Browse Security Advisories
Security Advisories for https://github.com/rancher/rancher in go Clear Filters
High
3 months ago
Rancher users who can create Projects can gain access to arbitrary projects
go
github.com/rancher/rancher
Critical
4 months ago
Rancher: Restricted Administrator can change Administrator's passwords
go
github.com/rancher/rancher
High
5 months ago
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
go
github.com/rancher/rancher
High
5 months ago
Rancher allows an unauthenticated stack overflow in /v3-public/authproviders API
go
github.com/rancher/rancher
Moderate
5 months ago
Rancher's SAML-based login via CLI can be denied by unauthenticated users
go
github.com/rancher/rancher
High
7 months ago
Rancher UI has Stored Cross-site Scripting vulnerability
go
github.com/rancher/rancher
Moderate
8 months ago
Rancher Helm Applications may have sensitive values leaked
go
github.com/rancher/rancher
Critical
9 months ago
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
go
github.com/rancher/rke2
Critical
9 months ago
Rancher Remote Code Execution via Cluster/Node Drivers
go
github.com/rancher/rancher
High
9 months ago
Exposure of vSphere's CPI and CSI credentials in Rancher
go
github.com/rancher/rancher
Critical
9 months ago
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
go
github.com/rancher/rancher
High
10 months ago
Rancher agents can be hijacked by taking over the Rancher Server URL
go
github.com/rancher/rancher
High
about 1 year ago
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
go
github.com/rancher/rancher
High
about 1 year ago
Rancher's External RoleTemplates can lead to privilege escalation
go
github.com/rancher/rancher
High
about 1 year ago
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
go
github.com/rancher/rancher
High
over 1 year ago
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
go
github.com/rancher/rancher
High
over 1 year ago
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
go
github.com/rancher/rancher
High
over 1 year ago
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
go
github.com/rancher/rancher
Critical
about 2 years ago
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
go
github.com/rancher/rancher
Moderate
about 2 years ago
Rancher UI has multiple Cross-Site Scripting (XSS) issues
go
github.com/rancher/rancher
High
about 2 years ago
Rancher users retain access after moving namespaces into projects they don't have access to
go
github.com/rancher/rancher
Critical
over 2 years ago
Rancher Webhook is misconfigured during upgrade process
go
github.com/rancher/rancher
High
over 2 years ago
Rancher generated tokens not revoked after modifications made to authentication provider
go
github.com/rancher/rancher
High
over 2 years ago
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
go
github.com/rancher/rancher
High
over 2 years ago
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
go
github.com/rancher/rancher
High
over 2 years ago
Privilege escalation in project role template binding (PRTB) and -promoted roles
go
github.com/rancher/rancher
Critical
almost 3 years ago
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
go
github.com/rancher/rancher
High
about 3 years ago
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
go
github.com/rancher/rancher
Moderate
about 3 years ago
Privilege escalation for users with create/update permissions in Global Roles in Rancher
go
github.com/rancher/rancher
High
about 3 years ago
Exposure of repository credentials to external third-party sources in Rancher
go
github.com/rancher/rancher
