go
1,967,706 packages · proxy.golang.org
Low Security Advisories in go Clear Filters
Low
over 1 year ago
Mattermost fails to properly restrict the access of files attached to posts
go
github.com/mattermost/mattermost/server/v8
Low
over 1 year ago
ASA-2024-004: Default configuration param for Evidence may limit window of validity
go
github.com/cometbft/cometbft
Low
over 1 year ago
ASA-2024-005: Potential slashing evasion during re-delegation
go
github.com/cosmos/cosmos-sdk
Low
over 1 year ago
Mattermost fails to check the required permissions
go
github.com/mattermost/mattermost/server/v8
Low
over 1 year ago
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
go
github.com/mattermost/mattermost-plugin-jira
Low
over 1 year ago
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
go
go.etcd.io/etcd/v3
Low
over 1 year ago
Etcd embed auto compaction retention negative value causing a compaction loop or a crash
go
go.etcd.io/etcd/v3
Low
over 1 year ago
Etcd pkg Insecure ciphers are allowed by default
go
go.etcd.io/etcd/client/pkg/v3
Low
over 1 year ago
Apache Answer Race Condition vulnerability
go
github.com/apache/incubator-answer
Low
over 1 year ago
The DES/3DES cipher was used as part of the TLS protocol by installation tools
go
github.com/karmada-io/karmada
Low
over 1 year ago
Mattermost allows demoted guests to change group names
go
github.com/mattermost/mattermost/server/v8
Low
almost 2 years ago
Mattermost Cross-site Scripting vulnerability
go
github.com/mattermost/mattermost/server/v8
Low
almost 2 years ago
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
go
knative.dev/eventing-gitlab
Low
almost 2 years ago
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
go
knative.dev/eventing-github
Low
almost 2 years ago
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
go
github.com/canonical/lxd
Low
almost 2 years ago
Mattermost Injection vulnerability
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Low
almost 2 years ago
gnark's range checker gadget allows wider inputs up to word alignment
go
github.com/consensys/gnark
Low
almost 2 years ago
slsa-verifier vulnerable to mproper validation of npm's publish attestations
go
github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Low
almost 2 years ago
Cosign vulnerable to possible endless data attack from attacker-controlled registry
go
github.com/sigstore/cosign/v2
Low
almost 2 years ago
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
go
github.com/hashicorp/vagrant
Low
almost 2 years ago
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
go
github.com/consensys/gnark-crypto
Low
about 2 years ago
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
go
github.com/cometbft/cometbft
Low
about 2 years ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Low
about 2 years ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Low
about 2 years ago
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations
go
github.com/cilium/cilium
Low
about 2 years ago
Mattermost fails to correctly delete attachments
go
github.com/mattermost/mattermost-server/v6
Low
about 2 years ago
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
go
github.com/hashicorp/nomad
Low
over 2 years ago
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee
go
github.com/cosmos/cosmos-sdk
Low
over 2 years ago
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
go
go.temporal.io/server
Low
over 2 years ago
SpiceDB's LookupResources may return partial results
go
github.com/authzed/spicedb
Low
over 2 years ago
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
go
github.com/cilium/cilium
Low
over 2 years ago
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability
go
github.com/cheqd/cheqd-node
Low
over 2 years ago
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt
go
github.com/cosmos/cosmos-sdk
Low
over 2 years ago
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
go
github.com/lima-vm/lima
Low
over 2 years ago
etcd Key name can be accessed via LeaseTimeToLive API
go
github.com/etcd-io/etcd
Low
over 2 years ago
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints
go
github.com/mutagen-io/mutagen, github.com/mutagen-io/mutagen-compose
Low
over 2 years ago
Under-validated ComSpec and cmd.exe resolution in Mutagen projects
