Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Loading...
High
GSA_kwCzR0hTQS1oNjVoLXY3ZnctNHAzOM4AAzxh
HashiCorp Consul Incorrect Access Control vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: 11 months ago
High
GSA_kwCzR0hTQS1md3YyLTY1d2gtMnc4Y84AAzxf
Snowflake Golang Driver vulnerable to Command Injection
Ecosystems: go
Packages: github.com/snowflakedb/gosnowflake
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ncTk4LTUzcnEtcXI1aM4AAzw5
Hashicorp Vault vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1oaDU0LTUzbTctN2Zmas4AAzuZ
alist Incorrect Access Control vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS14Mnc0LWM2N3AtZzQ0as4AAzsV
Grafana Missing Synchronization vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 11 months ago
High
GSA_kwCzR0hTQS14aGc1LTQycmYtMjk2cs4AAzr4
notation-go's verification bypass can cause users to verify the wrong artifact
Ecosystems: go
Packages: github.com/notaryproject/notation-go
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ydnJ4LXJyd2gtcjlwNs4AAzr3
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05bTN2LXY0cjUtcHB4N84AAzr2
Notation vulnerable to denial of service from high number of artifact signatures
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05cnA2LTIzZ2YtNGMzaM4AAzrz
syncthing vulnerable to Cross-site Scripting (XSS) in Web GUI
Ecosystems: go
Packages: github.com/syncthing/syncthing
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1wOTc2LWg1MmMtMjZwNs4AAzpQ
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
Ecosystems: go
Packages: rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS00NnYzLWdnamctcXEzeM4AAzpP
Rancher UI has multiple Cross-Site Scripting (XSS) issues
Ecosystems: go
Packages: rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS04dmhjLWh3aGMtY3BqNM4AAzpO
Rancher users retain access after moving namespaces into projects they don't have access to
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 11 months ago
High
GSA_kwCzR0hTQS00YzMyLXc2YzctNzd4NM4AAzpH
SQL injection when using MySQL/PostgreSQL data checking
Ecosystems: go
Packages: github.com/megaease/easeprobe
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS12ZnJqLWZ2NnAtM2NwZs4AAzpG
Brook's tproxy server is vulnerable to a drive-by command injection.
Ecosystems: go
Packages: github.com/txthinking/brook
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 11 months ago
Low
GSA_kwCzR0hTQS03Yzk0LWd2dmotcjNtZ84AAzot
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cheqd/cheqd-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ocTRtLTQ5NDgtNjRjY84AAzol
Kyverno resource with a deletionTimestamp may allow policy circumvention
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ncXg5LWgzdzItZnByZ84AAzoj
Gitpod vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/gitpod-io/gitpod
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 11 months ago
High
GSA_kwCzR0hTQS1ycWpxLXd3ODMtd3Y1Y84AAznY
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1jNTdjLTdocmotNnE2ds4AAznc
Hashicorp Consul vulnerable to denial of service
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 12 months ago
High
GSA_kwCzR0hTQS03eHB2LTRwbTkteGNoMs4AAznN
mx-chain-go does not treat invalid transaction with wrong username correctly
Ecosystems: go
Packages: github.com/multiversx/mx-chain-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1xZmM1LTZyM2otamoyMs4AAzmA
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1mN3F3LWpqOWMtcnBxOc4AAzkQ
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Ecosystems: go
Packages: github.com/lima-vm/lima
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1nNDdoLWZnY3ctZzRwaM4AAzi1
Algernon engine and themes vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/xyproto/algernon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1oZ3Y2LXc3cjMtdzRxd84AAzhi
Kyverno vulnerable due to usage of insecure cipher
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qMzI3LWM2OWgtNGdoOM4AAzhT
Abstrium Pydio Cells Resource Injection vulnerability
Ecosystems: go
Packages: github.com/pydio/cells/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS13bWZjLWc4NnAtZmp2cs4AAzhX
go package pydio cells vulnerable to cross-site scripting
Ecosystems: go
Packages: github.com/pydio/cells
