Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go Security Advisories

Loading...
High
GSA_kwCzR0hTQS01ZzM5LXBwd2ctNnh4OM4AAyJ9
Go-huge-util vulnerable to path traversal when unzipping files
Ecosystems: go
Packages: github.com/dablelv/go-huge-util
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zNmYyLWZjcngtZnA0as4AAyJ4
Authelia allows open redirects on the logout endpoint
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jcDk2LWpwbXEteHJyMs4AAyJ3
On a compromised node, the virt-handler service account can be used to modify all node specs
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1odzdjLTNyZmctcDQ2as4AAyHf
Panic leading to denial of service
Ecosystems: go
Packages: google.golang.org/protobuf
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS00Zzc2LXczeHctMng2d84AAyGN
Full authentication bypass if SASL authorization username is specified
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ycW04LXE4ajktNjYyZs4AAyGH
Nomad Job Submitter Privilege Escalation Using Workload Identity
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12ZnZqLTNtM2ctbTUzMs4AAyE3
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
Ecosystems: go
Packages: github.com/crossplane/crossplane-runtime
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12ODI5LXg2aGgtY3Fmcc4AAyDd
Crossplane-runtime contains Improper Input Validation via Compositions
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS02dzVmLTV3Z3ItcWpnNc4AAyA1
Constellation allows Emergency shell access during initramfs boot phase
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13ajZ4LWhjYzItZjMyas4AAyAz
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1meDJ2LXFmaHItNGNods4AAx-e
Goutil vulnerable to path traversal when unzipping files
Ecosystems: go
Packages: github.com/gookit/goutil
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nYzg5LTdnY3ItanhxY84AAx-b
Buildkit credentials inlined to Git URLs could end up in provenance attestation
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01NXZtLTN2cTMtNGpwY84AAx9x
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12eGhyLXAydnAtN2dmOM4AAx9y
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04amg4LTMzZjUtY2dmcM4AAx9v
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xcndtLXhxZnItNHZods4AAx9u
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mZjI3LWhybXItZ2dwas4AAx9w
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01dzc4LXY2ODgtY3g5cc4AAx9z
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05djR2LTlmajUtcDk4Ms4AAx90
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02YzMyLTN4NDYtbTlyaM4AAx9s
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oODV2LWN4NW0tNzh3as4AAx9t
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13eHdxLTUyNXctaGNxeM4AAx7Y
Yapscan Denial of Service vulnerability in report server
Ecosystems: go
Packages: github.com/fkie-cad/yapscan
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12cHZtLTN3cTItMnd2bc4AAx7I
Opencontainers runc Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jaDd2LTM3eGctNzVwaM4AAx7D
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oODI4LXY1cHYtMzNxeM4AAx6_
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02Z2MzLWNycDctMjV3Nc4AAx6h
gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb
Ecosystems: go
Packages: github.com/russellhaering/gosaml2
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mNmhjLTlnNDkteG14N84AAx54
nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars
Ecosystems: go
Packages: filippo.io/nistec
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yMzk0LTU1MzUtOGo4OM4AAx5o
Kubernetes vulnerable to path traversal
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qaDM2LXE5N2MtOTkyOM4AAx5b
Kubernetes vulnerable to validation bypass
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03cnFnLWhqd2MtNm1qZs4AAx5U
Grafana vulnerable to Stored Cross-site Scripting in Text plugin
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wMnBmLWc4Y3EtM2dxNc4AAx5T
teler-waf contains detection rule bypass via Entities payload
Ecosystems: go
Packages: github.com/kitabisa/teler-waf
