Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GO-2026-5037
  • Go/stdlib
 Inefficient candidate hostname parsing in crypto/x509 21 hours ago
  • Fix available
GO-2026-5038
  • Go/stdlib
 Quadratic complexity in WordDecoder.DecodeHeader in mime 21 hours ago
  • Fix available
GO-2026-5039
  • Go/stdlib
 Arbitrary inputs are included in errors without any escaping in net/textproto 21 hours ago
  • Fix available
GO-2026-4960
  • Go/github.com/m1k1o/neko/server
 Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server yesterday
  • Fix available
GHSA-4g6j-g789-rghm
  • Go/github.com/nezhahq/nezha
 Nezha's authenticated agents can forge service-monitor results for other users' services 2 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-6x26-5727-rrm9
  • Go/github.com/nezhahq/nezha
 Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host 4 days ago
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-hjj4-hfjm-fmrj
  • Go/github.com/authelia/authelia/v4
 Authelia Missing Username Canonicalization in Basic Auth (LDAP) 4 days ago
  • Fix available
  • Severity - 2.9 (Low)
GHSA-c3m2-jqmq-pvp3
  • Go/goauthentik.io
 authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user 4 days ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-w5pp-99ch-qj29
  • Go/github.com/go-git/go-git/v5
  • Go/github.com/go-git/go-git/v6
 go-git: Malformed Git object data may cause panics or resource exhaustion 4 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GO-2026-5032
  • Go/golang.org/x/image
 Excessive resource consumption in PackBits decompression in golang.org/x/image/tiff 5 days ago
  • Fix available
GHSA-rf84-wr5g-m3rp
  • Go/github.com/metal3-io/cluster-api-provider-metal3
 CAPM3 vulnerable to Cross-Namespace resource access 5 days ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-49pm-43hf-6xfq
  • Go/github.com/metal3-io/ip-address-manager
 IPAM controller service account granted unnecessary full access to Secrets 5 days ago
  • Fix available
  • Severity - 4.4 (Medium)
GHSA-hfc8-w5f4-3x6m
  • Go/github.com/metal3-io/ironic-standalone-operator
 Ironic Standalone Operator's controller modifies user-owned resources without consent 5 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-7cwm-fpfh-rrch
  • Go/github.com/metal3-io/ironic-standalone-operator
 Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces 5 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GO-2026-5031
  • Go/golang.org/x/image
 Panic when reading out of bound palette index in golang.org/x/image/bmp 5 days ago
  • Fix available
GHSA-vp73-vjw8-8f32
  • Go/github.com/gotenberg/gotenberg/v8
 Gotenberg has a Race Condition via Multipart `downloadFrom` Handling 5 days ago
  • Fix available
  • Severity - 7.5 (High)
Load more...