Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1qY2YyLW14cjItZ21xcM4AA1gZ
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS04MjZqLTh3cDItNHg2cc4AA1gX
Netmaker Vulnerable to Privilege Escalation From Non Admin To Admin User
Ecosystems: go
Packages: github.com/gravitl/netmaker
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 8 months ago
High
GSA_kwCzR0hTQS0yNTZtLWo1cXctMzhmNM4AA1gW
Netmaker IDOR Allows User to Update Other User's Password
Ecosystems: go
Packages: github.com/gravitl/netmaker
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 8 months ago
High
GSA_kwCzR0hTQS04eDhoLWhjcTgtand3eM4AA1gV
Netmaker has Hardcoded DNS Secret Key
Ecosystems: go
Packages: github.com/gravitl/netmaker
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 8 months ago
High
GSA_kwCzR0hTQS1nY3E5LXFxd3gtcmdqM84AA1fe
libp2p nodes vulnerable to OOM attack
Ecosystems: go
Packages: github.com/libp2p/go-libp2p
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12ODZ4LTVmbTMtNXA3as4AA1eS
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
Ecosystems: go
Packages: github.com/prometheus/alertmanager
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 8 months ago
High
GSA_kwCzR0hTQS1jOHh3LXZqZ2YtOTRocs4AA1eI
Argo CD web terminal session doesn't expire
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 8 months ago
High
GSA_kwCzR0hTQS04Njk3LTQ3OWgtNW1mcM4AA1ar
Weaviate denial of service vulnerability
Ecosystems: go
Packages: github.com/weaviate/weaviate
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 8 months ago
High
GSA_kwCzR0hTQS00Z2NmLTVtMzktOThtY84AA1WL
Woodpecker does not validate webhook before changing any data
Ecosystems: go
Packages: github.com/woodpecker-ci/woodpecker
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 9 months ago
High
GSA_kwCzR0hTQS14dmhnLXc2cWMtbTNxcc4AA1Uj
Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading
Ecosystems: go
Packages: github.com/yaklang/yaklang
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05cGhoLXIzN3YtMzR3aM4AA1SQ
lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1wMjY3LWpqZnEtcHBoZs4AA1P0
Mattermost fails to check if user is a guest before performing actions on public playbooks
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02eGpqLXY3NnYtZndwas4AA1P1
Mattermost does not validate requesting user permissions before updating admin details
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 9 months ago
Low
GSA_kwCzR0hTQS1nM3Y2LXI4cDktd3hnOc4AA1Pz
Mattermost fails to correctly delete attachments
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05cnd3LTY2dzctN3ZqeM4AA1P4
Mattermost fails to sanitize post metadata
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1oZjdqLXhqM3ctODdnNM4AA1OF
1Panel arbitrary file write vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04NWNmLWdqMjktZjU1Nc4AA1OE
1Panel Arbitrary File Download vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1wdjdxLXY5bXYtOW1oNc4AA1OD
1Panel O&M management panel has a background arbitrary file reading vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04YzM3LTdxeDMtNGM0cM4AA1Lt
Blst has logical error in SigValidate in Go bindings
Ecosystems: go
Packages: github.com/supranational/blst
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
GSA_kwCzR0hTQS05cmhmLXEzNjItNzdteM4AA1Lk
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: 9 months ago
High
GSA_kwCzR0hTQS04NzZwLTgyNTkteGpnZ84AA1LS
libp2p nodes vulnerable to attack using large RSA keys
Ecosystems: go
Packages: github.com/libp2p/go-libp2p
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04ajN2LTY4dzMtMzg0OM4AA1Fj
Gitea erroneous repo clones
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 9 months ago
High
GSA_kwCzR0hTQS0yeHg0LWpqNXYtNm1mZs4AA1Dh
Nuclei Path Traversal vulnerability
Ecosystems: go
Packages: github.com/projectdiscovery/nuclei, github.com/projectdiscovery/nuclei/v2
