Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-88h9-77c7-p6w4
  • Go/github.com/evervault/evervault-go
 Evervault Go SDK: Incomplete PCR Validation in Enclave Attestation for non-Evervault hosted Enclaves 10 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-vjrc-mh2v-45x6
  • Go/github.com/oauth2-proxy/oauth2-proxy/v7
 OAuth2-Proxy is vulnerable to header smuggling via underscore leading to potential privilege escalation 10 hours ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-vwq2-jx9q-9h9f
  • Go/github.com/charmbracelet/soft-serve
 Soft Serve is vulnerable to SSRF through its Webhooks 2 days ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-46xp-26xh-hpqh
  • Go/github.com/kubevirt/kubevirt
 KubeVirt Vulnerable to Arbitrary Host File Read and Write 5 days ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-fv2r-r8mp-pg48
  • Go/github.com/charmbracelet/soft-serve
 Soft Serve does not sanitize ANSI escape sequences in user input 6 days ago
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-2r4r-5x78-mvqf
  • Go/github.com/kubevirt/kubevirt
 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes 6 days ago
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-7xgm-5prm-v5gc
  • Go/github.com/kubevirt/kubevirt
 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes 6 days ago
  • No fix available
  • Severity - 6.9 (Medium)
GHSA-9m94-w2vq-hcf9
  • Go/github.com/kubevirt/kubevirt
 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-ggp9-c99x-54gp
  • Go/kubevirt.io/kubevirt
 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing 6 days ago
  • Fix available
  • Severity - 4.7 (Medium)
GHSA-qw6q-3pgr-5cwq
  • Go/github.com/kubevirt/kubevirt
 KubeVirt Arbitrary Container File Read 6 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-38jw-g2qx-4286
  • Go/kubevirt.io/kubevirt
 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer 6 days ago
  • Fix available
  • Severity - 4.7 (Medium)
GHSA-m6hq-p25p-ffr2
  • Go/github.com/containerd/containerd
  • Go/github.com/containerd/containerd/v2
 containerd CRI server: Host memory exhaustion through Attach goroutine leak 6 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-w2jf-268q-mrvh
  • Go/github.com/opentofu/opentofu
 OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses 6 days ago
  • Fix available
  • Severity - 3.1 (Low)
GHSA-pwhc-rpq9-4c8w
  • Go/github.com/containerd/containerd
  • Go/github.com/containerd/containerd/v2
 containerd affected by a local privilege escalation via wide permissions on CRI directory 6 days ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-cpf4-pmr4-w6cx
  • Go/github.com/zitadel/zitadel
 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering 05 Nov
  • Fix available
  • Severity - 8.7 (High)
GO-2025-4004
  • Go/github.com/lxc/lxd
  • Go/github.com/lxc/lxd/v6
 Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns in github.com/lxc/lxd 05 Nov
  • No fix available
Load more...