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05Zjk1LWhoZzQtcGc0Zs4AAx5S
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Ecosystems: go
Packages: github.com/kitabisa/teler-waf
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14NXJ2LXc5cG0tOHFwOM4AAx5R
Juju controller - Arbitrary file reading vulnerability
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14dzVwLWh3OGoteGc0cc4AAx5O
Grafana vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oanY5LWhtMmYtcnBjas4AAx5P
Grafana vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wZnZoLXA4cXAtOXd3Oc4AAx3Y
Gogs OS Command Injection vulnerability
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS04N3g5LTdncngtbTI4ds4AAxw4
notation-go has excessive memory allocation on verification
Ecosystems: go
Packages: github.com/notaryproject/notation-go
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS13cjhoLXc5NjktMzZtOM4AAxwt
GoPistolet vulnerable to Improper Resource Shutdown or Release
Ecosystems: go
Packages: github.com/gopistolet/gopistolet
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02Y3ZmLW01OHEtaDl3Zs4AAxwk
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yMmg1LTNoZ3ctOGozNM4AAxt2
User data in TPM attestation vulnerable to MITM
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01dng5LWo1Y3ctNDd2cc4AAxtv
Privilege escalation in MOSN
Ecosystems: go
Packages: mosn.io/mosn
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS12dnB4LWo4ZjMtM3c2aM4AAxtM
Uncontrolled Resource Consumption
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xZ2M3LW1nbTMtcTI1M84AAxtL
Uncontrolled Resource Consumption in golang.org/x/image
Ecosystems: go
Packages: golang.org/x/image
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13NDc5LXcyMmctY2ZmaM4AAxs5
Uncontrolled Resource Consumption in Hashicorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qcHhqLTJqdmctNmp2Oc4AAxsJ
Data Amplification in HashiCorp go-getter
Ecosystems: go
Packages: github.com/hashicorp/go-getter/v2, github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0zamZxLTc0MncteGc4as4AAxrA
Users with any cluster secret update access may update out-of-bounds cluster secrets
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yNTl3LThoZjYtNTljMs4AAxql
OCI image importer memory exhaustion in github.com/containerd/containerd
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1obWZ4LTNwY3gtNjUzcM4AAxqj
Supplementary groups are not set up properly in github.com/containerd/containerd
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS01NHE0LTc0cDMtbWdjd84AAxqd
rttys SQL Injection vulnerability
Ecosystems: go
Packages: github.com/zhaojh329/rttys
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05dzh4LTVodjUtcjZnd84AAxpQ
Cross Site Scripting in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02NnA4LWo0NTktcnE2M84AAxiH
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xMjY0LXc5N3EtcTc3OM4AAxiG
Denial of service via HAMT Decoding Panics
Ecosystems: go
Packages: github.com/ipfs/go-unixfs
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS00Z2ozLTZyNDMtM3dmY84AAxh5
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics
Ecosystems: go
Packages: github.com/ipfs/go-unixfsnode
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yaDZjLWozZ2YteHA5cs4AAxh4
IPFS go-bitfield vulnerable to DoS via malformed size arguments
Ecosystems: go
Packages: github.com/ipfs/go-bitfield
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tdjZ3LWo0eGMtcXBmd84AAxfx
Argo CD leaks repository credentials in user-facing error messages and in logs
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wd2N3LTZmNWctZ3hmOM4AAxfw
Helm vulnerable to information disclosure via getHostByName Function
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS01cjVtLTY1Z3gtN3ZyaM4AAxfv
otelhttp and otelbeego have DoS vulnerability for high cardinality metrics
Ecosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qcDd2LTM1ODctMjk1Ns4AAxfm
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Ecosystems: go
Packages: github.com/anchore/syft
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wOHIzLTgzcjgtandqNc4AAxfU
