Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
CGA-6f85-jvrm-qq3w
  • Chainguard/aws-fsx-csi-driver-fips
  • Chainguard/dapr-placement-1.17
  • Chainguard/grafana-fips-12.2
  • Chainguard/nri-prometheus
  • Chainguard/prometheus-postgres-exporter
  • ... 7 more
See record for full details just now
  • Fix available
CGA-w7vv-7vph-696h
  • Chainguard/metallb-cp-tool
  • Wolfi/metallb-cp-tool
See record for full details just now
  • Fix available
CGA-mhq6-cw97-rcc6
  • Chainguard/cni-plugins-fips-tuning
See record for full details 1 minute ago
  • Fix available
CGA-w5jp-g3cv-wvfm
  • Chainguard/cni-plugins-static
  • Chainguard/consul-k8s-1.1
  • Chainguard/jupyterhub-k8s-image-awaiter-fips
  • Wolfi/cni-plugins-static
See record for full details 1 minute ago
  • Fix available
CGA-3x3m-j3x7-3f6w
  • Chainguard/calico-goldmane-fips-3.31
  • Chainguard/cni-plugins-static
  • Chainguard/prometheus-postgres-exporter
  • Chainguard/sigstore-scaffolding-fips-ctlog-verifyfulcio
  • Chainguard/splunk-otel-collector-fips
  • ... 5 more
See record for full details 2 minutes ago
  • Fix available
GHSA-r854-jrxh-36qx
  • Packagist/phpseclib/phpseclib
phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals() 19 minutes ago
  • Fix available
GHSA-ffq7-898w-9jc4
  • NuGet/DotNetNuke.Core
DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload 35 minutes ago
  • Fix available
  • Severity - 8.0 (High)
GHSA-6v7q-wjvx-w8wg
  • npm/basic-ftp
basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands 59 minutes ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-h9cx-xjg6-5v2w
  • Go/github.com/fluxcd/notification-controller
Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering 59 minutes ago
  • Fix available
  • Severity - 3.1 (Low)
GHSA-9qq8-cgcv-qmc9
  • Go/github.com/smallstep/certificates
Step CA affected by an index out of bounds panic in TPM attestation EKU validation 59 minutes ago
  • Fix available
  • Severity - 3.7 (Low)
GHSA-fw9q-39r9-c252
  • npm/langsmith
LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()` 59 minutes ago
  • Fix available
  • Severity - 5.6 (Medium)
GHSA-wvhv-qcqf-f3cx
  • Go/github.com/patrickhener/goshs
goshs has a file-based ACL authorization bypass in goshs state-changing routes 1 hour ago
  • No fix available
  • Severity - 9.3 (Critical)
GHSA-2943-crp8-38xx
  • Go/github.com/patrickhener/goshs
goshs is Missing Write Protection for Parametric Data Values 1 hour ago
  • No fix available
  • Severity - 7.7 (High)
GHSA-3wqj-33cg-xc48
  • PyPI/rembg
Rembg has a Path Traversal via Custom Model Loading 1 hour ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-49xc-52mp-cc9j
  • crates.io/nimiq-blockchain
nimiq-blockchain is missing a wall-clock upper bound on block timestamps 1 hour ago
  • No fix available
  • Severity - 9.1 (Critical)
GHSA-8647-755q-fw9p
  • PyPI/ajenti-plugin-core
ajenti.plugin.core has race conditions in 2FA 1 hour ago
  • Fix available
  • Severity - 6.9 (Medium)