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01Mmg4LWM4NzYtOTg5Y84AA1BX
Answer has Race Condition within a Thread
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1qNjN4LWY2NTctMm05Z84AA1Ba
Answer has Weak Password Requirements
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nZ2NmLWh3eHAtcmM3N84AA1BW
Answer Insufficient Session Expiration vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
GSA_kwCzR0hTQS12OXZjLTd4NjktYzJ4OM4AA1BV
Answer Missing Authorization vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS14OTJyLTN2ZngtNGN2M84AA1Av
Golang TIFF decoder does not place a limit on the size of compressed tile data
Ecosystems: go
Packages: golang.org/x/image
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0yd3JoLTZwdmMtMmptOc4AA1Aw
Improper rendering of text nodes in golang.org/x/net/html
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1qM3A4LTZtcnEtNmc3aM4AA1Au
Golang TIFF decoder vulnerable to excessive CPU consumption
Ecosystems: go
Packages: golang.org/x/image
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05djN3LXcyamgtNGhmZs4AA0-S
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 9 months ago
Low
GSA_kwCzR0hTQS02OHA0LTk1eGYtN2d4OM4AA08P
Denial of service from large image
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 9 months ago
High
GSA_kwCzR0hTQS1wajR4LTJ4cjUtdzg3bc4AA08J
Possible image tampering from missing image validation for Packages
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1tbXg1LTMybTQtd3h2eM4AA04G
Ineffective privileges drop when requesting container network
Ecosystems: go
Packages: github.com/apptainer/apptainer
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04N2Y2LThncjctcGM2aM4AA01j
KubePi may leak password hash of any user
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03NTdwLXZ4NDMtZnA5cs4AA01i
KubePi Privilege Escalation vulnerability
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01OW02LTgycW0tdnFnas4AA01h
Dapr API token authentication bypass in HTTP endpoints
Ecosystems: go
Packages: github.com/dapr/dapr
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS12NWZtLWhyNzItMjdoeM4AA0z0
Nomad Search API Leaks Information About CSI Plugins
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 9 months ago
Low
GSA_kwCzR0hTQS05amZ4LTg0djktMnJyMs4AA0z2
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1ycHZyLTM4eHYteHZ4cc4AA0zx
Nomad ACL Policies without Label are Applied to Unexpected Resources
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 9 months ago
High
GSA_kwCzR0hTQS00cjh4LTJwMjYtOTc2cM4AA0xx
goproxy Denial of Service vulnerability
Ecosystems: go
Packages: github.com/elazarl/goproxy
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: 10 months ago
High
GSA_kwCzR0hTQS1wOXhmLTc0eGgtbWh3Nc4AA0xr
1Panel command injection vulnerability in Firewall ip functionality
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1tNXE1LThtZnctcDJocs4AA0vD
CasaOS contains weak JWT secrets
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS12amg3LTVyNngteGg2Z84AA0vC
CasaOS Gateway vulnerable to incorrect identification of source IP addresses
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-Gateway
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 10 months ago
High
GSA_kwCzR0hTQS05eDQ0LTlwZ3EtY2Y0Nc4AA0u8
avro vulnerable to denial of service via attacker-controlled parameter
Ecosystems: go
Packages: github.com/hamba/avro/v2, github.com/hamba/avro
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 10 months ago
High
GSA_kwCzR0hTQS02aHZ2LWo0MzItMjNjds4AA0t6
Weave GitOps Terraform Controller Information Disclosure Vulnerability
Ecosystems: go
Packages: github.com/weaveworks/tf-controller
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mMjhnLTg2aGMtODIzcc4AA0sa
Tokenizer vulnerable to client brute-force of token secrets
Ecosystems: go
Packages: github.com/superfly/tokenizer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1qNDk0LTd4MnYtdnZ2cM4AA0sO