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yODg3LWdmeGgtbTlycs4AAxfQ
mrpack-install vulnerable to path traversal with dependency
Ecosystems: go
Packages: github.com/nothub/mrpack-install
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wN3dqLWM4NWYteHE5aM4AAxfD
Answer has Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oam1yLXhtMjUtMzZtaM4AAxfG
Answer subject to Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1ybXc4LTc4MjMtd3A3Zs4AAxfE
Answer contains Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02NXB4LTRjcGYtNjk3cs4AAxfH
Cross-site scripting vulnerability found in answerdev/answer
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS00Y3doLTh3NGctanh4aM4AAxfF
Answer contains Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xeDM0LTQ3ZmMtdnY3Oc4AAxfC
Answer vulnerable to Race Condition
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS03NGZwLXI2anctaDRtcM4AAxe2
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
Ecosystems: go
Packages: k8s.io/apimachinery
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wNGc0LXdncmgtcXJnMs4AAxeb
Panic due to malformed WALs in go.etcd.io/etcd
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0zM202LXE5djUtNjJyN84AA6Xq
Predictable SIF UUID Identifiers
Ecosystems: go
Packages: github.com/apptainer/sif, github.com/satori/go.uuid
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05eG04LThxdmMtdnczcM4AAxeZ
Denial of Service in dhowden/tag
Ecosystems: go
Packages: github.com/dhowden/tag
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS14aGpxLXc3eG0tcDhxas4AAxeY
golang.org/x/crypto/ssh Man-in-the-Middle attack
Ecosystems: go
Packages: golang.org/x/crypto
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00eGd2LWo2MnEtaDNyas4AAxeD
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Ecosystems: go
Packages: github.com/pion/dtls, github.com/pion/dtls/v2
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oeHAyLXhxZjMtdjgzaM4AAxd5
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2
Ecosystems: go
Packages: github.com/pion/dtls, github.com/pion/dtls/v2
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xcG0zLXZyMzQtaDh3OM4AAxda
Open Redirect in Caddy
Ecosystems: go
Packages: github.com/caddyserver/caddy/v2
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13NTVqLWY3dngtNnEzN84AAxdS
Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip)
Ecosystems: go
Packages: github.com/openshift/source-to-image
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wNjRqLXI1ZjQtcHd3eM4AAxdR
Improper Validation of Array Index in GJSON
Ecosystems: go
Packages: github.com/tidwall/gjson
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04Y2ZnLXZ4OTMtanZ4d84AAxdQ
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
Ecosystems: go
Packages: k8s.io/client-go
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04bWpnLThjOGctNmg4Nc4AAxdP
Kubernetes Sensitive Information leak via Log File
Ecosystems: go
Packages: k8s.io/kubernetes, github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yZzVqLTV4OTUtcjZocs4AAxdO
Unsafe tar unpacking in HashiCorp go-slug
Ecosystems: go
Packages: github.com/hashicorp/go-slug
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS02cDVxLWg5NjMtcHd3Zs4AAxa7
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
Ecosystems: pypi, go
Packages: apache-age-python, github.com/apache/age/drivers/golang
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS14NjIzLWhyOGgtN2c1ds4AAxaj
Path Traversal in gin-vue-admin
Ecosystems: go
Packages: github.com/flipped-aurora/gin-vue-admin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12OW1wLWo4ZzctMnE2bc4AAxPu
Paranoidhttp Server-Side Request Forgery vulnerability
Ecosystems: go
Packages: github.com/hakobe/paranoidhttp
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14NDc3LWZxMzctcTV3cs4AAxOX
Initial debug-host handler implementation could leak information and facilitate denial of service
Ecosystems: go
Packages: fortio.org/proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01NDY1LXhjMmotNnA4NM4AAxKZ