go
github.com/mutagen-io/mutagen
Low
over 2 years ago
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
go
github.com/opencontainers/runc
Low
almost 3 years ago
Buildah (as part of Podman) vulnerable to Path Traversal
go
github.com/containers/podman/v4
Low
almost 3 years ago
Traefik may display authorization header in the debug logs
go
github.com/traefik/traefik/v2
Low
almost 3 years ago
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
go
teler.app
Low
almost 3 years ago
Tailscale daemon is vulnerable to information disclosure via CSRF
go
tailscale.com/cmd
Low
almost 3 years ago
Container build can leak any path on the host into the container
go
github.com/docker/docker
Low
almost 3 years ago
HashiCorp Nomad vulnerable to Insufficient Session Expiration
go
github.com/hashicorp/nomad
Low
almost 3 years ago
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
go
go.etcd.io/etcd/client/v3
Low
almost 3 years ago
etcd user credentials are stored in WAL logs in plaintext
go
go.etcd.io/etcd/client/v3
Low
almost 3 years ago
etcd vulnerable to TOCTOU of gateway endpoint authentication
go
go.etcd.io/etcd/v3
Low
about 3 years ago
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata
go
github.com/theupdateframework/go-tuf
Low
about 3 years ago
Cilium host policy bypass in endpoint-routes mode with dual-stack
go
github.com/cilium/cilium
Low
about 3 years ago
Argo CD SSO users vulnerable to Cross-site Scripting
go
github.com/argoproj/argo-cd
Low
over 3 years ago
Kubernetes Secrets Store CSI Driver plugins arbitrary file write
go
github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp, github.com/Azure/secrets-store-csi-driver-provider-azure, github.com/hashicorp/vault-csi-provider
Low
over 3 years ago
Caddy allows enumeration of Certificates and Hostnames
go
github.com/caddyserver/caddy
Low
over 3 years ago
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki
go
github.com/cloudflare/cfrpki
Low
over 3 years ago
gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition
go
github.com/ntbosscher/gobase
Low
over 3 years ago
personnummer/go vulnerable to Improper Input Validation
go
github.com/personnummer/go
Low
over 3 years ago
In-band key negotiation issue in AWS S3 Crypto SDK for golang
go
github.com/aws/aws-sdk-go
Low
over 3 years ago
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
go
github.com/goharbor/harbor
Low
almost 4 years ago
devices resource list treated as a blacklist by default
go
github.com/opencontainers/runc
Low
almost 4 years ago
Hashicorp Vault Privilege Escalation Vulnerability
go
github.com/hashicorp/vault
Low
about 4 years ago
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
go
github.com/argoproj/argo-workflows/v3
Low
over 4 years ago
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
go
github.com/oauth2-proxy/oauth2-proxy, github.com/oauth2-proxy/oauth2-proxy/v7
Low
over 4 years ago
Repository index file allows for duplicates of the same chart entry in helm
go
helm.sh/helm, helm.sh/helm/v3
Low
over 4 years ago
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
go
github.com/Masterminds/goutils
Low
over 4 years ago
A failed upgrade may lead to hung goroutines
go
github.com/cloudflare/tableflip
Low
over 4 years ago
Crash due to malformed relay protocol message
go
github.com/syncthing/syncthing
Low
over 4 years ago
Import loops in account imports, nats-server DoS
go
github.com/nats-io/nats-server/v2
Low
over 4 years ago
Network policy may be bypassed by some ICMP Echo Requests
go
github.com/cilium/cilium
Low
over 4 years ago
Local directory executable lookup in sops (Windows-only)
go
go.mozilla.org/sops/v3
Filter by Severity
Filter by Package
github.com/mattermost/mattermost/server/v8
33
github.com/mattermost/mattermost-server
10
k8s.io/kubernetes
6
github.com/cilium/cilium
6
helm.sh/helm/v3
4
github.com/hashicorp/vault
4
github.com/authzed/spicedb
4
helm.sh/helm
4
github.com/mattermost/mattermost-server/v6
4
github.com/cosmos/cosmos-sdk
3
github.com/canonical/lxd
3
go.etcd.io/etcd/v3
3
github.com/docker/docker
3
github.com/grafana/grafana
3
github.com/nats-io/nats-server/v2
2
github.com/authelia/authelia/v4
2
github.com/ntbosscher/gobase
2
github.com/opencontainers/runc
