LXdmZnEtMzM3OM4AA2tO
Ingress nginx annotation injection causes arbitrary command executionEcosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1mcDlmLTQ0YzItY3cyN84AA2tB
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotationEcosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1ndnJtLXcyZjktZjc3cc4AA2sh
Ingress-nginx path sanitization can be bypassedEcosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 6 months ago
GSA_kwCzR0hTQS1tNDI1LW1xOTQtMjU3Z84AA2sQ
gRPC-Go HTTP/2 Rapid Reset vulnerabilityEcosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/jumpserver/koko
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS00cjV4LXgyODMtd205Ns4AA2oW
Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shellEcosystems: go
Packages: github.com/jumpserver/koko
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/free5gc/udm
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
GSA_kwCzR0hTQS1jcXZ2LXIzZzMtMjZyZs4AA2nX
free5GC udm vulnerable to Invalid Curve AttackEcosystems: go
Packages: github.com/free5gc/udm
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/ydb-platform/ydb-go-sdk/v3
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 6 months ago
GSA_kwCzR0hTQS1xMjRtLTZoMzgtNXhqOM4AA2kK
ydb-go-sdk token in custom credentials object can leak through logsEcosystems: go
Packages: github.com/ydb-platform/ydb-go-sdk/v3
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1obXE0LWMycjQtNXE4aM4AA2kJ
Artifact Hub arbitrary file read vulnerabilityEcosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI
Artifact Hub allows unsafe rego built-inEcosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1nNnBxLXg1MzktN3c0as4AA2kH
Artifact Hub has Incorrect Docker Hub registry checkEcosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1mcjJnLTloam0td3IyM84AA2kD
NATS.io: Adding accounts for just the system account adds auth bypassEcosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1ocjRmLTZqaDgtZjJ2cc4AA2i_
OpenFGA DoS vulnerabilityEcosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1tNWpjLXI0Z2YtYzZwOM4AA2i-
Arduino Create Agent path traversal - arbitrary file deletion vulnerabilityEcosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS03NWo3LXc3OTgtY3d3eM4AA2i9
Arduino Create Agent path traversal - local privilege escalation vulnerabilityEcosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1tanE2LXB2OWMtcXBwcc4AA2i8
Arduino Create Agent path traversal - arbitrary file deletion vulnerabilityEcosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS00eDVxLXE3d2MtcTIycM4AA2i7
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerabilityEcosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago
GSA_kwCzR0hTQS12OWpoLWo4cHgtOTh2cc4AA2iM
go-ethereum vulnerable to denial of service via crafted GraphQL queryEcosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago
Critical
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS03cDkyLXg0MjMtdndqNs4AA2gZ
Plonk verifier KZG multi point verificationEcosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 6 months ago
GSA_kwCzR0hTQS0yNjd2LTN2MzItZzZxNc4AA2gX
Cross-site Scripting via missing Binding syntax validationEcosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/kumahq/kuma
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
GSA_kwCzR0hTQS05d21jLXJnNGgtMjh3ds4AA2gR
github.com/kumahq/kuma affected by CVE-2023-44487Ecosystems: go
Packages: github.com/kumahq/kuma
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
High
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 6 months ago
GSA_kwCzR0hTQS1tdjczLWY2OXgtNDQ0cM4AA2gQ
Go Fiber CSRF Token Validation VulnerabilityEcosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 6 months ago
Critical
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 6 months ago
GSA_kwCzR0hTQS05NHc5LTk3cDMtcDM2OM4AA2gP
CSRF Token Reuse VulnerabilityEcosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 6 months ago
Moderate
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS03djRwLTMyOHYtOHY1Z84AA2fi