github.com/openshift/apiserver-library-go Improper Input Validation vulnerability
Ecosystems: go
Packages: github.com/openshift/apiserver-library-go
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xOWhyLWo0cmYtOGZqY84AAxJD
JWT audience claim is not verified
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xcmc3LWhmeDctOTVjNc4AAxJC
Command injection in Git package in Wrangler
Ecosystems: go
Packages: github.com/rancher/wrangler
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04ZmNqLWdmNzctNDdtZ84AAxJB
Denial of service (DoS) when processing Git credentials
Ecosystems: go
Packages: github.com/rancher/wrangler
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS02cDRtLWh3MmgtNmdtd84AAxJA
Controller reconciles apps outside configured namespaces when sharding is enabled
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jNDVjLTM5ZjYtNmd3Oc4AAxI_
Rancher generated tokens not revoked after modifications made to authentication provider
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jcTRwLXZwNXEtNDUyMs4AAxI-
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zNHA1LWpwNzctZmNyY84AAxI9
Command injection in Rancher Git package
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nMjVyLWd2cTMtd3JxN84AAxI8
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS03bTcyLW1oNXItNmozcs4AAxI7
Privilege escalation in project role template binding (PRTB) and -promoted roles
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS04YzY5LXIzOGotcnBmas4AAxI6
Rancher cattle-token is predictable
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yeDQ4LXA2Y3EtNXhjd84AAxHY
Path Traversal in github.com/go-sonic/sonic
Ecosystems: go
Packages: github.com/go-sonic/sonic
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03cDhtLTIyaDQtOXBqN84AAxG4
scs-library-client may leak user credentials to third-party service via HTTP redirect
Ecosystems: go
Packages: github.com/sylabs/scs-library-client
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oajRnLTR3MzYteDhocM4AAxF7
Kraken has arbitrary file read vulnerability via component testfs
Ecosystems: go
Packages: github.com/uber/kraken
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wYzk5LXFtZzQtcmNmZs4AAxFv
act vulnerable to arbitrary file upload in artifact server
Ecosystems: go
Packages: github.com/nektos/act
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03amY1LWZ2Z2YtNDhjNs4AAxEf
Velociraptor subject to Path Traversal
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nNXZtLTUyNXEtcjY2Y84AAxET
Velociraptor vulnerable to Missing Authorization
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
Statistics
Advisories: 18,330
Packages: 8,279
Repositories: 534
Ecosystems: 12
Filter by Severity
Moderate 7,912 High 6,344 Critical 2,805 Low 981
Filter by Ecosystem
maven 5,520 packagist 3,801 pypi 3,704 npm 3,535 go 1,889 nuget 1,390 rubygems 814 cargo 776 swift 31 hex 30 actions 16 pub 8
Filter by Package
github.com/usememos/memos 59 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 github.com/answerdev/answer 34 k8s.io/kubernetes 32 github.com/argoproj/argo-cd 29 github.com/hashicorp/vault 28 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 19 github.com/docker/docker 19 code.gitea.io/gitea 19 helm.sh/helm/v3 18 golang.org/x/net 17 github.com/goharbor/harbor 15 github.com/nats-io/nats-server/v2 13 github.com/mattermost/mattermost-server 13 github.com/traefik/traefik/v2 13 github.com/containerd/containerd 13 github.com/moby/moby 12 github.com/go-gitea/gitea 12 github.com/opencontainers/runc 12 github.com/zitadel/zitadel 11 github.com/openfga/openfga 11 github.com/cloudflare/cfrpki 11 github.com/1Panel-dev/1Panel 10 github.com/greenpau/caddy-security 10 github.com/cosmos/cosmos-sdk 10 golang.org/x/crypto 9 github.com/kubernetes/kubernetes 9 github.com/cri-o/cri-o 9 github.com/sylabs/singularity 9 istio.io/istio 8 github.com/containers/podman/v4 8 github.com/pomerium/pomerium 8 github.com/kubeedge/kubeedge 8 go.etcd.io/etcd 8 github.com/nats-io/jwt 7 github.com/traefik/traefik 7 github.com/beego/beego 7 k8s.io/ingress-nginx 7 helm.sh/helm 7 github.com/google/fscrypt 7 