2
github.com/1Panel-dev/1Panel
2
github.com/mattermost/mattermost-plugin-confluence
2
go.etcd.io/etcd/client/v3
2
github.com/hashicorp/nomad
2
github.com/Ackites/KillWxapkg
2
github.com/cometbft/cometbft
2
github.com/containerd/containerd
2
github.com/answerdev/answer
2
github.com/mutagen-io/mutagen
2
github.com/goharbor/harbor
2
github.com/apache/incubator-answer
2
github.com/traefik/traefik/v2
2
github.com/lxc/incus/v6
1
github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp
1
github.com/MicahParks/jwkset
1
github.com/CosmWasm/wasmd
1
github.com/argoproj/argo-workflows/v3
1
github.com/theupdateframework/go-tuf
1
github.com/notaryproject/notation-go
1
github.com/traefik/traefik/v3
1
github.com/evmos/evmos/v16
1
github.com/siderolabs/omni
1
github.com/redis/go-redis/v9
1
github.com/coder/coder/v2
1
github.com/evmos/evmos/v7
1
github.com/evmos/evmos/v13
1
github.com/tendermint/tendermint
1
go.etcd.io/etcd
1
go.etcd.io/etcd/client/pkg/v3
1
github.com/cloudflare/cfrpki
1
github.com/cloudflare/circl
1
github.com/Azure/secrets-store-csi-driver-provider-azure
1
github.com/opencontainers/distribution-spec
1
github.com/mattermost/mattermost-plugin-jira
1
github.com/aws/aws-sdk-go
1
github.com/syncthing/syncthing
1
github.com/landlock-lsm/go-landlock
1
github.com/etcd-io/etcd
1
github.com/slsa-framework/slsa-verifier/v2
1
github.com/hashicorp/vault-csi-provider
1
github.com/go-acme/lego/v3
1
github.com/sigstore/gitsign
1
github.com/go-acme/lego/v4
1
github.com/oauth2-proxy/oauth2-proxy
1
github.com/mutagen-io/mutagen-compose
1
github.com/edgelesssys/contrast
1
tailscale.com/cmd
1
knative.dev/eventing-gitlab
1
github.com/amir20/dozzle
1
github.com/crossplane/crossplane
1
github.com/cloudflare/tableflip
1
sigs.k8s.io/aws-load-balancer-controller
1
github.com/evmos/evmos/v9
1
github.com/evmos/evmos/v12
1
github.com/opentofu/opentofu
1
github.com/ory/oathkeeper
1
github.com/bincyber/go-sqlcrypter
1
github.com/evmos/evmos/v17
1
github.com/trufflesecurity/trufflehog/v3
1
knative.dev/eventing-github
1
github.com/safedep/vet
1
github.com/cea-hpc/sshproxy
1
github.com/octo-sts/app
1
github.com/nrkno/terraform-provider-windns
1
github.com/flyteorg/flyteadmin
1
go.mozilla.org/sops/v3
1
k8s.io/kubernetes/cmd/kube-apiserver
1
github.com/argoproj/argo-cd
1
github.com/evmos/evmos/v6
1
github.com/mattermost/mattermost-plugin-playbooks
1
github.com/mudler/LocalAI
1
github.com/artifacthub/hub
1
gogs.io/gogs
1
github.com/stripe/stripe-cli
1
github.com/sigstore/cosign/v2
1
github.com/moov-io/customers
1
github.com/containers/podman/v4
1
snyk
1
go.temporal.io/server
1
github.com/evmos/evmos/v15
1
github.com/hashicorp/vagrant
1
github.com/traefik/traefik
1
google.golang.org/grpc
1
github.com/dragonflyoss/dragonfly
1
github.com/karmada-io/karmada
1
github.com/runatlantis/atlantis
1
github.com/snowflakedb/gosnowflake
1
github.com/evmos/evmos/v10
1
github.com/go-acme/lego
1
code.gitea.io/gitea
1
github.com/rancher/rancher
1
teler.app
1
github.com/evmos/evmos/v11
1
github.com/evmos/evmos/v14
1
github.com/apache/answer
1
github.com/foxcpp/maddy
1
github.com/mccutchen/go-httpbin/v2
1
github.com/snapcore/snapd
1
go.elastic.co/apm
1
github.com/sigstore/cosign
1
github.com/Masterminds/goutils
1
github.com/tektoncd/pipeline
1
github.com/huandu/facebook/v2
1
github.com/cometbft/cometbft/light
1
github.com/kcp-dev/kcp
1
github.com/snyk/go-application-framework
1
github.com/openbao/openbao
1
github.com/lima-vm/lima
1
github.com/evmos/evmos/v8
1
github.com/kopia/kopia
1
github.com/oauth2-proxy/oauth2-proxy/v7
1
github.com/consensys/gnark
1
github.com/personnummer/go
1
github.com/filebrowser/filebrowser
1
go.temporal.io/api
1
github.com/caddyserver/caddy
1
github.com/mattermost/mattermost-plugin-boards
1
github.com/disintegration/imaging
1
github.com/golang-jwt/jwt/v4
1
github.com/cheqd/cheqd-node
1
Ciliumgithub.com/cilium/cilium
1
github.com/slsa-framework/slsa-verifier
1
github.com/mccutchen/go-httpbin
1
github.com/consensys/gnark-crypto
1
github.com/sigstore/sigstore-go
1
github.com/opencontainers/image-spec
1
github.com/docker/distribution
1
Filter by Repository
https://github.com/mattermost/mattermost
12
https://github.com/etcd-io/etcd
8
https://github.com/kubernetes/kubernetes