Traefik vulnerable to HTTP/2 request causing denial of serviceEcosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace, go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron, go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho, go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 7 months ago
GSA_kwCzR0hTQS1yY2p2LW1ncDgtcXZtcs4AA2eX
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metricsEcosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace, go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron, go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho, go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/grafana/google-sheets-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS0zN3g1LXFwbTgtNTNycc4AA2eH
Google Sheets data source plugin for Grafana information disclosure vulnerabilityEcosystems: go
Packages: github.com/grafana/google-sheets-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago
GSA_kwCzR0hTQS1mdzljLTc1aGgtODlwNs4AA2ds
Grafana privilege escalation vulnerabilityEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago
High
Ecosystems: go
Packages: k8s.io/kops
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 7 months ago
GSA_kwCzR0hTQS04Z3dqLW02dmgtMmc2as4AA2Zu
kOps privilege escalation vulnerabilityEcosystems: go
Packages: k8s.io/kops
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 7 months ago
High
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago
GSA_kwCzR0hTQS00Mzc0LXA2NjctcDZjOM4AA2ZJ
HTTP/2 rapid reset can cause excessive work in net/httpEcosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS12NjgzLXJjeHgtdnBmZs4AA2X6
ZITADEL's password reset does not respect the "Ignoring unknown usernames" settingEcosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 7 months ago
GSA_kwCzR0hTQS1tcTZmLTV4aDUtaGdjZs4AA2X3
Harbor timing attack riskEcosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 7 months ago
Moderate
Ecosystems: maven, swift, go
Packages: com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: 7 months ago
GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2
HTTP/2 Stream Cancellation AttackEcosystems: maven, swift, go
Packages: com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/nghttp2/nghttp2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS12eDc0LWY1MjgtZnhxZ84AA2Va
github.com/nghttp2/nghttp2 has HTTP/2 Rapid ResetEcosystems: go
Packages: github.com/nghttp2/nghttp2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
Ecosystems: go
Packages: github.com/neuvector/neuvector
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS02MjJoLWgycDgtNzQzeM4AA2R2
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)Ecosystems: go
Packages: github.com/neuvector/neuvector
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
Ecosystems: go
Packages: github.com/consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS1wZmZnLTkyY2cteGY1Y84AA2Qs
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect resultsEcosystems: go
Packages: github.com/consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 7 months ago
GSA_kwCzR0hTQS00OTh3LTVqNDktdnFqZ84AA2PN
gnark unsoundness in variable comparison / non-unique binary decompositionEcosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/charmbracelet/soft-serve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS1tYzk3LTk5ajQtdm0yds4AA2MF
Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is EnabledEcosystems: go
Packages: github.com/charmbracelet/soft-serve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participationEcosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago
GSA_kwCzR0hTQS05aHdwLWNqN20td2p3NM4AA2I2
Mattermost Incorrect Authorization vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 7 months ago
GSA_kwCzR0hTQS1ycDY1LWpwYzctOGg4cM4AA2I7
Mattermost Incorrect Authorization vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 7 months ago
GSA_kwCzR0hTQS1oNjl2LW12aDktaGZycc4AA2I8
Mattermost Incorrect Authorization vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago
GSA_kwCzR0hTQS0zM3I3LXdqZmMtN3c5OM4AA2Iz
Mattermost Uncontrolled Resource Consumption vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 7 months ago
GSA_kwCzR0hTQS1oOHdoLWY3Z3ctZndwcs4AA2I9
Mattermost Incorrect Authorization vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: 7 months ago
GSA_kwCzR0hTQS04NmM2LTNnNjMtNXc2NM4AA2Id
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerabilityEcosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS0yaG05LWg4NzMtcGdxaM4AA2IH
OpenFGA Vulnerable to DoS from circular relationship definitionsEcosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
Ecosystems: go
Packages: github.com/Consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS05eGZxLThqM3IteHA1Z84AA2Hb
Consensys gnark-crypto allows Signature MalleabilityEcosystems: go
Packages: github.com/Consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago
GSA_kwCzR0hTQS02anF3LWp3ZjUtcnA4aM4AA2HB
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-serverEcosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 7 months ago
GSA_kwCzR0hTQS00eHAyLXc2NDItN21jeM4AA2C6
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicyEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 7 months ago
Low
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 7 months ago
GSA_kwCzR0hTQS0yNG01LXI2aHYtY2NncM4AA2C5
Specific Cilium configurations vulnerable to DoS via Kubernetes annotationsEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 7 months ago
Critical
Ecosystems: go
Packages: github.com/sagernet/sing, github.com/sagernet/sing-box
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago
GSA_kwCzR0hTQS1yNWhtLW1wM2otMjg1Z84AA2C4
sing-box vulnerable to improper authentication in the SOCKS inboundEcosystems: go
Packages: github.com/sagernet/sing, github.com/sagernet/sing-box
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago
GSA_kwCzR0hTQS1najJyLXBod2ctNnJ3d84AA2C0
Kubernetes users may update Pod labels to bypass network policyEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago
High
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago
GSA_kwCzR0hTQS12Znc1LWhyZ3EtaDV3Zs4AA2Bv
x/net/html Vulnerable to DoS During HTML ParsingEcosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/openshift/apiserver-library-go
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 7 months ago
GSA_kwCzR0hTQS05Mmh4LTNtaDYtaGM0Oc4AA2A6
kube-apiserver authentication bypass vulnerabilityEcosystems: go
Packages: github.com/openshift/apiserver-library-go
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 7 months ago
GSA_kwCzR0hTQS02ZjRtLWo1NnctNTVjM84AA2A3
Kiali content spoofing vulnerabilityEcosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 7 months ago
GSA_kwCzR0hTQS1tOXhxLTZoMmotNjVyMs4AA2Ar
Markdown vulnerable to Out-of-bounds Read while parsing citationsEcosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/contribsys/faktory
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 7 months ago
GSA_kwCzR0hTQS14NGhoLXZqbTctZzJqds4AA1-x
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user inputEcosystems: go
Packages: github.com/contribsys/faktory
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 7 months ago
GSA_kwCzR0hTQS03ZzN2LTRnZ3IteHZqZs4AA19a
Croc may expose secret to local usersEcosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
GSA_kwCzR0hTQS0zNjRjLXZ2cXgtNDQ2Y84AA19Z
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal deviceEcosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 7 months ago
GSA_kwCzR0hTQS03bXA2LTkyOXAtcHFoas4AA19V
Croc requires senders to provide local IP addresses in cleartextEcosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
GSA_kwCzR0hTQS1wcGpoLXhwNXYtNDZ3Y84AA19W
Croc sender may send dangerous new files to receiverEcosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/schollz/croc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS04Yzh3LWY3d3AtMmpyMs4AA19Y
Sender can cause a receiver to overwrite files during ZIP extraction in CrocEcosystems: go