github.com/hashicorp/go-getter 7 github.com/authzed/spicedb 6 github.com/russellhaering/gosaml2 6 github.com/hyperledger/fabric 6 github.com/cubefs/cubefs 6 github.com/apache/trafficcontrol 6 github.com/gravitl/netmaker 6 github.com/pion/dtls 6 github.com/treeverse/lakefs 6 github.com/beego/beego/v2 6 github.com/russellhaering/goxmldsig 6 github.com/pterodactyl/wings 6 github.com/sigstore/cosign 6 github.com/fluxcd/flux2 6 kubevirt.io/kubevirt 5 github.com/hashicorp/go-getter/v2 5 github.com/tidwall/gjson 5 github.com/containers/buildah 5 github.com/schollz/croc/v9 5 github.com/KubeOperator/kubepi 5 github.com/apache/incubator-answer 5 github.com/mattermost/mattermost-server/v5 5 github.com/fluxcd/kustomize-controller 5 github.com/gofiber/fiber/v2 5 github.com/moby/buildkit 5 github.com/IBAX-io/go-ibax 5 github.com/kyverno/kyverno 5 github.com/pion/dtls/v2 5 go.etcd.io/etcd/v3 5 github.com/cometbft/cometbft 5 github.com/kiali/kiali 5 github.com/0xJacky/Nginx-UI 5 github.com/ipfs/go-ipfs 5 github.com/tendermint/tendermint 5 github.com/foxcpp/maddy 5 github.com/traefik/traefik/v3 5 github.com/gophish/gophish 5 github.com/open-policy-agent/opa 4 github.com/free5gc/free5gc 4 golang.org/x/net/http2 4 github.com/dhowden/tag 4 github.com/aws/aws-sdk-go 4 github.com/crewjam/saml 4 github.com/arduino/arduino-create-agent 4 github.com/concourse/concourse 4 github.com/casdoor/casdoor 4 github.com/containers/podman/v3 4 github.com/argoproj/argo-workflows/v3 4 github.com/dexidp/dex 4 github.com/alist-org/alist/v3 4 github.com/oauth2-proxy/oauth2-proxy 4 github.com/ory/fosite 4 github.com/caddyserver/caddy 4 github.com/lestrrat-go/jwx 4 github.com/lestrrat-go/jwx/v2 4 github.com/hashicorp/go-getter/gcs/v2 4 github.com/IceWhaleTech/CasaOS-UserService 4 github.com/gin-gonic/gin 4 github.com/git-lfs/git-lfs 4 github.com/hashicorp/go-getter/s3/v2 4 github.com/phachon/mm-wiki 3 github.com/hashicorp/vault/vault 3 github.com/flyteorg/flyteadmin 3 github.com/cheqd/cheqd-node 3 github.com/nats-io/jwt/v2 3 github.com/go-vela/server 3 github.com/apache/servicecomb-service-center 3 github.com/docker/distribution 3 github.com/navidrome/navidrome 3 github.com/coredns/coredns 3 github.com/syncthing/syncthing 3 github.com/ElrondNetwork/elrond-go 3 github.com/jackc/pgx/v4 3 gopkg.in/yaml.v2 3 github.com/cortexproject/cortex 3 github.com/minio/minio 3 github.com/consensys/gnark 3 go.etcd.io/etcd/client/v3 3 github.com/projectcalico/calico 3 github.com/lightningnetwork/lnd 3 github.com/ory/oathkeeper 3 github.com/notaryproject/notation 3 github.com/fluxcd/helm-controller 3 golang.org/x/text 3 github.com/sigstore/cosign/v2 3 github.com/quic-go/quic-go 3 github.com/stacklok/minder 3 github.com/heketi/heketi 3 github.com/owncast/owncast 3 github.com/openshift/origin 3 k8s.io/client-go 3 github.com/miekg/dns 3 github.com/libp2p/go-libp2p 3 github.com/tharsis/evmos 3 github.com/authelia/authelia/v4 3 github.com/crossplane/crossplane 3 golang.org/x/image 3 github.com/crypto-org-chain/cronos 3 github.com/hashicorp/boundary 3 github.com/mholt/archiver 3 github.com/dutchcoders/transfer.sh 3 github.com/weaveworks/weave-gitops 3 github.com/edgelesssys/constellation/v2 3 github.com/square/go-jose 3 github.com/artifacthub/hub 3 github.com/cloudflare/circl 2 gopkg.in/src-d/go-git.v4 2 github.com/woodpecker-ci/woodpecker 2 github.com/minio/console 2 github.com/go-yaml/yaml 2 github.com/ansible-semaphore/semaphore 2 github.com/pires/go-proxyproto 2 github.com/rancher/wrangler 2 github.com/flynn/noise 2 github.com/gphper/ginadmin 2 mellium.im/xmpp 2 github.com/clastix/capsule-proxy 2 github.com/etcd-io/etcd 2 github.com/mutagen-io/mutagen 2 github.com/unknwon/cae 2 github.com/openshift/apiserver-library-go 2 vitess.io/vitess 2 github.com/bytebase/bytebase 2 github.com/hashicorp/terraform 2 github.com/edgexfoundry/app-functions-sdk-go/v2 2 github.com/influxdata/influxdb 2 github.com/protocolbuffers/protobuf 2 github.com/gotify/server 2 github.com/brokercap/Bifrost 2 github.com/imgproxy/imgproxy/v3 2 github.com/prometheus/prometheus 2 github.com/dvsekhvalnov/jose2go 