mx-chain-go's relayed transactions always increment nonce
Ecosystems: go
Packages: github.com/multiversx/mx-chain-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mOTloLXczMzctbXY1Ns4AA0pu
iprange may panic when parsing ranges with invalid masks
Ecosystems: go
Packages: github.com/malfunkt/iprange
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0ydzh3LXFoZzQtZjc4as4AA0mz
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries
Ecosystems: go
Packages: github.com/jaegertracing/jaeger
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 10 months ago
Low
GSA_kwCzR0hTQS13MmgzLXZ2dnEtM201M84AA0fs
Pipelines do not validate child UIDs
Ecosystems: go
Packages: github.com/tektoncd/pipeline
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qMmNyLWpjMzktd3B4Nc4AA0fr
Barberry Security Advisory - regarding x/auth periodic vesting accounts
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1oaHZ4LTg3NTUtNGN2d84AA0TE
Hashicorp Nomad ACLs Cannot Deny Access to Workload’s Own Variables
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 10 months ago
High
GSA_kwCzR0hTQS13bWc1LWc5NTMtcXFmd84AA0UP
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 10 months ago
High
GSA_kwCzR0hTQS05dnJtLXY5eHYteDN4cs4AA0Sj
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
Ecosystems: go
Packages: github.com/hashicorp/boundary
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05bWg4LTlqNjQtNDQzZs4AA0RO
HashiCorp Vault's revocation list not respected
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03ajZ4LTQybW0tcDdqbc4AA0Rd
Zinc Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/zinclabs/zinc, github.com/zincsearch/zincsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS00Zmd2LTg0NDgtZ2Y4Ms4AA0Rf
Zinc Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/zinclabs/zinc, github.com/zincsearch/zincsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03eDJjLWZneDYteGY5aM4AA0OS
1Panel vulnerable to command injection when entering the container terminal
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xMm14LWdwamYtM2g4eM4AA0OR
1Panel vulnerable to command injection when adding container repositories
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS13MjR3LXdwNzctcWZmbc4AA0OO
CometBFT may duplicate transactions in the mempool's data structures
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tdmozLXFycWgtY2p2cs4AA0ON
CometBFT PeerState JSON serialization deadlock
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 10 months ago
Low
GSA_kwCzR0hTQS1jZjZ2LTlqNTctdjZyNs4AA0Nx
code.gitea.io/gitea Open Redirect vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xYzJnLWdtaDYtOTVwNM4AA0Ln
kube-apiserver vulnerable to policy bypass
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1jZ2N2LTUyNzItOTdwcs4AA0Ls
Kubernetes mountable secrets policy bypass
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS13NXc1LTI4ODItNDdwY84AA0KY
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS12cHhmLXE0NGctdzM0d84AA0KL
Sealos billing system permission control defect
Ecosystems: go
Packages: github.com/labring/sealos
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 10 months ago
Critical
GSA_kwCzR0hTQS03NGo4LXc3ZjktcHA2Ms4AA0KE
Improper configuration of RBAC permissions obtaining cluster control permissions
Ecosystems: go
Packages: github.com/labring/sealos
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nbTJnLTJ4cjktcHh4as4AA0J6
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Ecosystems: go
Packages: go.temporal.io/server
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1ocjlyLThwaHEtNXg4as4AA0IN
OpenFGA vulnerable to denial of service due to circular relationship
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1tNTRoLTV4NWYtNW02cs4AA0IM
SpiceDB's LookupResources may return partial results
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1jMnBqLXYzN3ItMnA2aM4AA0El
Coraza has potential denial of service vulnerability