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1tdjd4LTI3cGMtOGM5Ns4AAzhW
Go package pydio/cells vulnerable to authorization bypass
Ecosystems: go
Packages: github.com/pydio/cells
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1qcXZyLWoydmctZ2pyds4AAzg5
Signature validation bypass in github.com/moov-io/signedxml
Ecosystems: go
Packages: github.com/moov-io/signedxml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1wdnJjLXd2ajItZjU5cM4AAzfl
Pomerium vulnerable to Incorrect Authorization with specially crafted requests
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1mcnF4LWpmY20tNmpqcs4AAzfX
malformed proposed intoto entries can cause a panic
Ecosystems: go
Packages: github.com/sigstore/rekor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1nODJ3LTU4amYtZ2N4eM4AAze2
secrets-store-csi-driver discloses service account tokens in logs
Ecosystems: go
Packages: sigs.k8s.io/secrets-store-csi-driver
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qdjNmLTdtMzMtcXA2Nc4AAze1
Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited
Ecosystems: go
Packages: github.com/minio/console
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0zM2hxLWYybWYtam0zY84AAzeY
kyverno seccomp control can be circumvented
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS04NjN4LTg2OGgtOTY4eM4AAzdP
Ingress-nginx `path` sanitization can be bypassed with newline character
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
GSA_kwCzR0hTQS13N2p3LXE0ZmctcWM0Y84AAzdN
nfpm has incorrect default permissions
Ecosystems: go
Packages: github.com/goreleaser/nfpm, github.com/goreleaser/nfpm/v2
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0yaDQ0LXgyd3gtNDlmNM4AAzbE
Potential HTTP policy bypass when using header rules in Cilium
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1xanJxLWhtNzktNDl3d84AAzbA
ginuerzh/gost vulnerable to Timing Attack
Ecosystems: go
Packages: github.com/ginuerzh/gost
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05MndxLXE5cHEtZ3c0N84AAzYG
Dgraph Audit Log Encryption Vulnerability
Ecosystems: go
Packages: github.com/dgraph-io/dgraph
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 12 months ago
Low
GSA_kwCzR0hTQS0zcDRnLXJjdzUtODI5OM4AAzUC
etcd Key name can be accessed via LeaseTimeToLive API
Ecosystems: go
Packages: github.com/etcd-io/etcd
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yYzRtLTU5eDktZnIyZ84AAzUB
Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function
Ecosystems: go
Packages: github.com/gin-gonic/gin
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS03ZzJ2LTJmcm0tcmc5NM4AAzTV
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ycTg5LTQ4NWMtOWoyeM4AAzSj
Improper random reading in CIRCL
Ecosystems: go
Packages: github.com/cloudflare/circl
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xdnFnLTZycDgtNHA5aM4AAzSi
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak
Ecosystems: go
Packages: github.com/ipfs/kubo
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xM2o2LTIyd2YtM2poOc4AAzSh
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
Ecosystems: go
Packages: github.com/ipfs/go-bitswap
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ocXh3LWY4bXgtY3Btd84AAzSg
distribution catalog API endpoint can lead to OOM via malicious user input
Ecosystems: go
Packages: github.com/docker/distribution
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tOTc0LXhqNGotN3F2Nc4AAzSd
Boxo bitswap/server: DOS unbounded persistent memory leak
Ecosystems: go
Packages: github.com/ipfs/go-libipfs
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wNzQ0LTRxNnAtaHZjMs4AAzSb
Wings vulnerable to escape to host from installation container
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wcWo3LWp4MjQtd2o3d84AAzSa
VTAdmin users that can create shards can deny access to other functions
Ecosystems: go
Packages: vitess.io/vitess
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05M3h4LWN2bWMtOXczds4AAzM4
On a compromised node, the fluid-csi service account can be used to modify node specs
Ecosystems: go
Packages: github.com/fluid-cloudnative/fluid
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xbXF3LXI0eDYtM3cycc4AAzLF
Answer Missing Authorization vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05eDdoLWdnYzMteGc0N84AAzHz
imgproxy is vulnerable to Server-Side Request Forgery