2 github.com/containers/podman/v2 2 github.com/pingcap/tidb 2 github.com/microcosm-cc/bluemonday 2 github.com/sap/cloud-security-client-go 2 github.com/facebook/fbthrift 2 github.com/talos-systems/talos 2 protobuf 2 github.com/flipped-aurora/gin-vue-admin/server 2 github.com/containers/podman 2 github.com/swaggo/http-swagger 2 github.com/gohugoio/hugo 2 github.com/apache/thrift 2 github.com/labstack/echo/v4 2 github.com/ipld/go-codec-dagpb 2 github.com/codenotary/immudb 2 github.com/kata-containers/runtime 2 github.com/ecnepsnai/web 2 github.com/kitabisa/teler-waf 2 github.com/IceWhaleTech/CasaOS 2 github.com/projectcapsule/capsule-proxy 2
Filter by Repository
https://github.com/usememos/memos 59 https://github.com/kubernetes/kubernetes 48 https://github.com/argoproj/argo-cd 37 https://github.com/answerdev/answer 34 https://github.com/go-gitea/gitea 31 https://github.com/rancher/rancher 25 https://github.com/grafana/grafana 21 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/hashicorp/vault 16 https://github.com/etcd-io/etcd 16 https://github.com/goharbor/harbor 15 https://github.com/ethereum/go-ethereum 15 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/traefik/traefik 13 https://github.com/hashicorp/nomad 13 https://github.com/containerd/containerd 13 https://github.com/golang/go 13 https://github.com/opencontainers/runc 11 https://github.com/openfga/openfga 11 https://github.com/zitadel/zitadel 11 https://github.com/containers/podman 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/greenpau/caddy-security 10 https://github.com/cri-o/cri-o 9 https://github.com/istio/istio 8 https://github.com/kubeedge/kubeedge 8 https://github.com/pomerium/pomerium 8 https://github.com/docker/docker 8 https://github.com/kubernetes/ingress-nginx 7 https://github.com/beego/beego 7 https://github.com/hashicorp/go-getter 7 https://github.com/google/fscrypt 7 https://github.com/hpcng/singularity 7 https://github.com/pterodactyl/wings 6 https://github.com/schollz/croc 6 https://github.com/sigstore/cosign 6 https://github.com/pion/dtls 6 https://github.com/moby/buildkit 6 https://github.com/hyperledger/fabric 6 https://github.com/treeverse/lakeFS 6 https://github.com/gravitl/netmaker 6 https://github.com/authzed/spicedb 6 https://github.com/containers/buildah 6 https://github.com/fluxcd/flux2 6 https://github.com/cubefs/cubefs 6 https://github.com/0xJacky/nginx-ui 5 https://github.com/argoproj/argo-workflows 5 https://github.com/russellhaering/gosaml2 5 https://github.com/cometbft/cometbft 5 https://github.com/crewjam/saml 5 https://github.com/foxcpp/maddy 5 https://github.com/free5gc/free5gc 5 https://github.com/gofiber/fiber 5 https://github.com/gophish/gophish 5 https://github.com/kyverno/kyverno 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/ipfs/go-ipfs 5 https://github.com/tidwall/gjson 5 https://github.com/tendermint/tendermint 5 https://github.com/casdoor/casdoor 4 https://github.com/IceWhaleTech/CasaOS-UserService 4 https://github.com/caddyserver/caddy 4 https://github.com/oauth2-proxy/oauth2-proxy 4 https://github.com/grafana/bugbounty 4 https://github.com/open-policy-agent/opa 4 https://github.com/git-lfs/git-lfs 4 https://github.com/siderolabs/talos 4 https://github.com/aws/aws-sdk-go 4 https://github.com/gin-gonic/gin 4 https://github.com/concourse/concourse 4 https://github.com/dexidp/dex 4 https://github.com/nats-io/jwt 4 https://github.com/kubevirt/kubevirt 4 https://github.com/arduino/arduino-create-agent 4 https://github.com/dhowden/tag 4 https://github.com/lestrrat-go/jwx 4 https://github.com/ory/fosite 4 https://github.com/containous/traefik 4 https://github.com/ory/oathkeeper 3 https://github.com/open-telemetry/opentelemetry-go-contrib 3 https://github.com/u-root/u-root 3 https://github.com/gogits/gogs 3 https://github.com/phachon/mm-wiki 3 https://github.com/flyteorg/flyteadmin 3 https://github.com/flipped-aurora/gin-vue-admin 3 https://github.com/evmos/evmos 3 https://github.com/ElrondNetwork/elrond-go 3 https://github.com/edgelesssys/constellation 3 https://github.com/openshift/origin 