Security Advisories for github.com/getarcaneapp/arcane/backend in go
High
about 1 month ago
Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include Directives
go
github.com/getarcaneapp/arcane/backend
High
about 1 month ago
Arcane: Missing admin authorization on global variables endpoint
go
github.com/getarcaneapp/arcane/backend
High
about 2 months ago
Arcane Backend: Unauthenticated reflected XSS via SVG color parameter enables admin account takeover
go
github.com/getarcaneapp/arcane/backend
Moderate
about 2 months ago
Arcane Backend: OS Command Injection in Volume Browser ListDirectory via path query parameter
go
github.com/getarcaneapp/arcane/backend
Critical
about 2 months ago
Arcane Backend: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configs
go
github.com/getarcaneapp/arcane/backend
High
2 months ago
Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)
go
github.com/getarcaneapp/arcane/backend
High
3 months ago
Arcane has Unauthenticated SSRF with Conditional Response Reflection in Template Fetch Endpoint
go
github.com/getarcaneapp/arcane/backend
Critical
6 months ago
Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE
go
github.com/getarcaneapp/arcane/backend