Ecosystems: go
Packages: github.com/imgproxy/imgproxy/v3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yMmZ4LTZyOW0tcjhoOc4AAzGl
libheif vulnerable to segmentation fault via floating point exception
Ecosystems: go
Packages: github.com/strukturag/libheif
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qbXAyLXdjNHAtd2ZoMs4AAzGL
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints
Ecosystems: go
Packages: github.com/mutagen-io/mutagen, github.com/mutagen-io/mutagen-compose
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1md2o0LTcyZm0tYzkzZ84AAzGI
Under-validated ComSpec and cmd.exe resolution in Mutagen projects
Ecosystems: go
Packages: github.com/mutagen-io/mutagen
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zdnA0LW0zcmYtODM1aM4AAzFG
Improper input validation in github.com/gin-gonic/gin
Ecosystems: go
Packages: github.com/gin-gonic/gin
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yaDVoLTU5ZjUtYzV4Oc4AAzEu
Rekor's compressed archives can result in OOM conditions
Ecosystems: go
Packages: github.com/sigstore/rekor
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05d2g3LTM5N2otNzIybc4AAy-6
Ironic and ironic-inspector may expose as ConfigMaps
Ecosystems: go
Packages: github.com/metal3-io/baremetal-operator
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13OW1yLTI4bXctajhoZ84AAy-4
Hop-by-hop abuse to malform header mutator
Ecosystems: go
Packages: github.com/ory/oathkeeper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS05MzljLTNnOTctdnB2ds4AAy-V
Access control issues in blackbox_exporter
Ecosystems: go
Packages: github.com/prometheus/blackbox_exporter
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qNHJmLTczNTctZjRjZ84AAy9i
Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer
Ecosystems: go
Packages: github.com/apptainer/apptainer
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02bTlmLXBqNnctdzg3Z84AAy88
Rancher Webhook is misconfigured during upgrade process
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04MzNjLXhoNzktcDQyOc4AAy62
A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation
Ecosystems: go
Packages: github.com/clusternet/clusternet
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wZzVwLXd3cDgtOTdnOM4AAy3v
Debug mode leaks confidential data in Cilium
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1janI5LW1yMzUtN3hoNs4AAywj
SpiceDB binding metrics port to untrusted networks and can leak command-line flags
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jd2Y2LXhqNDktd3A4M84AAyu6
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
Ecosystems: go
Packages: github.com/open-feature/open-feature-operator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05MzM3LThjNmMtYzJ4Z84AAyt7
CubeFS allows Kubernetes cluster-level privilege escalation
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03MzVyLWh2NjctZzM4Zs4AAyrt
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Ecosystems: go
Packages: vitess.io/vitess
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS03aGo5LXJ2NzQtNWc5Ms4AAyrs
Traefik HTTP header parsing could cause a denial of service
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04amczLXJ4NDMtM2Z2NM4AAyq4
Answer vulnerable to Exposure of Sensitive Information Through Metadata
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02NXY4LTZwdnctand2cc4AAyq3
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qOTdnLTc3ZmotOWM0cM4AAyrA
Answer vulnerable to account takeover because password reset links do not expire
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mOHI4LWg5M20tbWo3N84AAykW
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yMzJwLXZ3ZmYtODZtcM4AAyiv
Docker Swarm encrypted overlay network may be unauthenticated
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zM3BnLW02amgtNTIzN84AAyiu
Docker Swarm encrypted overlay network traffic may be unencrypted
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02d3JmLW14ZmotcGY1cM4AAyit
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mNnhwLTU5anEtcjM1Y84AAyiT
Phachon mm-wiki Cross Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mN3JwLXh4NjctNHBqOc4AAyiW
Phachon mm-wiki vulnerable to stored cross-site scripting (XSS)
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1nbXBoLXdmN2otOWdjbc4AAyiB
