Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-jmr4-p576-v565
  • Go/github.com/knadh/listmonk
 listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover yesterday
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-pc73-rj2c-wvf9
  • Go/code.gitea.io/gitea
 Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists 3 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-hmhp-gh8m-c8xp
  • Go/go.temporal.io/server
 Temporal has an Incorrect Authorization vulnerability 4 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-p2gr-hm8g-q772
  • Go/go.temporal.io/server
 Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts 4 days ago
  • Fix available
  • Severity - 1.3 (Low)
GO-2025-4254
  • Go/github.com/mattermost/mattermost-plugin-calls
 Mattermost has CSRF vulnerability via Calls Widget page in github.com/mattermost/mattermost-plugin-calls 5 days ago
  • Fix available
GO-2025-4255
  • Go/github.com/mattermost/mattermost-plugin-calls
 Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in in github.com/mattermost/mattermost-plugin-calls 5 days ago
  • Fix available
GO-2025-4256
  • Go/github.com/mattermost/mattermost
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost 5 days ago
  • Fix available
GO-2025-4257
  • Go/github.com/kedacore/keda
  • Go/github.com/kedacore/keda/v2
 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda 5 days ago
  • Fix available
GO-2025-4258
  • Go/code.gitea.io/gitea
 Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea 5 days ago
  • Fix available
GO-2025-4261
  • Go/code.gitea.io/gitea
 Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea 5 days ago
  • No fix available
GO-2025-4262
  • Go/code.gitea.io/gitea
 Gitea: anonymous user can visit private user's project in code.gitea.io/gitea 5 days ago
  • Fix available
GO-2025-4263
  • Go/code.gitea.io/gitea
 Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea 5 days ago
  • Fix available
GO-2025-4264
  • Go/code.gitea.io/gitea
 Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea 5 days ago
  • Fix available
GO-2025-4265
  • Go/code.gitea.io/gitea
 Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea 5 days ago
  • Fix available
GO-2025-4266
  • Go/code.gitea.io/gitea
 Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea 5 days ago
  • Fix available
GO-2025-4267
  • Go/code.gitea.io/gitea
 Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea 5 days ago
  • Fix available
Load more...