Packages: github.com/schollz/croc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 7 months ago
GSA_kwCzR0hTQS1ocDU2LXh2ZjQtZzZ3cs4AA19U
Cros secrets may be disclosed to untrusted relayEcosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 7 months ago
Critical
Ecosystems: go
Packages: github.com/nats-io/nats-server
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 7 months ago
GSA_kwCzR0hTQS12cGpjLTRqY3YtamMyOc4AA17t
NATS nats-server allows directory traversal via unintended path to a management actionEcosystems: go
Packages: github.com/nats-io/nats-server
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 7 months ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS0yZzdyLTl4cTUtYzZods4AA167
Cross-Site Request Forgery (CSRF) in usememos/memosEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 8 months ago
GSA_kwCzR0hTQS12ODRmLTZyMzktY3BmY84AA14s
HashiCorp Vault Improper Input Validation vulnerabilityEcosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 8 months ago
High
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTableEcosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/rancher/rke2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 8 months ago
GSA_kwCzR0hTQS1wNDVqLXZmdjUtd3Bycc4AA1yy
RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attackEcosystems: go
Packages: github.com/rancher/rke2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/k3s-io/k3s
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 8 months ago
GSA_kwCzR0hTQS1tNGhmLTZ2Z3ItNzVyMs4AA1yx
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attackEcosystems: go
Packages: github.com/k3s-io/k3s
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 8 months ago
GSA_kwCzR0hTQS1nNjg3LWYyZ3gtNndtOM4AA1yw
Argo CD repo-server Denial of Service vulnerabilityEcosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 8 months ago
Critical
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 8 months ago
GSA_kwCzR0hTQS1md3IyLTY0dnIteHY5bc4AA1yv
Argo CD cluster secret might leak in cluster details pageEcosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/hashicorp/terraform
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 8 months ago
GSA_kwCzR0hTQS1oNjI2LXB2NjYtaGhtN84AA1xR
Terraform allows arbitrary file write during the `init` operationEcosystems: go
Packages: github.com/hashicorp/terraform
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 8 months ago
GSA_kwCzR0hTQS0zcTVwLTM1NTgtMzY0Zs4AA1xI
Fiber unauthorized access vulnerability in `ctx.IsFromLocal()`Ecosystems: go
Packages: github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/turt2live/matrix-media-repo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS01Y3J3LTZqN3YteGM3Ms4AA1xH
matrix-media-repo: Unsafe media served inline on download endpointsEcosystems: go
Packages: github.com/turt2live/matrix-media-repo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/cyphar/filepath-securejoin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS02eHY1LTg2cTktN3hyOM4AA1v8
SecureJoin: on windows, paths outside of the rootfs could be inadvertently producedEcosystems: go
Packages: github.com/cyphar/filepath-securejoin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS1wajJoLTg1anEtZzV2Z84AA1v1
Answer Missing Authentication for Critical FunctionEcosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS0yM3B4LW13MnAtNDZxbc4AA1vh
Cosmos-SDK Cosmovisor component may be vulnerable to denial of serviceEcosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 8 months ago
GSA_kwCzR0hTQS1wcGpnLXY5NzQtODRjbc4AA1ve
Go-Ethereum vulnerable to denial of service via malicious p2p messageEcosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 8 months ago
GSA_kwCzR0hTQS13MjNxLTRodzMtMnBwNs4AA1vd
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulationEcosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 8 months ago
GSA_kwCzR0hTQS0ycHh3LXI0N3ctNHA4Y84AA1sg
Privilege Escalation on Linux/MacOSEcosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 8 months ago
Moderate