High
about 3 years ago
Write access to the catalog for any user when restricted-admin role is enabled in Rancher
go
github.com/rancher/rancher
High
about 4 years ago
Rancher Vulnerable to Cross-site Request Forgery (CSRF)
go
github.com/rancher/rancher
Filter by Severity
Filter by Ecosystem
maven
6,663
packagist
5,357
pypi
4,834
npm
4,194
go
2,803
nuget
1,702
cargo
1,067
rubygems
919
hex
37
swift
35
actions
32
pub
10
Filter by Package
github.com/mattermost/mattermost/server/v8
115
github.com/usememos/memos
66
github.com/grafana/grafana
56
github.com/rancher/rancher
44
k8s.io/kubernetes
41
github.com/hashicorp/vault
40
github.com/mattermost/mattermost-server/v6
39
github.com/answerdev/answer
34
gogs.io/gogs
33
github.com/hashicorp/nomad
31
github.com/cilium/cilium
31
github.com/argoproj/argo-cd
31
github.com/docker/docker
31
github.com/argoproj/argo-cd/v2
31
github.com/hashicorp/consul
29
github.com/mattermost/mattermost-server
29
github.com/traefik/traefik/v2
24
github.com/goharbor/harbor
21
github.com/ethereum/go-ethereum
21
golang.org/x/net
20
code.gitea.io/gitea
20
helm.sh/helm/v3
19
github.com/zitadel/zitadel
19
github.com/traefik/traefik/v3
16
github.com/openfga/openfga
16
github.com/nats-io/nats-server/v2
15
github.com/containerd/containerd
15
github.com/cosmos/cosmos-sdk
13
github.com/opencontainers/runc
13
github.com/1Panel-dev/1Panel
12
github.com/cri-o/cri-o
12
k8s.io/ingress-nginx
12
github.com/traefik/traefik
12
github.com/ollama/ollama
12
github.com/go-gitea/gitea
12
github.com/cloudflare/cfrpki
11
github.com/filebrowser/filebrowser/v2
11
golang.org/x/crypto
11
github.com/pomerium/pomerium
11
github.com/cometbft/cometbft
10
github.com/moby/moby
10
github.com/greenpau/caddy-security
10
github.com/beego/beego/v2
10
github.com/kyverno/kyverno
10
github.com/containers/podman/v4
10
github.com/authzed/spicedb
10
github.com/juju/juju
9
github.com/navidrome/navidrome
9
github.com/filebrowser/filebrowser
9
github.com/sylabs/singularity
9
github.com/beego/beego
9
github.com/kubernetes/kubernetes
9
github.com/apache/incubator-answer
9
github.com/stacklok/minder
8
github.com/hashicorp/go-getter
8
istio.io/istio
8
github.com/pterodactyl/wings
8
github.com/casdoor/casdoor
8
go.etcd.io/etcd/v3
8
github.com/treeverse/lakefs
8
github.com/mattermost/mattermost-server/v5
8
github.com/containers/buildah
8
github.com/kubeedge/kubeedge
8
helm.sh/helm
7
github.com/minio/minio
7
github.com/coredns/coredns
7
github.com/gofiber/fiber/v2
7
github.com/google/fscrypt
7
github.com/hyperledger/fabric
7
github.com/argoproj/argo-workflows/v3
6
github.com/lf-edge/ekuiper
6
github.com/cubefs/cubefs
6
github.com/CosmWasm/wasmvm
6
github.com/consensys/gnark
6
github.com/pion/dtls
6
github.com/apache/trafficcontrol
6
github.com/containers/podman/v3
6
github.com/fluxcd/flux2
6
github.com/gravitl/netmaker
6
github.com/sigstore/cosign
6
kubevirt.io/kubevirt
6
github.com/open-policy-agent/opa
6
github.com/gophish/gophish
6
github.com/russellhaering/gosaml2
5
github.com/IBAX-io/go-ibax
5
github.com/siyuan-note/siyuan/kernel
5
github.com/t2bot/matrix-media-repo
5
github.com/bnb-chain/tss-lib
5
github.com/git-lfs/git-lfs
5
github.com/hashicorp/go-getter/v2
5
github.com/ipfs/go-ipfs
5
github.com/drakkan/sftpgo/v2
5
github.com/zitadel/zitadel/v2
5
github.com/quic-go/quic-go
5
cosmwasm-vm
5
github.com/snapcore/snapd
5
go.etcd.io/etcd
5
github.com/nats-io/jwt
5
github.com/alist-org/alist/v3
5
github.com/KubeOperator/kubepi
5
github.com/0xJacky/Nginx-UI
5
github.com/lf-edge/ekuiper/v2
5
github.com/foxcpp/maddy
5
github.com/containers/podman