Ecosystems: go
Packages: github.com/corazawaf/coraza/v2, github.com/corazawaf/coraza/v3
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1tcHYzLWc4bTMtM2ZqY84AA0AQ
Grafana vulnerable to Authentication Bypass by Spoofing
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13NDRtLThtdjItdjc4aM4AAz_3
Cosmos "Barberry" vulnerability in github.com/cosmos/cosmos-sdk
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1yd2NwLXFyd2ctNTZjZ84AAz_T
Casdoor Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS04anhtLXhwNDMtcWgzcc4AAz-e
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability
Ecosystems: go
Packages: github.com/bishopfox/sliver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS04cmM5LXZ4amgtcWpmMs4AAz9k
Vega's validators able to submit duplicate transactions
Ecosystems: go
Packages: code.vegaprotocol.io/vega
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 10 months ago
Low
GSA_kwCzR0hTQS1yN3dyLTR3NXEtNTVtNs4AAz51
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00NTVjLXZxcmYtbWdocs4AAz5c
Mattermost Server Missing Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS14YzhtLTI4dnYtNHBqY84AAz5V
Kubelet vulnerable to bypass of seccomp profile enforcement
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ybTh2LW14ajMtNXJtcc4AAz3K
github.com/lestrrat-go/jwx vulnerable to Potential Padding Oracle Attack
Ecosystems: go
Packages: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jdm0zLXBwMmotY2hyM84AAzyX
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 11 months ago
High
GSA_kwCzR0hTQS04cXhoLTJnaDgtcjkyM84AAzyT
cheqd-node subject to Cosmos SDK "Barberry" vulnerability
Ecosystems: go
Packages: github.com/cheqd/cheqd-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1oNjVoLXY3ZnctNHAzOM4AAzxh
HashiCorp Consul Incorrect Access Control vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: 11 months ago
High
GSA_kwCzR0hTQS1md3YyLTY1d2gtMnc4Y84AAzxf
Snowflake Golang Driver vulnerable to Command Injection
Ecosystems: go
Packages: github.com/snowflakedb/gosnowflake
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ncTk4LTUzcnEtcXI1aM4AAzw5
Hashicorp Vault vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1oaDU0LTUzbTctN2Zmas4AAzuZ
alist Incorrect Access Control vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS14Mnc0LWM2N3AtZzQ0as4AAzsV
Grafana Missing Synchronization vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 11 months ago
High
GSA_kwCzR0hTQS14aGc1LTQycmYtMjk2cs4AAzr4
notation-go's verification bypass can cause users to verify the wrong artifact
Ecosystems: go
Packages: github.com/notaryproject/notation-go
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ydnJ4LXJyd2gtcjlwNs4AAzr3
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05bTN2LXY0cjUtcHB4N84AAzr2
Notation vulnerable to denial of service from high number of artifact signatures
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05cnA2LTIzZ2YtNGMzaM4AAzrz
syncthing vulnerable to Cross-site Scripting (XSS) in Web GUI
Ecosystems: go
Packages: github.com/syncthing/syncthing
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1wOTc2LWg1MmMtMjZwNs4AAzpQ
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
Ecosystems: go
Packages: rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS00NnYzLWdnamctcXEzeM4AAzpP
Rancher UI has multiple Cross-Site Scripting (XSS) issues
Ecosystems: go
Packages: rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS04dmhjLWh3aGMtY3BqNM4AAzpO
Rancher users retain access after moving namespaces into projects they don't have access to
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 11 months ago
High
GSA_kwCzR0hTQS00YzMyLXc2YzctNzd4NM4AAzpH
SQL injection when using MySQL/PostgreSQL data checking
Ecosystems: go
Packages: github.com/megaease/easeprobe
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS12ZnJqLWZ2NnAtM2NwZs4AAzpG
Brook's tproxy server is vulnerable to a drive-by command injection.