Etcd-io Improper Authentication vulnerability
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14cTN4LWdycmotZmo2eM4AAyf6
sjqzhang go-fastdfs vulnerable to path traversal
Ecosystems: go
Packages: github.com/sjqzhang/go-fastdfs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01OGcyLXZncGctMzM1cc4AAyfN
request-baskets vulnerable to Server-Side Request Forgery
Ecosystems: go
Packages: github.com/darklynx/request-baskets
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zaHdtLTkyMnItNDdod84AAyfI
Stud42 vulnerable to denial of service
Ecosystems: go
Packages: atomys.codes/stud42
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05aGo3LXY1NmctcmhmNs4AAyey
Mattermost fails to properly authentication inviter's permissions to private channel
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02M2YyLTY5NTktMnB4as4AAye3
Mattermost vulnerable to cross-site scripting (XSS)
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zd3E1LTNmNTYtdjV4Y84AAyex
Mattermost vulnerable to information disclosure
Ecosystems: go
Packages: github.com/mattermost/mattermost-server, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04amhoLTNqZjItcGZ3cs4AAyez
Mattermost vulnerable to information disclosure
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nMmo2LTU3djctZ204Y84AAydu
runc AppArmor bypass with symlinked /proc
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tOGNnLXhjMnAtcjNmY84AAydr
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12cTRoLTlnaG0tcW1ycs4AAydP
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1od2MzLTNxaDYtcjRnZ84AAydO
HashiCorp Vault's PKI mount vulnerable to denial of service
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12M2hwLW1jajUtcGczOc4AAydQ
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xd3F2LXJxZ2YtOHFoOM4AAyWs
Podman Time-of-check Time-of-use (TOCTOU) Race Condition
Ecosystems: go
Packages: github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nOHhtLXAyaDQtdjZqcM4AAyRi
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs
Ecosystems: go
Packages: github.com/openshift/assisted-installer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xcnJnLWd3N3ctdnA3Ns4AAyQj
Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12ZmdxLWc1eDgtZzU5Nc4AAyQg
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Ecosystems: go
Packages: tailscale.com
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ycTVjLXF3OWMtZm12cc4AAyQf
Argo CD authenticated but unauthorized users may enumerate Application names via the API
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01NW05LWhtOTIteG04as4AAyPG
Gophish vulnerable to Cross-site Scripting via crafted landing page
Ecosystems: go
Packages: github.com/gophish/gophish
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS04Z2c4LXdyNGotdjJ3cs4AAyPI
Gophish vulnerable to Denial of Service via crafted payload involving autofocus
Ecosystems: go
Packages: github.com/gophish/gophish
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01bXFqLXhjNDktMjQ2cM4AAyO-
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS03bWp2LXgzamYtNTQ1eM4AAyNr
cloudflared's Installer has Local Privilege Escalation Vulnerability
Ecosystems: go
Packages: github.com/cloudflare/cloudflared
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ZjI3LTNwNmMtcDVqY84AAyNo
`cilium-cli` disables etcd authorization for clustermesh clusters
Ecosystems: go
Packages: github.com/cilium/cilium-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Statistics
Advisories: 18,471
Packages: 8,321
Repositories: 540
Ecosystems: 12
Filter by Severity
Moderate 7,980 High 6,390 Critical 2,818 Low 992
Filter by Ecosystem
maven 5,538 packagist 3,825 pypi 3,766 npm 3,557 go 1,905 nuget 1,391 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