5
github.com/CosmWasm/wasmvm/v2
5
github.com/owncast/owncast
5
github.com/cheqd/cheqd-node
5
github.com/kiali/kiali
5
github.com/gin-gonic/gin
5
github.com/pion/dtls/v2
5
github.com/russellhaering/goxmldsig
5
github.com/osrg/gobgp/v3
5
github.com/moby/buildkit
5
github.com/CosmWasm/wasmd
5
github.com/tendermint/tendermint
5
github.com/fluxcd/kustomize-controller
5
github.com/schollz/croc/v9
5
github.com/cosmos/ibc-go/v7
4
github.com/evmos/evmos/v11
4
github.com/ory/fosite
4
github.com/mholt/archiver
4
github.com/cosmos/ibc-go/v6
4
golang.org/x/image
4
github.com/cosmos/ibc-go/v5
4
github.com/mattermost/mattermost
4
golang.org/x/net/http2
4
github.com/arduino/arduino-create-agent
4
github.com/binance-chain/tss-lib
4
github.com/lestrrat-go/jwx/v2
4
github.com/evmos/evmos/v6
4
github.com/concourse/concourse
4
github.com/lestrrat-go/jwx
4
github.com/crossplane/crossplane
4
github.com/evmos/evmos/v13
4
github.com/containers/podman/v5
4
github.com/layer5io/meshery
4
github.com/lightningnetwork/lnd
4
github.com/crewjam/saml
4
github.com/free5gc/free5gc
4
github.com/hashicorp/go-getter/s3/v2
4
github.com/IceWhaleTech/CasaOS-UserService
4
github.com/cosmos/ibc-go/v3
4
github.com/oauth2-proxy/oauth2-proxy
4
github.com/hashicorp/boundary
4
github.com/containers/podman/v2
4
github.com/osrg/gobgp
4
github.com/dexidp/dex
4
github.com/cosmos/ibc-go/v4
4
github.com/cosmos/ibc-go
4
github.com/tidwall/gjson
4
github.com/dhowden/tag
4
github.com/evmos/evmos/v7
4
github.com/authelia/authelia/v4
4
github.com/go-git/go-git/v5
4
github.com/cortexproject/cortex
4
github.com/cli/cli/v2
4
vitess.io/vitess
4
gopkg.in/src-d/go-git.v4
4
github.com/aws/aws-sdk-go
4
github.com/hashicorp/go-getter/gcs/v2
4
github.com/evmos/evmos/v16
4
github.com/notaryproject/notation-go
4
github.com/projectcalico/calico
4
github.com/cosmos/ibc-go/v2
4
github.com/karmada-io/karmada
4
github.com/go-vela/server
4
github.com/fluxcd/helm-controller
3
github.com/ory/oathkeeper
3
github.com/bishopfox/sliver
3
github.com/fleetdm/fleet/v4
3
github.com/mattermost/mattermost-plugin-playbooks
3
zotregistry.dev/zot
3
github.com/evmos/evmos/v9
3
github.com/docker/distribution
3
github.com/go-skynet/LocalAI
3
github.com/projectdiscovery/nuclei/v3
3
miniflux.app/v2
3
github.com/dutchcoders/transfer.sh
3
github.com/evmos/evmos/v17
3
github.com/evmos/evmos/v12
3
github.com/square/go-jose
3
github.com/heketi/heketi
3
github.com/tharsis/evmos
3
github.com/openshift/console
3
github.com/flyteorg/flyteadmin
3
github.com/babylonlabs-io/babylon
3
github.com/evmos/evmos/v10
3
github.com/cli/cli
3
github.com/AdguardTeam/AdGuardHome
3
github.com/miekg/dns
3
goauthentik.io
3
github.com/edgelesssys/contrast
3
google.golang.org/grpc
3
github.com/ctfer-io/chall-manager
3
github.com/AlexxIT/go2rtc
3
github.com/libp2p/go-libp2p
3
github.com/canonical/lxd
3
github.com/weaveworks/weave-gitops
3
go.etcd.io/etcd/client/v3
3
github.com/openshift/origin
3
Filter by Repository
https://github.com/usememos/memos
66
https://github.com/kubernetes/kubernetes
64
https://github.com/grafana/grafana
46
https://github.com/argoproj/argo-cd
45
https://github.com/rancher/rancher
40
https://github.com/mattermost/mattermost
35
https://github.com/answerdev/answer
34
https://github.com/go-gitea/gitea
32
https://github.com/cilium/cilium
31
https://github.com/gogs/gogs
28
https://github.com/traefik/traefik
24
https://github.com/moby/moby
23
https://github.com/zitadel/zitadel
22
https://github.com/hashicorp/consul
22
https://github.com/goharbor/harbor
21
https://github.com/helm/helm
20