Ecosystems: go
Packages: github.com/txthinking/brook
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 11 months ago
Low
GSA_kwCzR0hTQS03Yzk0LWd2dmotcjNtZ84AAzot
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cheqd/cheqd-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ocTRtLTQ5NDgtNjRjY84AAzol
Kyverno resource with a deletionTimestamp may allow policy circumvention
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ncXg5LWgzdzItZnByZ84AAzoj
Gitpod vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/gitpod-io/gitpod
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 11 months ago
Statistics
Advisories: 18,152
Packages: 8,242
Repositories: 534
Ecosystems: 12
Filter by Severity
Moderate 7,822 High 6,289 Critical 2,788 Low 969
Filter by Ecosystem
maven 5,518 packagist 3,782 pypi 3,552 npm 3,530 go 1,887 nuget 1,390 rubygems 813 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
github.com/usememos/memos 59 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/hashicorp/vault 28 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 19 github.com/docker/docker 19 code.gitea.io/gitea 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/opencontainers/runc 13 github.com/mattermost/mattermost-server 13 github.com/containerd/containerd 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 github.com/moby/moby 12 github.com/go-gitea/gitea 12 github.com/cloudflare/cfrpki 11 github.com/openfga/openfga 11 github.com/1Panel-dev/1Panel 10 github.com/cosmos/cosmos-sdk 10 github.com/greenpau/caddy-security 10 github.com/zitadel/zitadel 10 github.com/sylabs/singularity 9 github.com/kubernetes/kubernetes 9 golang.org/x/crypto 9 istio.io/istio 8 github.com/containers/podman/v4 8 github.com/kubeedge/kubeedge 8 go.etcd.io/etcd 8 github.com/cri-o/cri-o 8 github.com/pomerium/pomerium 8 github.com/nats-io/jwt 7 github.com/google/fscrypt 7 helm.sh/helm 7 k8s.io/ingress-nginx 7 github.com/traefik/traefik 7 github.com/beego/beego 7 github.com/hashicorp/go-getter 7 github.com/fluxcd/flux2 6 github.com/pion/dtls 6 github.com/beego/beego/v2 6 github.com/hyperledger/fabric 6 github.com/russellhaering/goxmldsig 6 github.com/russellhaering/gosaml2 6 github.com/pterodactyl/wings 6 github.com/apache/trafficcontrol 6 github.com/gravitl/netmaker 6 github.com/authzed/spicedb 6 github.com/sigstore/cosign 6 github.com/cubefs/cubefs 6 github.com/treeverse/lakefs 6 github.com/KubeOperator/kubepi 5 github.com/traefik/traefik/v3 5 github.com/schollz/croc/v9 5 github.com/pion/dtls/v2 5 github.com/IBAX-io/go-ibax 5 github.com/containers/buildah 5 github.com/ipfs/go-ipfs 5 github.com/mattermost/mattermost-server/v5 5 github.com/kyverno/kyverno 5 github.com/cometbft/cometbft 5 github.com/0xJacky/Nginx-UI 5 github.com/gophish/gophish 5 kubevirt.io/kubevirt 5 github.com/kiali/kiali 5 go.etcd.io/etcd/v3 5 github.com/foxcpp/maddy 5 github.com/hashicorp/go-getter/v2 5 github.com/gofiber/fiber/v2 5 github.com/fluxcd/kustomize-controller 5 github.com/moby/buildkit 5 github.com/tidwall/gjson 5 github.com/apache/incubator-answer 5 github.com/tendermint/tendermint 5 github.com/alist-org/alist/v3 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/lestrrat-go/jwx 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/argoproj/argo-workflows/v3 4 github.com/git-lfs/git-lfs 4 github.com/lestrrat-go/jwx/v2 4 github.com/ory/fosite 4 github.com/dexidp/dex 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/containers/podman/v3 4 github.com/concourse/concourse 4 github.com/casdoor/casdoor 4 github.com/free5gc/free5gc 4 golang.org/x/net/http2 