Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-q2pw-xx38-p64j
  • Go/chainguard.dev/melange
 melange has Path Traversal via .PKGINFO in --persist-lint-results 10 hours ago
  • Fix available
  • Severity - 4.4 (Medium)
GHSA-98f2-w9h9-7fp9
  • Go/chainguard.dev/melange
 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses 10 hours ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-5jv8-h7qh-rf5p
  • Go/github.com/argoproj/argo-workflows/v3
  • Go/github.com/argoproj/argo-workflows/v4
 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller 10 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-pjcq-xvwq-hhpj
  • Go/github.com/Azure/go-ntlmssp
 go-ntlmssp NTLM challenges can panic on malformed payloads 10 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-rhf7-wvw3-vjvm
  • Go/github.com/patrickhener/goshs
  • Go/github.com/patrickhener/goshs/v2
 goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS 17 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-2hp7-65r3-wv54
  • Go/github.com/orneryd/nornicdb
 NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access yesterday
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-hjh7-r5w8-5872
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869) yesterday
  • Fix available
  • Severity - 7.1 (High)
GHSA-j88v-2chj-qfwx
  • Go/github.com/jackc/pgx
  • Go/github.com/jackc/pgx/v4
  • Go/github.com/jackc/pgx/v5
 pgx: SQL Injection via placeholder confusion with dollar quoted string literals yesterday
  • Fix available
  • Severity - 2.3 (Low)
GHSA-3m6q-h5gj-7mrw
  • Go/code.gitea.io/gitea
 Gitea has insecure default SSH settings yesterday
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-jm34-66cf-qpvr
  • Go/github.com/projectdiscovery/nuclei/v3
 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions yesterday
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-29rg-wmcw-hpf4
  • Go/github.com/projectdiscovery/nuclei/v3
 Nuclei: Local File Read via require() Module Loader Bypass yesterday
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-29v9-frvh-c426
  • Go/github.com/monetr/monetr
 monetr: Server-side request forgery in Lunch Flow link creation and refresh yesterday
  • Fix available
  • Severity - 8.3 (High)
GHSA-r99v-75p9-xqm5
  • Go/github.com/free5gc/amf
 free5GC AMF: Missing default case in Content-Type switch in HTTPUEContextTransfer yesterday
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-98cp-84m9-q3qp
  • Go/github.com/free5gc/pcf
 free5GC PCF: Memory Leak via CORS Middleware Registration in HTTP Handler Leads to Denial of Service yesterday
  • Fix available
  • Severity - 7.5 (High)
GHSA-57j5-qwp2-vqp6
  • Go/github.com/openfga/openfga
 OpenFGA has Improper Policy Enforcement yesterday
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-x2xq-qhjf-5mvg
  • Go/github.com/ddev/ddev
 DDEV has ZipSlip path traversal in tar and zip archive extraction yesterday
  • Fix available
  • Severity - 6.5 (Medium)
Load more...