Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GO-2026-4295
  • Go/github.com/mattermost/mattermost-server
Mattermost Server exposes sensitive user status information via REST API version 4 endpoint in github.com/mattermost/mattermost-server 28 minutes ago
  • Fix available
GO-2026-4296
  • Go/github.com/mattermost/mattermost-server
Mattermost Server is vulnerable to XSS through display name field in github.com/mattermost/mattermost-server 28 minutes ago
  • Fix available
GO-2026-4297
  • Go/github.com/mattermost/mattermost-server
Mattermost Server has intermittent Authorization bypass for resource-owners in github.com/mattermost/mattermost-server 28 minutes ago
  • Fix available
GO-2026-4298
  • Go/github.com/mattermost/mattermost-server
Mattermost Server does not safeguard against phishing via error page links in github.com/mattermost/mattermost-server 28 minutes ago
  • Fix available
GO-2026-4299
  • Go/github.com/mattermost/mattermost-server
Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint in github.com/mattermost/mattermost-server 28 minutes ago
  • Fix available
GO-2026-4300
  • Go/github.com/mattermost/mattermost-server
Mattermost Server is vulnerable to DoS through maliciously crafted posts in github.com/mattermost/mattermost-server 28 minutes ago
  • Fix available
GO-2026-4301
  • Go/github.com/mattermost/mattermost-server
Mattermost Server mishandles redirect denial action in github.com/mattermost/mattermost-server 28 minutes ago
  • Fix available
GO-2026-4302
  • Go/github.com/mattermost/mattermost-server
Mattermost Server vulnerable to XSS via an uploaded file in github.com/mattermost/mattermost-server 28 minutes ago
  • Fix available
GO-2026-4303
  • Go/github.com/mattermost/mattermost-server
Mattermost Server is vulnerable CSV Injection in github.com/mattermost/mattermost-server 28 minutes ago
  • Fix available
GO-2026-4304
  • Go/github.com/mattermost/mattermost-server
CVE-2017-18901 in github.com/mattermost/mattermost-server 28 minutes ago
  • No fix available
GO-2026-4306
  • Go/github.com/mattermost/mattermost-server
Mattermost Server has Insufficient Session Expiration when used as an OAuth 2.0 service provider in github.com/mattermost/mattermost-server 28 minutes ago
  • Fix available
GO-2026-4308
  • Go/github.com/go-shiori/shiori
Shiori is vulnerable to authentication bypass via a brute force attack in github.com/go-shiori/shiori 28 minutes ago
  • No fix available
GO-2026-4309
  • Go/github.com/sigstore/cosign
  • Go/github.com/sigstore/cosign/v2
  • Go/github.com/sigstore/cosign/v3
Cosign verification accepts any valid Rekor entry under certain conditions in github.com/sigstore/cosign 28 minutes ago
  • Fix available
MAL-2026-247
  • npm/ts-tweetnacl
Malicious code in ts-tweetnacl (npm) 36 minutes ago
  • No fix available
MINI-x96x-7r8q-fv32
  • MinimOS/cluster-autoscaler-fips-1.31
See record for full details 49 minutes ago
  • No fix available
MINI-r2wf-f5f8-282h
  • MinimOS/cluster-autoscaler-fips-1.31
See record for full details 49 minutes ago
  • No fix available