3 https://github.com/go-vela/server 3 https://github.com/go-yaml/yaml 3 https://github.com/heketi/heketi 3 https://github.com/ipfs/boxo 3 https://github.com/kiali/kiali 3 https://github.com/KubeOperator/KubePi 3 https://github.com/navidrome/navidrome 3 https://github.com/tailscale/tailscale 3 https://github.com/kubernetes-sigs/secrets-store-csi-driver 3 https://github.com/syncthing/syncthing 3 https://github.com/libp2p/go-libp2p 3 https://github.com/sylabs/singularity 3 https://github.com/moby/libnetwork 3 https://github.com/minio/minio 3 https://github.com/stacklok/minder 3 https://github.com/cheqd/cheqd-node 3 https://github.com/Consensys/gnark 3 https://github.com/authelia/authelia 3 https://github.com/artifacthub/hub 3 https://github.com/cortexproject/cortex 3 https://github.com/weaveworks/weave-gitops 3 https://github.com/crossplane/crossplane 3 https://github.com/quic-go/quic-go 3 https://github.com/apache/trafficcontrol 3 https://github.com/alist-org/alist 3 https://github.com/square/go-jose 3 https://github.com/dutchcoders/transfer.sh 3 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/minio/console 2 https://github.com/imgproxy/imgproxy 2 https://github.com/bytebase/bytebase 2 https://github.com/influxdata/influxdb 2 https://github.com/buger/jsonparser 2 https://github.com/brokercap/Bifrost 2 https://github.com/miekg/dns 2 https://github.com/ipld/go-codec-dagpb 2 https://github.com/jackc/pgproto3 2 https://github.com/bottlerocket-os/bottlerocket 2 https://github.com/kitabisa/teler 2 https://github.com/kitabisa/teler-waf 2 https://github.com/temporalio/temporal 2 https://github.com/bitly/oauth2_proxy 2 https://github.com/zinclabs/zinc 2 https://github.com/atredispartners/advisories 2 https://github.com/argoproj/argo-events 2 https://github.com/zalando/skipper 2 https://github.com/microcosm-cc/bluemonday 2 https://github.com/apptainer/apptainer 2 https://github.com/mholt/archiver 2 https://github.com/labring/sealos 2 https://github.com/mellium/xmpp 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/labstack/echo 2 https://github.com/1Panel-dev/KubePi 2 https://github.com/Masterminds/goutils 2 https://github.com/lightningnetwork/lnd 2 https://github.com/go-jose/go-jose 2 https://github.com/gohugoio/hugo 2 https://github.com/cosmos/ethermint 2 https://github.com/go-git/go-git 2 https://github.com/vitessio/vitess 2 https://github.com/crypto-org-chain/cronos 2 https://github.com/flynn/noise 2 https://github.com/fluid-cloudnative/fluid 2 https://github.com/distribution/distribution 2 https://github.com/fleetdm/fleet 2 https://github.com/fkie-cad/yapscan 2 https://github.com/facebook/fbthrift 2 https://github.com/drakkan/sftpgo 2 https://github.com/envoyproxy/envoy 2 https://github.com/elastic/beats 2 https://github.com/edgelesssys/marblerun 2 https://github.com/dvsekhvalnov/jose2go 2 https://github.com/theupdateframework/go-tuf 2 https://github.com/heroiclabs/nakama 2 https://github.com/hashicorp/terraform 2 https://github.com/cloudflare/circl 2 https://github.com/cloudflare/cloudflared 2 https://github.com/codenotary/immudb 2 https://github.com/gphper/ginadmin 2 https://github.com/Consensys/gnark-crypto 2 https://github.com/containers/libpod 2 https://github.com/gotify/server 2 https://github.com/ulikunitz/xz 2 https://github.com/woodpecker-ci/woodpecker 2 https://github.com/coredns/coredns 2 https://github.com/google/exposure-notifications-verification-server 2 https://github.com/coreos/etcd 2 https://github.com/unknwon/cae 2 https://github.com/golang/crypto 2 https://github.com/ecnepsnai/web 2 https://github.com/peterzen/goresolver 2 https://github.com/pingcap/tidb 2 https://github.com/multiversx/mx-chain-go 2 https://github.com/mutagen-io/mutagen 2 https://github.com/stripe/smokescreen 2 https://github.com/ntbosscher/gobase 2 https://github.com/projectdiscovery/nuclei 2 https://github.com/Netflix/security-bulletins 2 https://github.com/notaryproject/notation 2 https://github.com/russellhaering/goxmldsig 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/sigstore/rekor 2