github.com/usememos/memos 59 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 github.com/hashicorp/consul 26 github.com/hashicorp/nomad 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 github.com/docker/docker 19 code.gitea.io/gitea 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/containerd/containerd 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 github.com/mattermost/mattermost-server 13 github.com/go-gitea/gitea 12 github.com/opencontainers/runc 12 github.com/moby/moby 12 github.com/zitadel/zitadel 11 github.com/openfga/openfga 11 github.com/cloudflare/cfrpki 11 github.com/1Panel-dev/1Panel 11 github.com/greenpau/caddy-security 10 github.com/sylabs/singularity 9 github.com/cosmos/cosmos-sdk 9 golang.org/x/crypto 9 github.com/cri-o/cri-o 9 github.com/kubernetes/kubernetes 9 go.etcd.io/etcd 8 github.com/kubeedge/kubeedge 8 github.com/pterodactyl/wings 8 github.com/pomerium/pomerium 8 istio.io/istio 8 github.com/containers/podman/v4 8 github.com/traefik/traefik 7 github.com/hashicorp/go-getter 7 github.com/beego/beego 7 helm.sh/helm 7 github.com/nats-io/jwt 7 github.com/google/fscrypt 7 k8s.io/ingress-nginx 7 github.com/beego/beego/v2 6 github.com/russellhaering/goxmldsig 6 github.com/apache/trafficcontrol 6 github.com/sigstore/cosign 6 github.com/gravitl/netmaker 6 github.com/treeverse/lakefs 6 github.com/authzed/spicedb 6 github.com/pion/dtls 6 github.com/cubefs/cubefs 6 github.com/russellhaering/gosaml2 6 github.com/fluxcd/flux2 6 github.com/hyperledger/fabric 6 kubevirt.io/kubevirt 6 github.com/apache/incubator-answer 5 github.com/KubeOperator/kubepi 5 github.com/fluxcd/kustomize-controller 5 github.com/foxcpp/maddy 5 github.com/gophish/gophish 5 github.com/0xJacky/Nginx-UI 5 github.com/gofiber/fiber/v2 5 github.com/containers/buildah 5 github.com/mattermost/mattermost-server/v5 5 github.com/hashicorp/go-getter/v2 5 github.com/IBAX-io/go-ibax 5 github.com/traefik/traefik/v3 5 github.com/cometbft/cometbft 5 github.com/kiali/kiali 5 github.com/tendermint/tendermint 5 github.com/moby/buildkit 5 github.com/kyverno/kyverno 5 github.com/ipfs/go-ipfs 5 github.com/schollz/croc/v9 5 go.etcd.io/etcd/v3 5 github.com/pion/dtls/v2 5 github.com/open-policy-agent/opa 4 github.com/gin-gonic/gin 4 github.com/crewjam/saml 4 github.com/arduino/arduino-create-agent 4 github.com/alist-org/alist/v3 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/argoproj/argo-workflows/v3 4 github.com/stacklok/minder 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/aws/aws-sdk-go 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/dhowden/tag 4 github.com/casdoor/casdoor 4 golang.org/x/net/http2 4 github.com/git-lfs/git-lfs 4 github.com/concourse/concourse 4 github.com/tidwall/gjson 4 github.com/coredns/coredns 4 github.com/lestrrat-go/jwx 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/lestrrat-go/jwx/v2 4 github.com/containers/podman/v3 4 github.com/ory/fosite 4 github.com/free5gc/free5gc 4 github.com/dexidp/dex 4 github.com/edgelesssys/constellation/v2 3 github.com/miekg/dns 3 github.com/tiagorlampert/CHAOS 3 golang.org/x/image 3 gopkg.in/yaml.v2 3 github.com/hashicorp/boundary 3 github.com/caddyserver/caddy 3 k8s.io/client-go 3 vitess.io/vitess 3 github.com/mholt/archiver 3 github.com/owncast/owncast 3 github.com/jackc/pgx/v4 3 github.com/go-vela/server 3 github.com/cortexproject/cortex 3 github.com/cheqd/cheqd-node 3 github.com/libp2p/go-libp2p 3 go.etcd.io/etcd/client/v3 3 golang.org/x/text 3 github.com/phachon/mm-wiki 3 github.com/tharsis/evmos 3 github.com/nats-io/jwt/v2 3 github.com/navidrome/navidrome 3 github.com/sigstore/cosign/v2 3 github.com/crypto-org-chain/cronos 3 github.com/heketi/heketi 3 github.com/minio/minio 3 github.com/consensys/gnark 3 github.com/projectcalico/calico 3 github.com/notaryproject/notation 3 github.com/fluxcd/helm-controller 3 github.com/quic-go/quic-go 3 github.com/hashicorp/vault/vault 3 github.com/apache/servicecomb-service-center 3 github.com/docker/distribution 3 github.com/syncthing/syncthing 3 github.com/dutchcoders/transfer.sh 3 github.com/crossplane/crossplane 3 github.com/authelia/authelia/v4 3 github.com/openshift/origin 3 github.com/lightningnetwork/lnd 3 github.com/ory/oathkeeper 3 github.com/square/go-jose 3 github.com/weaveworks/weave-gitops 3 github.com/flyteorg/flyteadmin 3 github.com/artifacthub/hub 3 github.com/ElrondNetwork/elrond-go 3 github.com/notaryproject/notation-go 2 github.com/pingcap/tidb 2 github.com/gohugoio/hugo 2 github.com/hpcng/singularity 2 github.com/woodpecker-ci/woodpecker 2 github.com/containers/podman 2 github.com/google/exposure-notifications-verification-server 2 github.com/minio/console 2 github.com/sigstore/rekor 2 github.com/gphper/ginadmin 2 github.com/go-skynet/LocalAI 2 github.com/nats-io/nats-server 2 