https://github.com/hashicorp/vault
18
https://github.com/ethereum/go-ethereum
17
https://github.com/containerd/containerd
17
https://github.com/etcd-io/etcd
16
https://github.com/hashicorp/nomad
16
https://github.com/openfga/openfga
16
https://github.com/cosmos/cosmos-sdk
14
https://github.com/golang/go
14
https://github.com/containers/podman
13
https://github.com/opencontainers/runc
12
https://github.com/nats-io/nats-server
12
https://github.com/1Panel-dev/1Panel
12
https://github.com/cloudflare/cfrpki
11
https://github.com/filebrowser/filebrowser
11
https://github.com/cri-o/cri-o
11
https://github.com/pomerium/pomerium
11
https://github.com/beego/beego
11
https://github.com/authzed/spicedb
10
https://github.com/kyverno/kyverno
10
https://github.com/greenpau/caddy-security
10
https://github.com/cometbft/cometbft
10
https://github.com/juju/juju
9
https://github.com/kubeedge/kubeedge
8
https://github.com/treeverse/lakeFS
8
https://github.com/containers/buildah
8
https://github.com/hashicorp/go-getter
8
https://github.com/istio/istio
8
https://github.com/docker/docker
8
https://github.com/pterodactyl/wings
8
https://github.com/casdoor/casdoor
8
https://github.com/navidrome/navidrome
8
https://github.com/stacklok/minder
8
https://github.com/argoproj/argo-workflows
7
https://github.com/minio/minio
7
https://github.com/evmos/evmos
7
https://github.com/google/fscrypt
7
https://github.com/hyperledger/fabric
7
https://github.com/hpcng/singularity
7
https://github.com/kubernetes/ingress-nginx
7
https://github.com/gofiber/fiber
7
https://github.com/fluxcd/flux2
6
https://github.com/drakkan/sftpgo
6
https://github.com/ollama/ollama
6
https://github.com/open-policy-agent/opa
6
https://github.com/pion/dtls
6
https://github.com/schollz/croc
6
https://github.com/cubefs/cubefs
6
https://github.com/Consensys/gnark
6
https://github.com/oauth2-proxy/oauth2-proxy
6
https://github.com/sigstore/cosign
6
https://github.com/moby/buildkit
6
https://github.com/lf-edge/ekuiper
6
https://github.com/gravitl/netmaker
6
https://github.com/tendermint/tendermint
5
https://github.com/CosmWasm/wasmvm
5
https://github.com/ipfs/go-ipfs
5
https://github.com/git-lfs/git-lfs
5
https://github.com/cli/cli
5
https://github.com/CosmWasm/wasmd
5
https://github.com/foxcpp/maddy
5
https://github.com/cheqd/cheqd-node
5
https://github.com/quic-go/quic-go
5
https://github.com/coredns/coredns
5
https://github.com/t2bot/matrix-media-repo
5
https://github.com/IBAX-io/go-ibax
5
https://github.com/0xJacky/nginx-ui
5
https://github.com/crewjam/saml
5
https://github.com/siyuan-note/siyuan
5
https://github.com/free5gc/free5gc
5
https://github.com/gophish/gophish
5
https://github.com/osrg/gobgp
5
https://github.com/gin-gonic/gin
4
https://github.com/notaryproject/notation-go
4
https://github.com/dexidp/dex
4
https://github.com/aws/aws-sdk-go
4
https://github.com/authelia/authelia
4
https://github.com/ory/fosite
4
https://github.com/owncast/owncast
4
https://github.com/IceWhaleTech/CasaOS-UserService
4
https://github.com/meshery/meshery
4
https://github.com/grafana/bugbounty
4
https://github.com/tidwall/gjson
4
https://github.com/containous/traefik
4
https://github.com/crossplane/crossplane
4
https://github.com/projectdiscovery/nuclei
4
https://github.com/siderolabs/talos
4
https://github.com/alist-org/alist
4
https://github.com/golang/crypto
4
https://github.com/dhowden/tag
4
https://github.com/apache/trafficcontrol
4
https://github.com/russellhaering/gosaml2
4
https://github.com/cosmos/ibc-go
4
https://github.com/go-git/go-git
4
https://github.com/snapcore/snapd
4