Ecosystems: go
Packages: simonwaldherr.de/go/zplgfa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS14Z21tLTN2dnItNmM4as4AA1rU
Index out of bounds leading to crashEcosystems: go
Packages: simonwaldherr.de/go/zplgfa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: go
Packages: github.com/disintegration/imaging
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS1xN3BwLXdjZ3ItcGZmeM4AA1rS
Crash when processing crafted TIFF filesEcosystems: go
Packages: github.com/disintegration/imaging
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
Ecosystems: go
Packages: github.com/bnb-chain/tss-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS1oMjRjLTZwNnAtbTN2eM4AA1oF
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduliEcosystems: go
Packages: github.com/bnb-chain/tss-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS01ajZwLTU5Y2otajZjcM4AA1nE
usememos/memos vulnerable to privilege escalationEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS1qMmdqLWczcDktN21ycs4AA1nC
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memosEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS05NmdxLTZjaDUtbW01NM4AA1nF
usememos/memos vulnerable to improper input validationEcosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
Ecosystems: go
Packages: github.com/spinnaker/spinnaker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS1ycTVjLWh2dzYtOHByN84AA1i8
Improper log output when using GitHub Status Notifications in spinnakerEcosystems: go
Packages: github.com/spinnaker/spinnaker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
Ecosystems: go
Packages: github.com/ansible-semaphore/semaphore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS0zcjMyLWNwN3YtNXdxNM4AA1iW
Code injection in ansible semaphoreEcosystems: go
Packages: github.com/ansible-semaphore/semaphore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Statistics
Advisories: 18,152
Packages: 8,242
Repositories: 534
Ecosystems: 12
Packages: 8,242
Repositories: 534
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
github.com/usememos/memos
59
github.com/mattermost/mattermost/server/v8
38
github.com/mattermost/mattermost-server/v6
37
github.com/answerdev/answer
34
k8s.io/kubernetes
32
github.com/argoproj/argo-cd
29
github.com/hashicorp/vault
28
github.com/grafana/grafana
28
github.com/rancher/rancher
28
github.com/hashicorp/nomad
26
github.com/hashicorp/consul
26
gogs.io/gogs
24
github.com/argoproj/argo-cd/v2
23
github.com/cilium/cilium
20
github.com/ethereum/go-ethereum
19
github.com/docker/docker
19
code.gitea.io/gitea
19
helm.sh/helm/v3
18
golang.org/x/net
17
github.com/goharbor/harbor
15
github.com/opencontainers/runc
13
github.com/mattermost/mattermost-server
13
github.com/containerd/containerd
13
github.com/traefik/traefik/v2
13
github.com/nats-io/nats-server/v2
13
github.com/moby/moby
12
github.com/go-gitea/gitea
12
github.com/cloudflare/cfrpki
11
github.com/openfga/openfga
11
github.com/1Panel-dev/1Panel
10
github.com/cosmos/cosmos-sdk
10
github.com/greenpau/caddy-security
10
github.com/zitadel/zitadel
10
github.com/sylabs/singularity
9
github.com/kubernetes/kubernetes
9
golang.org/x/crypto
9
istio.io/istio
8
github.com/containers/podman/v4
8
github.com/kubeedge/kubeedge
8
go.etcd.io/etcd
8
github.com/cri-o/cri-o
8
github.com/pomerium/pomerium
8
github.com/nats-io/jwt
7
github.com/google/fscrypt
7
helm.sh/helm
7
k8s.io/ingress-nginx
7
github.com/traefik/traefik
7
github.com/beego/beego
7
github.com/hashicorp/go-getter
7
github.com/fluxcd/flux2
6
github.com/pion/dtls
6
github.com/beego/beego/v2
6
github.com/hyperledger/fabric
6
github.com/russellhaering/goxmldsig
6
github.com/russellhaering/gosaml2
6
github.com/pterodactyl/wings
6
github.com/apache/trafficcontrol
6
github.com/gravitl/netmaker
6
github.com/authzed/spicedb
6
github.com/sigstore/cosign
6
github.com/cubefs/cubefs
6
github.com/treeverse/lakefs
6
github.com/KubeOperator/kubepi
5
github.com/traefik/traefik/v3
5
github.com/schollz/croc/v9
5
github.com/pion/dtls/v2
5
github.com/IBAX-io/go-ibax