github.com/labstack/echo/v4 2 github.com/argoproj/argo-events 2 github.com/ipld/go-codec-dagpb 2 mellium.im/xmpp 2 github.com/Masterminds/goutils 2 github.com/stripe/smokescreen 2 github.com/clastix/capsule-proxy 2 github.com/etcd-io/etcd 2 github.com/spiffe/spire 2 tailscale.com 2 github.com/go-vela/worker 2 github.com/projectcapsule/capsule-proxy 2 github.com/zalando/skipper 2 github.com/jackc/pgx 2 github.com/jackc/pgproto3 2 github.com/theupdateframework/go-tuf 2 github.com/sajari/docconv 2 code.sajari.com/docconv 2 github.com/go-jose/go-jose/v3 2 github.com/jaegertracing/jaeger 2 github.com/dvsekhvalnov/jose2go 2 github.com/edgelesssys/marblerun 2 github.com/brokercap/Bifrost 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/prometheus/prometheus 2 github.com/flynn/noise 2 github.com/talos-systems/talos 2 github.com/multiversx/mx-chain-go 2 github.com/cosmos/ethermint 2 github.com/elastic/beats 2 github.com/apptainer/apptainer 2 github.com/ulikunitz/xz 2 github.com/IceWhaleTech/CasaOS 2
Filter by Repository
https://github.com/usememos/memos 59 https://github.com/kubernetes/kubernetes 48 https://github.com/argoproj/argo-cd 37 https://github.com/answerdev/answer 34 https://github.com/go-gitea/gitea 31 https://github.com/rancher/rancher 25 https://github.com/grafana/grafana 21 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/hashicorp/vault 16 https://github.com/etcd-io/etcd 16 https://github.com/ethereum/go-ethereum 16 https://github.com/goharbor/harbor 15 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/traefik/traefik 13 https://github.com/hashicorp/nomad 13 https://github.com/containerd/containerd 13 https://github.com/golang/go 13 https://github.com/opencontainers/runc 11 https://github.com/openfga/openfga 11 https://github.com/zitadel/zitadel 11 https://github.com/containers/podman 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 10 https://github.com/greenpau/caddy-security 10 https://github.com/cri-o/cri-o 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/istio/istio 8 https://github.com/kubeedge/kubeedge 8 https://github.com/pterodactyl/wings 8 https://github.com/pomerium/pomerium 8 https://github.com/docker/docker 8 https://github.com/kubernetes/ingress-nginx 7 https://github.com/beego/beego 7 https://github.com/hashicorp/go-getter 7 https://github.com/google/fscrypt 7 https://github.com/hpcng/singularity 7 https://github.com/schollz/croc 6 https://github.com/sigstore/cosign 6 https://github.com/pion/dtls 6 https://github.com/moby/buildkit 6 https://github.com/hyperledger/fabric 6 https://github.com/treeverse/lakeFS 6 https://github.com/gravitl/netmaker 6 https://github.com/authzed/spicedb 6 https://github.com/containers/buildah 6 https://github.com/fluxcd/flux2 6 https://github.com/cubefs/cubefs 6 https://github.com/0xJacky/nginx-ui 5 https://github.com/argoproj/argo-workflows 5 https://github.com/russellhaering/gosaml2 5 https://github.com/cometbft/cometbft 5 https://github.com/crewjam/saml 5 https://github.com/foxcpp/maddy 5 https://github.com/free5gc/free5gc 5 https://github.com/gofiber/fiber 5 https://github.com/gophish/gophish 5 https://github.com/kyverno/kyverno 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/ipfs/go-ipfs 5 https://github.com/tendermint/tendermint 5 https://github.com/containous/traefik 4 https://github.com/ory/fosite 4 https://github.com/grafana/bugbounty 4 https://github.com/concourse/concourse 4 https://github.com/open-policy-agent/opa 4 https://github.com/tidwall/gjson 4 https://github.com/stacklok/minder 4 https://github.com/casdoor/casdoor 4 https://github.com/IceWhaleTech/CasaOS-UserService 4 https://github.com/oauth2-proxy/oauth2-proxy 4 https://github.com/git-lfs/git-lfs 4 https://github.com/siderolabs/talos 4 https://github.com/gin-gonic/gin 4 https://github.com/aws/aws-sdk-go 4 https://github.com/dexidp/dex 4 https://github.com/dhowden/tag 4 https://github.com/kubevirt/kubevirt 4 https://github.com/nats-io/jwt 4 https://github.com/arduino/arduino-create-agent 4 https://github.com/lestrrat-go/jwx 4 https://github.com/edgelesssys/constellation 3 https://github.com/open-telemetry/opentelemetry-go-contrib 3 https://github.com/ElrondNetwork/elrond-go 3 https://github.com/ory/oathkeeper 3 https://github.com/evmos/evmos 3 