4 github.com/aws/aws-sdk-go 4 github.com/crewjam/saml 4 github.com/arduino/arduino-create-agent 4 github.com/dhowden/tag 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/gin-gonic/gin 4 github.com/open-policy-agent/opa 4 github.com/caddyserver/caddy 4 github.com/projectcalico/calico 3 github.com/consensys/gnark 3 golang.org/x/text 3 github.com/minio/minio 3 github.com/mholt/archiver 3 github.com/dutchcoders/transfer.sh 3 github.com/fluxcd/helm-controller 3 github.com/notaryproject/notation 3 github.com/sigstore/cosign/v2 3 github.com/flyteorg/flyteadmin 3 go.etcd.io/etcd/client/v3 3 github.com/nats-io/jwt/v2 3 gopkg.in/yaml.v2 3 github.com/apache/servicecomb-service-center 3 github.com/heketi/heketi 3 github.com/docker/distribution 3 github.com/libp2p/go-libp2p 3 github.com/hashicorp/vault/vault 3 github.com/quic-go/quic-go 3 github.com/miekg/dns 3 github.com/syncthing/syncthing 3 github.com/cheqd/cheqd-node 3 github.com/coredns/coredns 3 github.com/ElrondNetwork/elrond-go 3 k8s.io/client-go 3 github.com/owncast/owncast 3 github.com/hashicorp/boundary 3 github.com/go-vela/server 3 github.com/weaveworks/weave-gitops 3 golang.org/x/image 3 github.com/ory/oathkeeper 3 github.com/lightningnetwork/lnd 3 github.com/stacklok/minder 3 github.com/edgelesssys/constellation/v2 3 github.com/square/go-jose 3 github.com/openshift/origin 3 github.com/cortexproject/cortex 3 github.com/crypto-org-chain/cronos 3 github.com/phachon/mm-wiki 3 github.com/authelia/authelia/v4 3 github.com/crossplane/crossplane 3 github.com/jackc/pgx/v4 3 github.com/artifacthub/hub 3 github.com/tharsis/evmos 3 github.com/jackc/pgx 2 github.com/clastix/capsule-proxy 2 github.com/etcd-io/etcd 2 github.com/netlify/gotrue 2 github.com/pires/go-proxyproto 2 github.com/jackc/pgproto3 2 github.com/mutagen-io/mutagen 2 github.com/zalando/skipper 2 vitess.io/vitess 2 github.com/jackc/pgproto3/v2 2 github.com/cloudflare/circl 2 github.com/pydio/cells 2 github.com/fluid-cloudnative/fluid 2 github.com/go-yaml/yaml 2 github.com/openshift/apiserver-library-go 2 github.com/ansible-semaphore/semaphore 2 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 2 github.com/protocolbuffers/protobuf 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/zinclabs/zinc 2 github.com/zincsearch/zincsearch 2 github.com/unknwon/cae 2 github.com/ntbosscher/gobase 2 github.com/jackc/pgx/v5 2 mellium.im/xmpp 2 github.com/talos-systems/talos 2 github.com/bytebase/bytebase 2 github.com/Masterminds/goutils 2 sigs.k8s.io/secrets-store-csi-driver 2 github.com/rancher/wrangler 2 github.com/apache/thrift 2 github.com/codenotary/immudb 2 github.com/kata-containers/runtime 2 github.com/containers/podman/v2 2 github.com/nats-io/nats-streaming-server 2 github.com/gohugoio/hugo 2 github.com/buildkite/elastic-ci-stack-for-aws/v6 2 github.com/siderolabs/talos 2 github.com/notaryproject/notation-go 2 github.com/kitabisa/teler-waf 2 github.com/IceWhaleTech/CasaOS 2 github.com/ulikunitz/xz 2 protobuf 2 github.com/sigstore/rekor 2 github.com/gphper/ginadmin 2 github.com/labring/sealos 2 github.com/labstack/echo/v4 2 github.com/theupdateframework/go-tuf 2
Filter by Repository