5
github.com/containers/buildah
5
github.com/ipfs/go-ipfs
5
github.com/mattermost/mattermost-server/v5
5
github.com/kyverno/kyverno
5
github.com/cometbft/cometbft
5
github.com/0xJacky/Nginx-UI
5
github.com/gophish/gophish
5
kubevirt.io/kubevirt
5
github.com/kiali/kiali
5
go.etcd.io/etcd/v3
5
github.com/foxcpp/maddy
5
github.com/hashicorp/go-getter/v2
5
github.com/gofiber/fiber/v2
5
github.com/fluxcd/kustomize-controller
5
github.com/moby/buildkit
5
github.com/tidwall/gjson
5
github.com/apache/incubator-answer
5
github.com/tendermint/tendermint
5
github.com/alist-org/alist/v3
4
github.com/hashicorp/go-getter/s3/v2
4
github.com/lestrrat-go/jwx
4
github.com/hashicorp/go-getter/gcs/v2
4
github.com/argoproj/argo-workflows/v3
4
github.com/git-lfs/git-lfs
4
github.com/lestrrat-go/jwx/v2
4
github.com/ory/fosite
4
github.com/dexidp/dex
4
github.com/oauth2-proxy/oauth2-proxy
4
github.com/containers/podman/v3
4
github.com/concourse/concourse
4
github.com/casdoor/casdoor
4
github.com/free5gc/free5gc
4
golang.org/x/net/http2
4
github.com/aws/aws-sdk-go
4
github.com/crewjam/saml
4
github.com/arduino/arduino-create-agent
4
github.com/dhowden/tag
4
github.com/IceWhaleTech/CasaOS-UserService
4
github.com/gin-gonic/gin
4
github.com/open-policy-agent/opa
4
github.com/caddyserver/caddy
4
github.com/projectcalico/calico
3
github.com/consensys/gnark
3
golang.org/x/text
3
github.com/minio/minio
3
github.com/mholt/archiver
3
github.com/dutchcoders/transfer.sh
3
github.com/fluxcd/helm-controller
3
github.com/notaryproject/notation
3
github.com/sigstore/cosign/v2
3
github.com/flyteorg/flyteadmin
3
go.etcd.io/etcd/client/v3
3
github.com/nats-io/jwt/v2
3
gopkg.in/yaml.v2
3
github.com/apache/servicecomb-service-center
3
github.com/heketi/heketi
3
github.com/docker/distribution
3
github.com/libp2p/go-libp2p
3
github.com/hashicorp/vault/vault
3
github.com/quic-go/quic-go
3
github.com/miekg/dns
3
github.com/syncthing/syncthing
3
github.com/cheqd/cheqd-node
3
github.com/coredns/coredns
3
github.com/ElrondNetwork/elrond-go
3
k8s.io/client-go
3
github.com/owncast/owncast
3
github.com/hashicorp/boundary
3
github.com/go-vela/server
3
github.com/weaveworks/weave-gitops
3
golang.org/x/image
3
github.com/ory/oathkeeper
3
github.com/lightningnetwork/lnd
3
github.com/stacklok/minder
3
github.com/edgelesssys/constellation/v2
3
github.com/square/go-jose
3
github.com/openshift/origin
3
github.com/cortexproject/cortex
3
github.com/crypto-org-chain/cronos
3
github.com/phachon/mm-wiki
3
github.com/authelia/authelia/v4
3
github.com/crossplane/crossplane
3
github.com/jackc/pgx/v4
3
github.com/artifacthub/hub
3
github.com/tharsis/evmos
3
github.com/jackc/pgx
2
github.com/clastix/capsule-proxy
2
github.com/etcd-io/etcd
2
github.com/netlify/gotrue
2
github.com/pires/go-proxyproto
2
github.com/jackc/pgproto3
2
github.com/mutagen-io/mutagen
2
github.com/zalando/skipper
2
vitess.io/vitess
2
github.com/jackc/pgproto3/v2
2
github.com/cloudflare/circl
2
github.com/pydio/cells
2
github.com/fluid-cloudnative/fluid
2
github.com/go-yaml/yaml
2
github.com/openshift/apiserver-library-go
2
github.com/ansible-semaphore/semaphore
2
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
2
github.com/protocolbuffers/protobuf
2
github.com/edgexfoundry/app-functions-sdk-go/v2
2
github.com/zinclabs/zinc
2
github.com/zincsearch/zincsearch
2
github.com/unknwon/cae
2
github.com/ntbosscher/gobase
2
github.com/jackc/pgx/v5
2
mellium.im/xmpp
2
github.com/talos-systems/talos
2
github.com/bytebase/bytebase
2
github.com/Masterminds/goutils
2
sigs.k8s.io/secrets-store-csi-driver
2
github.com/rancher/wrangler
2
github.com/apache/thrift
2
github.com/codenotary/immudb
2
github.com/kata-containers/runtime
2
github.com/containers/podman/v2
2
github.com/nats-io/nats-streaming-server
2
github.com/gohugoio/hugo
2
github.com/buildkite/elastic-ci-stack-for-aws/v6
2
github.com/siderolabs/talos
2
github.com/notaryproject/notation-go
2
github.com/kitabisa/teler-waf
2
github.com/IceWhaleTech/CasaOS
2