https://github.com/babylonlabs-io/babylon
4
https://github.com/concourse/concourse
4
https://github.com/arduino/arduino-create-agent
4
https://github.com/kubevirt/kubevirt
4
https://github.com/go-vela/server
4
https://github.com/woodpecker-ci/woodpecker
4
https://github.com/vitessio/vitess
4
https://github.com/lestrrat-go/jwx
4
https://github.com/cortexproject/cortex
3
https://github.com/envoyproxy/envoy
3
https://github.com/clidey/whodb
3
https://github.com/ipfs/boxo
3
https://github.com/canonical/lxd
3
https://github.com/miniflux/v2
3
https://github.com/tiagorlampert/CHAOS
3
https://github.com/theupdateframework/go-tuf
3
https://github.com/open-telemetry/opentelemetry-go-contrib
3
https://github.com/project-zot/zot
3
https://github.com/gogits/gogs
3
https://github.com/syncthing/syncthing
3
https://github.com/caddyserver/caddy
3
https://github.com/phachon/mm-wiki
3
https://github.com/openshift/origin
3
https://github.com/ctfer-io/chall-manager
3
https://github.com/goauthentik/authentik
3
https://github.com/flipped-aurora/gin-vue-admin
3
https://github.com/fleetdm/fleet
3
https://github.com/go-yaml/yaml
3
https://github.com/sylabs/singularity
3
https://github.com/imgproxy/imgproxy
3
https://github.com/ory/oathkeeper
3
https://github.com/AlexxIT/go2rtc
3
https://github.com/distribution/distribution
3
https://github.com/charmbracelet/soft-serve
3
https://github.com/flyteorg/flyteadmin
3
https://github.com/go-jose/go-jose
3
https://github.com/BishopFox/sliver
3
https://github.com/lightningnetwork/lnd
3
https://github.com/edgelesssys/marblerun
3
https://github.com/cloudflare/circl
3
https://github.com/tailscale/tailscale
3
https://github.com/mudler/localai
3
https://github.com/kiali/kiali
3
https://github.com/KubeOperator/KubePi
3
https://github.com/moby/libnetwork
3
https://github.com/plentico/plenti
3
https://github.com/edgelesssys/constellation
3
https://github.com/u-root/u-root
3
https://github.com/pingcap/tidb
3
https://github.com/ubuntu/authd
3
https://github.com/mattermost/mattermost-plugin-playbooks
3
https://github.com/artifacthub/hub
3
https://github.com/kubernetes-sigs/secrets-store-csi-driver
3
https://github.com/nats-io/jwt
3
https://github.com/gohugoio/hugo
3
https://github.com/karmada-io/karmada
3
https://github.com/ElrondNetwork/elrond-go
3
https://github.com/IoFinnet/tss-lib
3
https://github.com/metal3-io/baremetal-operator
3
https://github.com/apache/incubator-answer
3
https://github.com/square/go-jose
3
https://github.com/weaveworks/weave-gitops
3
https://github.com/argoproj/argo-events
3
https://github.com/dutchcoders/transfer.sh
3
https://github.com/edgelesssys/contrast
3
https://github.com/libp2p/go-libp2p
3
https://github.com/heketi/heketi
3
https://github.com/mholt/archiver
3
https://github.com/fkie-cad/yapscan
2
https://github.com/kitabisa/teler
2
https://github.com/miekg/dns
2
https://github.com/rclone/rclone
2
https://github.com/snowflakedb/gosnowflake
2
https://github.com/prometheus/prometheus
2
https://github.com/cosmos/ibc-apps
2
https://github.com/codenotary/immudb
2
https://github.com/openbao/openbao
2
https://github.com/stripe/smokescreen
2
https://github.com/multiversx/mx-chain-go
2
https://github.com/apptainer/apptainer
2
https://github.com/grpc/grpc-go
2
https://github.com/AdguardTeam/AdGuardHome
2
https://github.com/elastic/beats
2
https://github.com/mayswind/ezbookkeeping
2
https://github.com/Masterminds/goutils
2
https://github.com/lxc/incus
2
https://github.com/zinclabs/zinc
2
https://github.com/heroiclabs/nakama
2
https://github.com/open-telemetry/opentelemetry-collector-contrib
2