Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GO-2025-4155
  • Go/stdlib
 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 3 hours ago
  • Fix available
GHSA-32fw-gq77-f2f2
  • Go/github.com/eclipse/paho.mqtt.golang
 Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes 12 hours ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-p6gj-jc38-x2m7
  • Go/github.com/mattermost/mattermost/server/v8
  • Go/github.com/mattermost/mattermost
 Mattermost fails to validate user permissions when deleting comments in Boards yesterday
  • No fix available
  • Severity - 4.3 (Medium)
GHSA-38pp-6gcp-rqvm
  • Go/github.com/cilium/cilium
  • Go/Ciliumgithub.com/cilium/cilium
 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic yesterday
  • Fix available
  • Severity - 4.0 (Medium)
GHSA-mp6x-97xj-9x62
  • Go/github.com/mattermost/mattermost/server/v8
  • Go/github.com/mattermost/mattermost-server
 Mattermost fails to to verify the token used during code exchange 5 days ago
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-3x39-62h4-f8j6
  • Go/github.com/mattermost/mattermost/server/v8
  • Go/github.com/mattermost/mattermost-server
 Mattermost fails to properly validate OAuth state tokens during OpenID Connect authentication 5 days ago
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-4g87-9x45-cx2h
  • Go/github.com/mattermost/mattermost/server/v8
  • Go/github.com/mattermost/mattermost-server
 Mattermost fails to sanitize team email addresses 5 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-66jq-2c23-2xh5
  • Go/github.com/VictoriaMetrics/VictoriaMetrics
 VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM 25 Nov
  • Fix available
  • Severity - 2.7 (Low)
GO-2025-4133
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server 25 Nov
  • Fix available
GO-2025-4138
  • Go/github.com/esm-dev/esm.sh
 esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh 25 Nov
  • Fix available
GO-2025-4139
  • Go/github.com/esm-dev/esm.sh
 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh 25 Nov
  • Fix available
GO-2025-4146
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
 Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command in github.com/mattermost/mattermost-server 25 Nov
  • Fix available
GO-2025-4147
  • Go/github.com/mindersec/minder
 Minder does not sandbox http.send in Rego programs in github.com/mindersec/minder 25 Nov
  • Fix available
GO-2025-4149
  • Go/github.com/google/osv-scalibr
 OSV-SCALIBR has NULL Pointer Dereference in github.com/google/osv-scalibr 25 Nov
  • Fix available
GO-2025-4150
  • Go/github.com/openfga/openfga
 OpenFGA Improper Policy Enforcement in github.com/openfga/openfga 25 Nov
  • Fix available
GO-2025-4151
  • Go/github.com/authzed/spicedb
 SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results in github.com/authzed/spicedb 25 Nov
  • Fix available
Load more...