https://github.com/usememos/memos 59 https://github.com/kubernetes/kubernetes 48 https://github.com/argoproj/argo-cd 37 https://github.com/answerdev/answer 34 https://github.com/go-gitea/gitea 31 https://github.com/rancher/rancher 25 https://github.com/grafana/grafana 21 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/hashicorp/vault 16 https://github.com/etcd-io/etcd 16 https://github.com/goharbor/harbor 15 https://github.com/ethereum/go-ethereum 15 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/traefik/traefik 13 https://github.com/hashicorp/nomad 13 https://github.com/containerd/containerd 13 https://github.com/golang/go 13 https://github.com/opencontainers/runc 11 https://github.com/openfga/openfga 11 https://github.com/containers/podman 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 10 https://github.com/zitadel/zitadel 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/greenpau/caddy-security 10 https://github.com/cri-o/cri-o 9 https://github.com/istio/istio 8 https://github.com/kubeedge/kubeedge 8 https://github.com/pomerium/pomerium 8 https://github.com/docker/docker 8 https://github.com/kubernetes/ingress-nginx 7 https://github.com/beego/beego 7 https://github.com/hashicorp/go-getter 7 https://github.com/google/fscrypt 7 https://github.com/hpcng/singularity 7 https://github.com/pterodactyl/wings 6 https://github.com/schollz/croc 6 https://github.com/sigstore/cosign 6 https://github.com/pion/dtls 6 https://github.com/moby/buildkit 6 https://github.com/hyperledger/fabric 6 https://github.com/treeverse/lakeFS 6 https://github.com/gravitl/netmaker 6 https://github.com/authzed/spicedb 6 https://github.com/containers/buildah 6 https://github.com/fluxcd/flux2 6 https://github.com/cubefs/cubefs 6 https://github.com/0xJacky/nginx-ui 5 https://github.com/argoproj/argo-workflows 5 https://github.com/russellhaering/gosaml2 5 https://github.com/cometbft/cometbft 5 https://github.com/crewjam/saml 5 https://github.com/foxcpp/maddy 5 https://github.com/free5gc/free5gc 5 https://github.com/gofiber/fiber 5 https://github.com/gophish/gophish 5 https://github.com/kyverno/kyverno 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/ipfs/go-ipfs 5 https://github.com/tidwall/gjson 5 https://github.com/tendermint/tendermint 5 https://github.com/ory/fosite 4 https://github.com/containous/traefik 4 https://github.com/concourse/concourse 4 https://github.com/open-policy-agent/opa 4 https://github.com/grafana/bugbounty 4 https://github.com/casdoor/casdoor 4 https://github.com/caddyserver/caddy 4 https://github.com/IceWhaleTech/CasaOS-UserService 4 https://github.com/oauth2-proxy/oauth2-proxy 4 https://github.com/git-lfs/git-lfs 4 https://github.com/siderolabs/talos 4 https://github.com/dhowden/tag 4 https://github.com/lestrrat-go/jwx 4 https://github.com/dexidp/dex 4 https://github.com/arduino/arduino-create-agent 4 https://github.com/nats-io/jwt 4 https://github.com/kubevirt/kubevirt 4 https://github.com/gin-gonic/gin 4 https://github.com/aws/aws-sdk-go 4 https://github.com/flipped-aurora/gin-vue-admin 3 https://github.com/gogits/gogs 3 https://github.com/phachon/mm-wiki 3 https://github.com/flyteorg/flyteadmin 3 https://github.com/u-root/u-root 3 https://github.com/evmos/evmos 3 https://github.com/ory/oathkeeper 3 https://github.com/ElrondNetwork/elrond-go 3 https://github.com/edgelesssys/constellation 3 https://github.com/open-telemetry/opentelemetry-go-contrib 3 https://github.com/openshift/origin 3 https://github.com/go-vela/server 3 https://github.com/go-yaml/yaml 3 https://github.com/heketi/heketi 3 https://github.com/ipfs/boxo 3 https://github.com/kiali/kiali 3 https://github.com/KubeOperator/KubePi 3 https://github.com/tailscale/tailscale 3 https://github.com/kubernetes-sigs/secrets-store-csi-driver 3 https://github.com/syncthing/syncthing 3 https://github.com/libp2p/go-libp2p 3 https://github.com/sylabs/singularity 3 https://github.com/moby/libnetwork 3 https://github.com/minio/minio 3 