https://github.com/flipped-aurora/gin-vue-admin 3 https://github.com/flyteorg/flyteadmin 3 https://github.com/u-root/u-root 3 https://github.com/phachon/mm-wiki 3 https://github.com/vitessio/vitess 3 https://github.com/gogits/gogs 3 https://github.com/go-vela/server 3 https://github.com/openshift/origin 3 https://github.com/go-yaml/yaml 3 https://github.com/tiagorlampert/CHAOS 3 https://github.com/heketi/heketi 3 https://github.com/ipfs/boxo 3 https://github.com/kiali/kiali 3 https://github.com/KubeOperator/KubePi 3 https://github.com/tailscale/tailscale 3 https://github.com/navidrome/navidrome 3 https://github.com/kubernetes-sigs/secrets-store-csi-driver 3 https://github.com/syncthing/syncthing 3 https://github.com/libp2p/go-libp2p 3 https://github.com/sylabs/singularity 3 https://github.com/moby/libnetwork 3 https://github.com/square/go-jose 3 https://github.com/alist-org/alist 3 https://github.com/apache/trafficcontrol 3 https://github.com/artifacthub/hub 3 https://github.com/authelia/authelia 3 https://github.com/caddyserver/caddy 3 https://github.com/cheqd/cheqd-node 3 https://github.com/Consensys/gnark 3 https://github.com/coredns/coredns 3 https://github.com/cortexproject/cortex 3 https://github.com/weaveworks/weave-gitops 3 https://github.com/crossplane/crossplane 3 https://github.com/quic-go/quic-go 3 https://github.com/minio/minio 3 https://github.com/dutchcoders/transfer.sh 3 https://github.com/zalando/skipper 2 https://github.com/argoproj/argo-events 2 https://github.com/ecnepsnai/web 2 https://github.com/atredispartners/advisories 2 https://github.com/envoyproxy/envoy 2 https://github.com/bitly/oauth2_proxy 2 https://github.com/temporalio/temporal 2 https://github.com/kitabisa/teler-waf 2 https://github.com/kitabisa/teler 2 https://github.com/bottlerocket-os/bottlerocket 2 https://github.com/jackc/pgproto3 2 https://github.com/ipld/go-codec-dagpb 2 https://github.com/brokercap/Bifrost 2 https://github.com/buger/jsonparser 2 https://github.com/bytebase/bytebase 2 https://github.com/influxdata/influxdb 2 https://github.com/apptainer/apptainer 2 https://github.com/labring/sealos 2 https://github.com/labstack/echo 2 https://github.com/elastic/beats 2 https://github.com/edgelesssys/marblerun 2 https://github.com/lightningnetwork/lnd 2 https://github.com/Masterminds/goutils 2 https://github.com/1Panel-dev/KubePi 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/mellium/xmpp 2 https://github.com/mholt/archiver 2 https://github.com/microcosm-cc/bluemonday 2 https://github.com/miekg/dns 2 https://github.com/zinclabs/zinc 2 https://github.com/distribution/distribution 2 https://github.com/drakkan/sftpgo 2 https://github.com/crypto-org-chain/cronos 2 https://github.com/go-git/go-git 2 https://github.com/flynn/noise 2 https://github.com/fluid-cloudnative/fluid 2 https://github.com/cosmos/ethermint 2 https://github.com/gohugoio/hugo 2 https://github.com/go-jose/go-jose 2 https://github.com/golang/crypto 2 https://github.com/unknwon/cae 2 https://github.com/google/exposure-notifications-verification-server 2 https://github.com/ulikunitz/xz 2 https://github.com/coreos/etcd 2 https://github.com/fleetdm/fleet 2 https://github.com/gotify/server 2 https://github.com/woodpecker-ci/woodpecker 2 https://github.com/containers/libpod 2 https://github.com/Consensys/gnark-crypto 2 https://github.com/gphper/ginadmin 2 https://github.com/fkie-cad/yapscan 2 https://github.com/codenotary/immudb 2 https://github.com/cloudflare/cloudflared 2 https://github.com/cloudflare/circl 2 https://github.com/hashicorp/terraform 2 https://github.com/facebook/fbthrift 2 https://github.com/heroiclabs/nakama 2 https://github.com/theupdateframework/go-tuf 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/dvsekhvalnov/jose2go 2 https://github.com/imgproxy/imgproxy 2 https://github.com/minio/console 2 https://github.com/stripe/smokescreen 2 https://github.com/peterzen/goresolver 2 https://github.com/pingcap/tidb 2 https://github.com/multiversx/mx-chain-go 2 https://github.com/Netflix/security-bulletins 2 https://github.com/mutagen-io/mutagen 2 https://github.com/ntbosscher/gobase 2 https://github.com/netlify/gotrue 2 https://github.com/projectdiscovery/nuclei 2 https://github.com/sigstore/rekor 2 https://github.com/rancher/wrangler 2