Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-59jp-pj84-45mr
  • Go/github.com/sigstore/fulcio
 Fulcio is vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass 19 minutes ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-xrwg-mqj6-6m22
  • Go/github.com/envoyproxy/gateway
 Envoy Extension Policy lua scripts injection causes arbitrary command execution 19 minutes ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-597g-3phw-6986
  • PyPI/virtualenv
 virtualenv Has TOCTOU Vulnerabilities in Directory Creation 21 minutes ago
  • Fix available
  • Severity - 4.5 (Medium)
GHSA-qmgc-5h2g-mvrw
  • PyPI/filelock
 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock 22 minutes ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-grg2-63fw-f2qr
  • PyPI/vllm
 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions 22 minutes ago
  • Fix available
  • Severity - 6.5 (Medium)
MAL-2026-248
  • PyPI/dify-api
 Malicious code in dify-api (PyPI) 59 minutes ago
  • No fix available
GO-2026-4295
  • Go/github.com/mattermost/mattermost-server
 Mattermost Server exposes sensitive user status information via REST API version 4 endpoint in github.com/mattermost/mattermost-server 2 hours ago
  • Fix available
GO-2026-4296
  • Go/github.com/mattermost/mattermost-server
 Mattermost Server is vulnerable to XSS through display name field in github.com/mattermost/mattermost-server 2 hours ago
  • Fix available
GO-2026-4297
  • Go/github.com/mattermost/mattermost-server
 Mattermost Server has intermittent Authorization bypass for resource-owners in github.com/mattermost/mattermost-server 2 hours ago
  • Fix available
GO-2026-4298
  • Go/github.com/mattermost/mattermost-server
 Mattermost Server does not safeguard against phishing via error page links in github.com/mattermost/mattermost-server 2 hours ago
  • Fix available
GO-2026-4299
  • Go/github.com/mattermost/mattermost-server
 Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint in github.com/mattermost/mattermost-server 2 hours ago
  • Fix available
GO-2026-4300
  • Go/github.com/mattermost/mattermost-server
 Mattermost Server is vulnerable to DoS through maliciously crafted posts in github.com/mattermost/mattermost-server 2 hours ago
  • Fix available
GO-2026-4301
  • Go/github.com/mattermost/mattermost-server
 Mattermost Server mishandles redirect denial action in github.com/mattermost/mattermost-server 2 hours ago
  • Fix available
GO-2026-4302
  • Go/github.com/mattermost/mattermost-server
 Mattermost Server vulnerable to XSS via an uploaded file in github.com/mattermost/mattermost-server 2 hours ago
  • Fix available
GO-2026-4303
  • Go/github.com/mattermost/mattermost-server
 Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server 2 hours ago
  • Fix available
GO-2026-4304
  • Go/github.com/mattermost/mattermost-server
 CVE-2017-18901 in github.com/mattermost/mattermost-server 2 hours ago
  • No fix available
Load more...