Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-9m7r-g8hg-x3vr
  • Go/github.com/authzed/spicedb
 SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results yesterday
  • Fix available
  • Severity - 2.9 (Low)
GHSA-gmm6-j2g5-r52m
  • Go/github.com/hashicorp/terraform-provider-vault
 Vault’s Terraform Provider incorrectly set default deny_null_bind parameter for LDAP auth method to false by default yesterday
  • Fix available
  • Severity - 7.4 (High)
GHSA-w62r-7c53-fmc5
  • Go/github.com/grafana/grafana
 Grafana Incorrect Privilege Assignment vulnerability yesterday
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-2c64-vmv2-hgfc
  • Go/github.com/openfga/openfga
 OpenFGA Improper Policy Enforcement 2 days ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-6xvf-4vh9-mw47
  • Go/github.com/mindersec/minder
 Minder does not sandbox http.send in Rego programs 2 days ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-f786-75f3-74xj
  • Go/github.com/google/osv-scalibr
 OSV-SCALIBR has NULL Pointer Dereference 2 days ago
  • Fix available
  • Severity - 1.9 (Low)
GHSA-f6x5-jh6r-wrfv
  • Go/golang.org/x/crypto
 golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read 3 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-j5w8-q4qc-rx2x
  • Go/golang.org/x/crypto
 golang.org/x/crypto/ssh allows an attacker to cause unbounded memory consumption 3 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-hcpf-qv9m-vfgp
  • Go/github.com/esm-dev/esm.sh
 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript 3 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-h3mw-4f23-gwpw
  • Go/github.com/esm-dev/esm.sh
 esm.sh CDN service has arbitrary file write via tarslip 3 days ago
  • Fix available
  • Severity - 8.2 (High)
GO-2025-4134
  • Go/golang.org/x/crypto
 Unbounded memory consumption in golang.org/x/crypto/ssh 3 days ago
  • Fix available
GO-2025-4135
  • Go/golang.org/x/crypto
 Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent 3 days ago
  • Fix available
GHSA-ch7q-53v8-73pc
  • Go/goauthentik.io
 authentik's invitation expiry is delayed by at least 5 minutes 3 days ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-xr73-jq5p-ch8r
  • Go/goauthentik.io
 authentik allows a deactivated Service account to authenticate to OAuth 3 days ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-9hh7-6558-qfp2
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost allows other users to determine when users had read channels via channel member objects 4 days ago
  • Fix available
  • Severity - 3.0 (Low)
GO-2025-4025
  • Go/github.com/cometbft/cometbft
 CometBFT's invalid BitArray handling can lead to network halt in github.com/cometbft/cometbft 4 days ago
  • Fix available
Load more...