Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-m98w-cqp3-qcqr
  • Go/github.com/gofiber/utils/v2
  • Go/github.com/gofiber/utils
 Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values 2 hours ago
  • Fix available
  • Severity - 9.2 (Critical)
GHSA-7cqv-qcq2-r765
  • Go/github.com/1Panel-dev/1Panel
  • Go/github.com/1Panel-dev/1Panel/agent
 1Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers 2 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-qmg5-v42x-qqhq
  • Go/github.com/1Panel-dev/1Panel
  • Go/github.com/1Panel-dev/1Panel/core
 1Panel – CAPTCHA Bypass via Client-Controlled Flag 2 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-7vww-mvcr-x6vj
  • Go/github.com/traefik/traefik/v3
 Traefik Inverted TLS Verification Logic in ingress-nginx Provider 3 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-gm3x-23wp-hc2c
  • Go/github.com/traefik/traefik/v3
  • Go/github.com/traefik/traefik/v2
  • Go/github.com/traefik/traefik
 Path Normalization Bypass in Traefik Router + Middleware Rules 3 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-4qg8-fj49-pxjh
  • Go/github.com/sigstore/timestamp-authority
 Sigstore Timestamp Authority allocates excessive memory during request parsing 3 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-f83f-xpx7-ffpw
  • Go/github.com/sigstore/fulcio
 Fulcio allocates excessive memory during token parsing 3 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-rwjg-c3h2-f57p
  • Go/github.com/envoyproxy/envoy
 Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte 3 days ago
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-rj35-4m94-77jh
  • Go/github.com/envoyproxy/envoy
 Envoy forwards early CONNECT data in TCP proxy mode 3 days ago
  • Fix available
  • Severity - 3.7 (Low)
GHSA-mp85-7mrq-r866
  • Go/github.com/envoyproxy/envoy
 Envoy crashes when JWT authentication is configured with the remote JWKS fetching 3 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-4f99-4q7p-p3gh
  • Go/github.com/sirupsen/logrus
 Logrus is vulnerable to DoS when using Entry.Writer() 3 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-h8cp-697h-8c8p
  • Go/github.com/smallstep/certificates
 Step CA Has Authorization Bypass in ACME and SCEP Provisioners 5 days ago
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-jf75-p25m-pw74
  • Go/github.com/coder/coder/v2
 Coder logs sensitive objects unsanitized 5 days ago
  • Fix available
  • Severity - 7.8 (High)
GHSA-j7c9-79x7-8hpr
  • Go/github.com/smallstep/certificates
 step-ca Has Improper Authorization Check for SSH Certificate Revocation 5 days ago
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-46gc-mwh4-cc5r
  • Go/github.com/docker/mcp-gateway
 Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode 5 days ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-j3rw-fx6g-q46j
  • Go/github.com/apptainer/apptainer
 Apptainer ineffectively applies selinux and apparmor --security options 5 days ago
  • Fix available
  • Severity - 4.5 (Medium)
Load more...