github.com/ulikunitz/xz
2
protobuf
2
github.com/sigstore/rekor
2
github.com/gphper/ginadmin
2
github.com/labring/sealos
2
github.com/labstack/echo/v4
2
github.com/theupdateframework/go-tuf
2
Filter by Repository
https://github.com/usememos/memos
59
https://github.com/kubernetes/kubernetes
48
https://github.com/argoproj/argo-cd
37
https://github.com/answerdev/answer
34
https://github.com/go-gitea/gitea
31
https://github.com/rancher/rancher
25
https://github.com/grafana/grafana
21
https://github.com/cilium/cilium
20
https://github.com/gogs/gogs
20
https://github.com/hashicorp/consul
19
https://github.com/helm/helm
19
https://github.com/hashicorp/vault
16
https://github.com/etcd-io/etcd
16
https://github.com/goharbor/harbor
15
https://github.com/ethereum/go-ethereum
15
https://github.com/mattermost/mattermost
14
https://github.com/moby/moby
14
https://github.com/traefik/traefik
13
https://github.com/hashicorp/nomad
13
https://github.com/containerd/containerd
13
https://github.com/golang/go
13
https://github.com/opencontainers/runc
11
https://github.com/openfga/openfga
11
https://github.com/containers/podman
11
https://github.com/cloudflare/cfrpki
11
https://github.com/nats-io/nats-server
10
https://github.com/zitadel/zitadel
10
https://github.com/cosmos/cosmos-sdk
10
https://github.com/1Panel-dev/1Panel
10
https://github.com/greenpau/caddy-security
10
https://github.com/cri-o/cri-o
9
https://github.com/istio/istio
8
https://github.com/kubeedge/kubeedge
8
https://github.com/pomerium/pomerium
8
https://github.com/docker/docker
8
https://github.com/kubernetes/ingress-nginx
7
https://github.com/beego/beego
7
https://github.com/hashicorp/go-getter
7
https://github.com/google/fscrypt
7
https://github.com/hpcng/singularity
7
https://github.com/pterodactyl/wings
6
https://github.com/schollz/croc
6
https://github.com/sigstore/cosign
6
https://github.com/pion/dtls
6
https://github.com/moby/buildkit
6
https://github.com/hyperledger/fabric
6
https://github.com/treeverse/lakeFS
6
https://github.com/gravitl/netmaker
6
https://github.com/authzed/spicedb
6
https://github.com/containers/buildah
6
https://github.com/fluxcd/flux2
6
https://github.com/cubefs/cubefs
6
https://github.com/0xJacky/nginx-ui
5
https://github.com/argoproj/argo-workflows
5
https://github.com/russellhaering/gosaml2
5
https://github.com/cometbft/cometbft
5
https://github.com/crewjam/saml
5
https://github.com/foxcpp/maddy
5
https://github.com/free5gc/free5gc
5
https://github.com/gofiber/fiber
5
https://github.com/gophish/gophish
5
https://github.com/kyverno/kyverno
5
https://github.com/IBAX-io/go-ibax
5
https://github.com/ipfs/go-ipfs
5
https://github.com/tidwall/gjson
5
https://github.com/tendermint/tendermint
5
https://github.com/ory/fosite
4
https://github.com/containous/traefik
4
https://github.com/concourse/concourse
4
https://github.com/open-policy-agent/opa
4
https://github.com/grafana/bugbounty
4
https://github.com/casdoor/casdoor
4
https://github.com/caddyserver/caddy
4
https://github.com/IceWhaleTech/CasaOS-UserService
4
https://github.com/oauth2-proxy/oauth2-proxy
4
https://github.com/git-lfs/git-lfs
4
https://github.com/siderolabs/talos
4
https://github.com/dhowden/tag
4
https://github.com/lestrrat-go/jwx
4
https://github.com/dexidp/dex
4
https://github.com/arduino/arduino-create-agent
4
https://github.com/nats-io/jwt
4
https://github.com/kubevirt/kubevirt
4
https://github.com/gin-gonic/gin
4
https://github.com/aws/aws-sdk-go
4
https://github.com/flipped-aurora/gin-vue-admin
3
https://github.com/gogits/gogs
3
https://github.com/phachon/mm-wiki
3
https://github.com/flyteorg/flyteadmin
3
https://github.com/u-root/u-root
3
https://github.com/evmos/evmos
3
https://github.com/ory/oathkeeper
3
https://github.com/ElrondNetwork/elrond-go
3
https://github.com/edgelesssys/constellation
3
https://github.com/open-telemetry/opentelemetry-go-contrib
3
https://github.com/openshift/origin
3
https://github.com/go-vela/server
3
https://github.com/go-yaml/yaml
3
https://github.com/heketi/heketi