7
https://github.com/cilium/cilium
6
https://github.com/helm/helm
5
https://github.com/authzed/spicedb
4
https://github.com/cosmos/cosmos-sdk
3
https://github.com/moby/moby
3
https://github.com/canonical/lxd
3
https://github.com/cometbft/cometbft
3
https://github.com/sigstore/cosign
2
https://github.com/answerdev/answer
2
https://github.com/Ackites/KillWxapkg
2
https://github.com/opencontainers/distribution-spec
2
https://github.com/mutagen-io/mutagen
2
https://github.com/containerd/containerd
2
https://github.com/traefik/traefik
2
https://github.com/opencontainers/runc
2
https://github.com/authelia/authelia
2
https://github.com/goharbor/harbor
2
https://github.com/nats-io/nats-server
2
https://github.com/1Panel-dev/1Panel
2
https://github.com/ntbosscher/gobase
2
https://github.com/hashicorp/nomad
2
https://github.com/argoproj/argo-workflows
1
https://github.com/containers/podman
1
https://github.com/cheqd/cheqd-node
1
https://github.com/oauth2-proxy/oauth2-proxy
1
https://github.com/coder/coder
1
https://github.com/notaryproject/notation-go
1
https://github.com/mudler/LocalAI
1
https://github.com/go-gitea/gitea
1
https://github.com/temporalio/temporal
1
https://github.com/tendermint/tendermint
1
https://github.com/kcp-dev/kcp
1
https://github.com/cloudflare/tableflip
1
https://github.com/lxc/incus
1
https://github.com/Consensys/gnark-crypto
1
https://github.com/openbao/openbao
1
https://github.com/go-acme/lego
1
https://github.com/dragonflyoss/dragonfly
1
https://github.com/redis/go-redis
1
https://github.com/elastic/apm-agent-go
1
https://github.com/personnummer/go
1
https://github.com/theupdateframework/go-tuf
1
https://github.com/safedep/vet
1
https://github.com/artifacthub/hub
1
https://github.com/distribution/distribution
1
https://github.com/cloudflare/cfrpki
1
https://github.com/Consensys/gnark
1
https://github.com/snowflakedb/gosnowflake
1
https://github.com/sigstore/gitsign
1
https://github.com/huandu/facebook
1
https://github.com/grpc/grpc-go
1
https://github.com/mattermost/mattermost-plugin-playbooks
1
https://github.com/landlock-lsm/go-landlock
1
https://github.com/CosmWasm/wasmd
1
https://github.com/slsa-framework/slsa-verifier
1
https://github.com/lima-vm/lima
1
https://github.com/cloudflare/circl
1
https://github.com/MicahParks/jwkset
1
https://github.com/siderolabs/omni
1
https://github.com/kopia/kopia
1
https://github.com/sigstore/sigstore-go
1
https://github.com/kubernetes-sigs/secrets-store-csi-driver
1
https://github.com/moov-io/customers
1
https://github.com/golang-jwt/jwt
1
https://github.com/mattermost/mattermost-plugin-boards
1
https://github.com/syncthing/syncthing
1
https://github.com/snapcore/snapd
1
https://github.com/hashicorp/vault
1
https://github.com/kitabisa/teler
1
https://github.com/disintegration/imaging
1
https://github.com/nrkno/terraform-provider-windns
1
https://github.com/amir20/dozzle
1
https://github.com/mattermost/mattermost-plugin-jira
1
https://github.com/grafana/grafana
1
https://github.com/bincyber/go-sqlcrypter
1
https://github.com/aws/aws-sdk-go
1
https://github.com/mozilla/sops
1
https://github.com/octo-sts/app
1
https://github.com/kubernetes-sigs/aws-load-balancer-controller
1
https://github.com/evmos/evmos
1
https://github.com/argoproj/argo-cd
1
https://github.com/Masterminds/goutils
1
https://github.com/trufflesecurity/trufflehog
1
https://github.com/edgelesssys/contrast
1
https://github.com/mholt/caddy
1
https://github.com/rancher/rancher
1
https://github.com/knative-extensions/eventing-github
1
https://github.com/filebrowser/filebrowser
1
https://github.com/tektoncd/pipeline
1
https://github.com/ory/oathkeeper
1
https://github.com/crossplane/crossplane
1
https://github.com/tailscale/tailscale
1
https://github.com/cea-hpc/sshproxy
1
https://github.com/apache/answer
1
https://github.com/snyk/cli
1
https://github.com/stripe/stripe-cli
1
https://github.com/knative-extensions/eventing-gitlab
1
https://github.com/temporalio/api-go
1
https://github.com/runatlantis/atlantis
1
https://github.com/opentofu/opentofu
1
https://github.com/mccutchen/go-httpbin
1
https://github.com/gogs/gogs
1
https://github.com/flyteorg/flyteadmin
1
https://github.com/karmada-io/karmada
1
https://github.com/foxcpp/maddy
1