Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-gg4x-fgg2-h9w9
  • Go/github.com/kyverno/kyverno
 Bypassing Kyverno Policies via Double Policy Exceptions 23 hours ago
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-8v65-47jx-7mfr
  • Go/github.com/axllent/mailpit
 Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability 23 hours ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-8c39-xppg-479c
  • Go/github.com/pterodactyl/wings
  • Packagist/pterodactyl/panel
 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced 23 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-hjr9-wj7v-7hv8
  • Go/github.com/bishopfox/sliver
 Sliver Vulnerable to Pre-Auth Memory Exhaustion via NoEncoder Bypass yesterday
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-4c5f-9mj4-m247
  • Go/github.com/open-feature/flagd/core
  • Go/github.com/open-feature/flagd/flagd
  • Go/github.com/open-feature/flagd/flagd-proxy
 flagd: Multiple Go Runtime CVEs Impact Security and Availability 2 days ago
  • Fix available
GHSA-jmr4-p576-v565
  • Go/github.com/knadh/listmonk
 listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover 4 days ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-pc73-rj2c-wvf9
  • Go/code.gitea.io/gitea
 Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-hmhp-gh8m-c8xp
  • Go/go.temporal.io/server
 Temporal has an Incorrect Authorization vulnerability 30 Dec 2025
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-p2gr-hm8g-q772
  • Go/go.temporal.io/server
 Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts 30 Dec 2025
  • Fix available
  • Severity - 1.3 (Low)
GO-2025-4254
  • Go/github.com/mattermost/mattermost-plugin-calls
 Mattermost has CSRF vulnerability via Calls Widget page in github.com/mattermost/mattermost-plugin-calls 30 Dec 2025
  • Fix available
GO-2025-4255
  • Go/github.com/mattermost/mattermost-plugin-calls
 Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in in github.com/mattermost/mattermost-plugin-calls 30 Dec 2025
  • Fix available
GO-2025-4256
  • Go/github.com/mattermost/mattermost
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost 30 Dec 2025
  • Fix available
GO-2025-4257
  • Go/github.com/kedacore/keda
  • Go/github.com/kedacore/keda/v2
 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda 30 Dec 2025
  • Fix available
GO-2025-4258
  • Go/code.gitea.io/gitea
 Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea 30 Dec 2025
  • Fix available
GO-2025-4261
  • Go/code.gitea.io/gitea
 Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea 30 Dec 2025
  • No fix available
GO-2025-4262
  • Go/code.gitea.io/gitea
 Gitea: anonymous user can visit private user's project in code.gitea.io/gitea 30 Dec 2025
  • Fix available
Load more...