3
https://github.com/ipfs/boxo
3
https://github.com/kiali/kiali
3
https://github.com/KubeOperator/KubePi
3
https://github.com/tailscale/tailscale
3
https://github.com/kubernetes-sigs/secrets-store-csi-driver
3
https://github.com/syncthing/syncthing
3
https://github.com/libp2p/go-libp2p
3
https://github.com/sylabs/singularity
3
https://github.com/moby/libnetwork
3
https://github.com/minio/minio
3
https://github.com/square/go-jose
3
https://github.com/alist-org/alist
3
https://github.com/apache/trafficcontrol
3
https://github.com/artifacthub/hub
3
https://github.com/authelia/authelia
3
https://github.com/stacklok/minder
3
https://github.com/cheqd/cheqd-node
3
https://github.com/Consensys/gnark
3
https://github.com/cortexproject/cortex
3
https://github.com/weaveworks/weave-gitops
3
https://github.com/crossplane/crossplane
3
https://github.com/quic-go/quic-go
3
https://github.com/dutchcoders/transfer.sh
3
https://github.com/argoproj/argo-events
2
https://github.com/edgelesssys/marblerun
2
https://github.com/atredispartners/advisories
2
https://github.com/elastic/beats
2
https://github.com/temporalio/temporal
2
https://github.com/kitabisa/teler-waf
2
https://github.com/kitabisa/teler
2
https://github.com/bitly/oauth2_proxy
2
https://github.com/jackc/pgproto3
2
https://github.com/ipld/go-codec-dagpb
2
https://github.com/bottlerocket-os/bottlerocket
2
https://github.com/brokercap/Bifrost
2
https://github.com/influxdata/influxdb
2
https://github.com/buger/jsonparser
2
https://github.com/imgproxy/imgproxy
2
https://github.com/bytebase/bytebase
2
https://github.com/zalando/skipper
2
https://github.com/apptainer/apptainer
2
https://github.com/labring/sealos
2
https://github.com/labstack/echo
2
https://github.com/ecnepsnai/web
2
https://github.com/lightningnetwork/lnd
2
https://github.com/Masterminds/goutils
2
https://github.com/1Panel-dev/KubePi
2
https://github.com/mattermost/mattermost-plugin-jira
2
https://github.com/mellium/xmpp
2
https://github.com/mholt/archiver
2
https://github.com/microcosm-cc/bluemonday
2
https://github.com/miekg/dns
2
https://github.com/zinclabs/zinc
2
https://github.com/minio/console
2
https://github.com/woodpecker-ci/woodpecker
2
https://github.com/google/exposure-notifications-verification-server
2
https://github.com/coredns/coredns
2
https://github.com/unknwon/cae
2
https://github.com/golang/crypto
2
https://github.com/go-jose/go-jose
2
https://github.com/gohugoio/hugo
2
https://github.com/coreos/etcd
2
https://github.com/facebook/fbthrift
2
https://github.com/cosmos/ethermint
2
https://github.com/go-git/go-git
2
https://github.com/fkie-cad/yapscan
2
https://github.com/fleetdm/fleet
2
https://github.com/vitessio/vitess
2
https://github.com/crypto-org-chain/cronos
2
https://github.com/flynn/noise
2
https://github.com/dvsekhvalnov/jose2go
2
https://github.com/IceWhaleTech/CasaOS
2
https://github.com/theupdateframework/go-tuf
2
https://github.com/heroiclabs/nakama
2
https://github.com/drakkan/sftpgo
2
https://github.com/hashicorp/terraform
2
https://github.com/envoyproxy/envoy
2
https://github.com/cloudflare/circl
2
https://github.com/cloudflare/cloudflared
2
https://github.com/gphper/ginadmin
2
https://github.com/codenotary/immudb
2
https://github.com/distribution/distribution
2
https://github.com/Consensys/gnark-crypto
2
https://github.com/gotify/server
2
https://github.com/ulikunitz/xz
2
https://github.com/containers/libpod
2
https://github.com/fluid-cloudnative/fluid
2
https://github.com/russellhaering/goxmldsig
2
https://github.com/Netflix/security-bulletins
2
https://github.com/projectdiscovery/nuclei
2
https://github.com/ntbosscher/gobase
2
https://github.com/stripe/smokescreen
2
https://github.com/pingcap/tidb
2
https://github.com/peterzen/goresolver
2
https://github.com/sigstore/rekor
2
https://github.com/multiversx/mx-chain-go
2
https://github.com/mutagen-io/mutagen
2
https://github.com/notaryproject/notation
2
https://github.com/openshift/apiserver-library-go
2
https://github.com/swaggo/http-swagger
2