Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Moderate

GSA_kwCzR0hTQS13NDk2LWY1cXEtbTU4as4AA29F

Mattermost vulnerable to excessive memory consumption
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 months ago

High

GSA_kwCzR0hTQS01cjVoLXE5MzQtY2NjcM4AA29C

Calico Typha denial of service vulnerability
Ecosystems: go
Packages: github.com/projectcalico/calico
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS14dnE2LWg4OTgtd2NqOM4AA29G

Mattermost denial of service vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago

High

GSA_kwCzR0hTQS1yNmNjLTd3ajctZ2Z4Ms4AA26g

Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
Ecosystems: go
Packages: github.com/kubernetes-csi/csi-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS1qZzd3LWN4anYtOThjMs4AA21G

SpiceDB leaks information in log files when URI cannot be parsed
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 6 months ago

High

GSA_kwCzR0hTQS03ZnhtLWY0NzQtaGY4d84AA209

Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago

High

GSA_kwCzR0hTQS1xNzhjLWd3cXctamNtY84AA20_

Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago

High

GSA_kwCzR0hTQS1tcjQ1LXJ4OHEtd2NtOc4AA207

xkeys seal encryption used fixed key for all encryption
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/nkeys
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS1qcTM1LTg1Y2otZmo0cM4AA2xO

/sys/devices/virtual/powercap accessible by default to containers
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

High

GSA_kwCzR0hTQS0zcTZtLXY4NGYtNnA5aM4AA2xM

quic-go vulnerable to pointer dereference that can lead to panic
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS0zNWM3LXczNWYteHdnaM4AA2xD

Kube-proxy may unintentionally forward traffic
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 6 months ago

Low

GSA_kwCzR0hTQS00N3h3LXZ3Nm0tdzlmcc4AA2wh

HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vagrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago

Low

GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp

Flyte Admin SQL Injection in List Filters
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 6 months ago

High

GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us

Cosmos packet-forward-middleware vulnerable to chain-halt
Ecosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

High

GSA_kwCzR0hTQS01d2o0LXdmZnEtMzM3OM4AA2tO

Ingress nginx annotation injection causes arbitrary command execution
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

High

GSA_kwCzR0hTQS1mcDlmLTQ0YzItY3cyN84AA2tB

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

High

GSA_kwCzR0hTQS1ndnJtLXcyZjktZjc3cc4AA2sh

Ingress-nginx path sanitization can be bypassed
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

High

GSA_kwCzR0hTQS1tNDI1LW1xOTQtMjU3Z84AA2sQ

gRPC-Go HTTP/2 Rapid Reset vulnerability
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS00cjV4LXgyODMtd205Ns4AA2oW

Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
Ecosystems: go
Packages: github.com/jumpserver/koko
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

High

GSA_kwCzR0hTQS1jcXZ2LXIzZzMtMjZyZs4AA2nX

free5GC udm vulnerable to Invalid Curve Attack
Ecosystems: go
Packages: github.com/free5gc/udm
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS1xMjRtLTZoMzgtNXhqOM4AA2kK

ydb-go-sdk token in custom credentials object can leak through logs
Ecosystems: go
Packages: github.com/ydb-platform/ydb-go-sdk/v3
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 6 months ago

High

GSA_kwCzR0hTQS1obXE0LWMycjQtNXE4aM4AA2kJ

Artifact Hub arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago

Low

GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI

Artifact Hub allows unsafe rego built-in
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS1nNnBxLXg1MzktN3c0as4AA2kH

Artifact Hub has Incorrect Docker Hub registry check
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago

High

GSA_kwCzR0hTQS1mcjJnLTloam0td3IyM84AA2kD

NATS.io: Adding accounts for just the system account adds auth bypass
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

High

GSA_kwCzR0hTQS1ocjRmLTZqaDgtZjJ2cc4AA2i_

OpenFGA DoS vulnerability
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS1tNWpjLXI0Z2YtYzZwOM4AA2i-

Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago

High

GSA_kwCzR0hTQS03NWo3LXc3OTgtY3d3eM4AA2i9

Arduino Create Agent path traversal - local privilege escalation vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS1tanE2LXB2OWMtcXBwcc4AA2i8

High

GSA_kwCzR0hTQS00eDVxLXE3d2MtcTIycM4AA2i7

Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago

High

GSA_kwCzR0hTQS12OWpoLWo4cHgtOTh2cc4AA2iM

go-ethereum vulnerable to denial of service via crafted GraphQL query
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago

Critical

GSA_kwCzR0hTQS03cDkyLXg0MjMtdndqNs4AA2gZ

Plonk verifier KZG multi point verification
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

High

GSA_kwCzR0hTQS0yNjd2LTN2MzItZzZxNc4AA2gX

Cross-site Scripting via missing Binding syntax validation
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 6 months ago

High

GSA_kwCzR0hTQS05d21jLXJnNGgtMjh3ds4AA2gR

github.com/kumahq/kuma affected by CVE-2023-44487
Ecosystems: go
Packages: github.com/kumahq/kuma
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago

High

GSA_kwCzR0hTQS1tdjczLWY2OXgtNDQ0cM4AA2gQ

Go Fiber CSRF Token Validation Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 6 months ago

Critical

GSA_kwCzR0hTQS05NHc5LTk3cDMtcDM2OM4AA2gP

CSRF Token Reuse Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS03djRwLTMyOHYtOHY1Z84AA2fi

Traefik vulnerable to HTTP/2 request causing denial of service
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago

High

GSA_kwCzR0hTQS1yY2p2LW1ncDgtcXZtcs4AA2eX

OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
Ecosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace, go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron, go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho, go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS0zN3g1LXFwbTgtNTNycc4AA2eH

Google Sheets data source plugin for Grafana information disclosure vulnerability
Ecosystems: go
Packages: github.com/grafana/google-sheets-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS1mdzljLTc1aGgtODlwNs4AA2ds

Grafana privilege escalation vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago

High

GSA_kwCzR0hTQS04Z3dqLW02dmgtMmc2as4AA2Zu

kOps privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kops
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 7 months ago

High

GSA_kwCzR0hTQS00Mzc0LXA2NjctcDZjOM4AA2ZJ

HTTP/2 rapid reset can cause excessive work in net/http
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS12NjgzLXJjeHgtdnBmZs4AA2X6

ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS1tcTZmLTV4aDUtaGdjZs4AA2X3

Harbor timing attack risk
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2

HTTP/2 Stream Cancellation Attack
Ecosystems: maven, swift, go
Packages: com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: 7 months ago

High

GSA_kwCzR0hTQS12eDc0LWY1MjgtZnhxZ84AA2Va

github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset
Ecosystems: go
Packages: github.com/nghttp2/nghttp2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago

Critical

GSA_kwCzR0hTQS02MjJoLWgycDgtNzQzeM4AA2R2

JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Ecosystems: go
Packages: github.com/neuvector/neuvector
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago

Low

GSA_kwCzR0hTQS1wZmZnLTkyY2cteGY1Y84AA2Qs

gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Ecosystems: go
Packages: github.com/consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS00OTh3LTVqNDktdnFqZ84AA2PN

gnark unsoundness in variable comparison / non-unique binary decomposition
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 7 months ago

High

GSA_kwCzR0hTQS1tYzk3LTk5ajQtdm0yds4AA2MF

Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled
Ecosystems: go
Packages: github.com/charmbracelet/soft-serve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago

Low

GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf

CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS05aHdwLWNqN20td2p3NM4AA2I2

Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago

Low

GSA_kwCzR0hTQS1ycDY1LWpwYzctOGg4cM4AA2I7

Moderate

GSA_kwCzR0hTQS1oNjl2LW12aDktaGZycc4AA2I8

Moderate

GSA_kwCzR0hTQS0zM3I3LXdqZmMtN3c5OM4AA2Iz

Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago

Low

GSA_kwCzR0hTQS1oOHdoLWY3Z3ctZndwcs4AA2I9

High

GSA_kwCzR0hTQS04NmM2LTNnNjMtNXc2NM4AA2Id

Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS0yaG05LWg4NzMtcGdxaM4AA2IH

OpenFGA Vulnerable to DoS from circular relationship definitions
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago

Critical

GSA_kwCzR0hTQS05eGZxLThqM3IteHA1Z84AA2Hb

Consensys gnark-crypto allows Signature Malleability
Ecosystems: go
Packages: github.com/Consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS02anF3LWp3ZjUtcnA4aM4AA2HB

Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS00eHAyLXc2NDItN21jeM4AA2C6

Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 7 months ago

Low

GSA_kwCzR0hTQS0yNG01LXI2aHYtY2NncM4AA2C5

Specific Cilium configurations vulnerable to DoS via Kubernetes annotations
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 7 months ago

Critical

GSA_kwCzR0hTQS1yNWhtLW1wM2otMjg1Z84AA2C4

sing-box vulnerable to improper authentication in the SOCKS inbound
Ecosystems: go
Packages: github.com/sagernet/sing, github.com/sagernet/sing-box
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS1najJyLXBod2ctNnJ3d84AA2C0

Kubernetes users may update Pod labels to bypass network policy
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago

High

GSA_kwCzR0hTQS12Znc1LWhyZ3EtaDV3Zs4AA2Bv

x/net/html Vulnerable to DoS During HTML Parsing
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago

High

GSA_kwCzR0hTQS05Mmh4LTNtaDYtaGM0Oc4AA2A6

kube-apiserver authentication bypass vulnerability
Ecosystems: go
Packages: github.com/openshift/apiserver-library-go
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS02ZjRtLWo1NnctNTVjM84AA2A3

Kiali content spoofing vulnerability
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 7 months ago

High

GSA_kwCzR0hTQS1tOXhxLTZoMmotNjVyMs4AA2Ar

Markdown vulnerable to Out-of-bounds Read while parsing citations
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 7 months ago

High

GSA_kwCzR0hTQS14NGhoLXZqbTctZzJqds4AA1-x

Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input
Ecosystems: go
Packages: github.com/contribsys/faktory
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS03ZzN2LTRnZ3IteHZqZs4AA19a

Croc may expose secret to local users
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 7 months ago

High

GSA_kwCzR0hTQS0zNjRjLXZ2cXgtNDQ2Y84AA19Z

Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS03bXA2LTkyOXAtcHFoas4AA19V

Croc requires senders to provide local IP addresses in cleartext
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 7 months ago

High

GSA_kwCzR0hTQS1wcGpoLXhwNXYtNDZ3Y84AA19W

Croc sender may send dangerous new files to receiver
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS04Yzh3LWY3d3AtMmpyMs4AA19Y

Sender can cause a receiver to overwrite files during ZIP extraction in Croc
Ecosystems: go
Packages: github.com/schollz/croc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS1ocDU2LXh2ZjQtZzZ3cs4AA19U

Cros secrets may be disclosed to untrusted relay
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 7 months ago

Critical

GSA_kwCzR0hTQS12cGpjLTRqY3YtamMyOc4AA17t

NATS nats-server allows directory traversal via unintended path to a management action
Ecosystems: go
Packages: github.com/nats-io/nats-server
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 7 months ago

High

GSA_kwCzR0hTQS0yZzdyLTl4cTUtYzZods4AA167

Cross-Site Request Forgery (CSRF) in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS12ODRmLTZyMzktY3BmY84AA14s

HashiCorp Vault Improper Input Validation vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 8 months ago

High

GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j

libwebp: OOB write in BuildHuffmanTable
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago

High

Advisories: 18,152
Packages: 8,242
Repositories: 534
Ecosystems: 12

Filter by Severity

Moderate 7,822 High 6,289 Critical 2,788 Low 969

Filter by Ecosystem

maven 5,518 packagist 3,782 pypi 3,552 npm 3,530 go 1,887 nuget 1,390 rubygems 813 cargo 773 swift 31 hex 29 actions 16 pub 8

Filter by Package

Filter by Repository