https://github.com/square/go-jose 3 https://github.com/alist-org/alist 3 https://github.com/apache/trafficcontrol 3 https://github.com/artifacthub/hub 3 https://github.com/authelia/authelia 3 https://github.com/stacklok/minder 3 https://github.com/cheqd/cheqd-node 3 https://github.com/Consensys/gnark 3 https://github.com/cortexproject/cortex 3 https://github.com/weaveworks/weave-gitops 3 https://github.com/crossplane/crossplane 3 https://github.com/quic-go/quic-go 3 https://github.com/dutchcoders/transfer.sh 3 https://github.com/argoproj/argo-events 2 https://github.com/edgelesssys/marblerun 2 https://github.com/atredispartners/advisories 2 https://github.com/elastic/beats 2 https://github.com/temporalio/temporal 2 https://github.com/kitabisa/teler-waf 2 https://github.com/kitabisa/teler 2 https://github.com/bitly/oauth2_proxy 2 https://github.com/jackc/pgproto3 2 https://github.com/ipld/go-codec-dagpb 2 https://github.com/bottlerocket-os/bottlerocket 2 https://github.com/brokercap/Bifrost 2 https://github.com/influxdata/influxdb 2 https://github.com/buger/jsonparser 2 https://github.com/imgproxy/imgproxy 2 https://github.com/bytebase/bytebase 2 https://github.com/zalando/skipper 2 https://github.com/apptainer/apptainer 2 https://github.com/labring/sealos 2 https://github.com/labstack/echo 2 https://github.com/ecnepsnai/web 2 https://github.com/lightningnetwork/lnd 2 https://github.com/Masterminds/goutils 2 https://github.com/1Panel-dev/KubePi 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/mellium/xmpp 2 https://github.com/mholt/archiver 2 https://github.com/microcosm-cc/bluemonday 2 https://github.com/miekg/dns 2 https://github.com/zinclabs/zinc 2 https://github.com/minio/console 2 https://github.com/woodpecker-ci/woodpecker 2 https://github.com/google/exposure-notifications-verification-server 2 https://github.com/coredns/coredns 2 https://github.com/unknwon/cae 2 https://github.com/golang/crypto 2 https://github.com/go-jose/go-jose 2 https://github.com/gohugoio/hugo 2 https://github.com/coreos/etcd 2 https://github.com/facebook/fbthrift 2 https://github.com/cosmos/ethermint 2 https://github.com/go-git/go-git 2 https://github.com/fkie-cad/yapscan 2 https://github.com/fleetdm/fleet 2 https://github.com/vitessio/vitess 2 https://github.com/crypto-org-chain/cronos 2 https://github.com/flynn/noise 2 https://github.com/dvsekhvalnov/jose2go 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/theupdateframework/go-tuf 2 https://github.com/heroiclabs/nakama 2 https://github.com/drakkan/sftpgo 2 https://github.com/hashicorp/terraform 2 https://github.com/envoyproxy/envoy 2 https://github.com/cloudflare/circl 2 https://github.com/cloudflare/cloudflared 2 https://github.com/gphper/ginadmin 2 https://github.com/codenotary/immudb 2 https://github.com/distribution/distribution 2 https://github.com/Consensys/gnark-crypto 2 https://github.com/gotify/server 2 https://github.com/ulikunitz/xz 2 https://github.com/containers/libpod 2 https://github.com/fluid-cloudnative/fluid 2 https://github.com/russellhaering/goxmldsig 2 https://github.com/Netflix/security-bulletins 2 https://github.com/projectdiscovery/nuclei 2 https://github.com/ntbosscher/gobase 2 https://github.com/stripe/smokescreen 2 https://github.com/pingcap/tidb 2 https://github.com/peterzen/goresolver 2 https://github.com/sigstore/rekor 2 https://github.com/multiversx/mx-chain-go 2 https://github.com/mutagen-io/mutagen 2 https://github.com/notaryproject/notation 2 https://github.com/openshift/apiserver-library-go 2 https://github.com/swaggo/http-swagger 2