Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-h8cp-697h-8c8p
  • Go/github.com/smallstep/certificates
 Step CA Has Authorization Bypass in ACME and SCEP Provisioners 10 hours ago
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-jf75-p25m-pw74
  • Go/github.com/coder/coder/v2
 Coder logs sensitive objects unsanitized 10 hours ago
  • Fix available
  • Severity - 7.8 (High)
GHSA-j7c9-79x7-8hpr
  • Go/github.com/smallstep/certificates
 step-ca Has Improper Authorization Check for SSH Certificate Revocation 10 hours ago
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-46gc-mwh4-cc5r
  • Go/github.com/docker/mcp-gateway
 Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode 10 hours ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-j3rw-fx6g-q46j
  • Go/github.com/apptainer/apptainer
 Apptainer ineffectively applies selinux and apparmor --security options yesterday
  • Fix available
  • Severity - 4.5 (Medium)
GHSA-wwrx-w7c9-rf87
  • Go/github.com/sylabs/singularity/v4
 Singluarity ineffectively applies selinux / apparmor LSM process labels yesterday
  • Fix available
  • Severity - 4.5 (Medium)
GO-2025-4175
  • Go/stdlib
 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 yesterday
  • Fix available
GO-2025-4163
  • Go/github.com/free5gc/nssf
 NSSF panic due to nil pointer dereference when expiry field is omitted in NSSAIAvailability POST in github.com/free5gc/nssf yesterday
  • Fix available
GO-2025-4164
  • Go/github.com/free5gc/pcf
 Free5GC is vulnerable to DoS through its Npcf_BDTPolicyControl POST API in github.com/free5gc/pcf yesterday
  • Fix available
GO-2025-4171
  • Go/github.com/flipped-aurora/gin-vue-admin
 Gin-vue-admin has an arbitrary file deletion vulnerability in github.com/flipped-aurora/gin-vue-admin yesterday
  • Fix available
GO-2025-4172
  • Go/github.com/mattermost/mattermost
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost fails to validate user permissions when deleting comments in Boards in github.com/mattermost/mattermost yesterday
  • No fix available
GO-2025-4174
  • Go/github.com/cloudflare/gokey
 gokey allows secret recovery from a seed file without the master password in github.com/cloudflare/gokey yesterday
  • Fix available
GO-2025-4155
  • Go/stdlib
 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 yesterday
  • Fix available
GHSA-69jw-4jj8-fcxm
  • Go/github.com/cloudflare/gokey
 gokey allows secret recovery from a seed file without the master password yesterday
  • Fix available
  • Severity - 7.1 (High)
GHSA-58w6-w55x-6wq8
  • Go/github.com/mattermost/mattermost/server/v8
  • Go/github.com/mattermost/mattermost
 Mattermost fails to validate user permissions in Boards yesterday
  • Fix available
  • Severity - 3.1 (Low)
GHSA-32fw-gq77-f2f2
  • Go/github.com/eclipse/paho.mqtt.golang
 Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes yesterday
  • Fix available
  • Severity - 6.3 (Medium)
Load more...