Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-8g8j-r87h-p36x
  • Go/vitess.io/vitess
 Vitess users with backup storage access can gain unauthorized access to production deployment environments yesterday
  • No fix available
  • Severity - 8.4 (High)
GHSA-465p-v42x-3fmj
  • Go/github.com/bitnami-labs/sealed-secrets
 Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations yesterday
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-gj6x-q8rh-wj6x
  • Go/github.com/filecoin-project/curio
 Curio exposes database credentials to users with network access through verbose HTTP error responses yesterday
  • Fix available
  • Severity - 7.1 (High)
GHSA-5rmx-256w-8mj9
  • Go/github.com/h44z/wg-portal
 WireGuard Portal is Vulnerable to Privilege Escalation via User Self-Update to Admin Level yesterday
  • Fix available
  • Severity - 8.8 (High)
GHSA-wvj2-96wp-fq3f
  • Go/github.com/modelcontextprotocol/go-sdk
 MCP Go SDK Vulnerable to Improper Handling of Case Sensitivity yesterday
  • Fix available
  • Severity - 7.0 (High)
GHSA-5rc7-2jj6-mp64
  • Go/github.com/linode/terraform-provider-linode
  • Go/github.com/linode/terraform-provider-linode/v2
  • Go/github.com/linode/terraform-provider-linode/v3
 Terraform Provider for Linode Debug Logs Vulnerable to Sensitive Information Exposure yesterday
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-2v6m-6xw3-6467
  • Go/github.com/fleetdm/fleet/v4
 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users yesterday
  • Fix available
  • Severity - 7.1 (High)
GHSA-5jvp-m9h4-253h
  • Go/github.com/fleetdm/fleet/v4
 Fleet: Authorization Bypass in certificate template batch deletion for team administrators yesterday
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-9pm7-6g36-6j78
  • Go/github.com/fleetdm/fleet/v4
 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint yesterday
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-ppwx-5jq7-px2w
  • Go/github.com/fleetdm/fleet/v4
 Fleet: Device lock PIN can be predicted if lock time is known yesterday
  • Fix available
  • Severity - 4.1 (Medium)
GHSA-42wg-38gx-85rh
  • Go/code.vikunja.io/api
 Vikunja has Path Traversal in CLI Restore yesterday
  • No fix available
  • Severity - 7.2 (High)
GHSA-mpf7-p9x7-96r3
  • Go/github.com/axllent/mailpit
 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API yesterday
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-49xw-vfc4-7p43
  • Go/github.com/fleetdm/fleet/v4
 Fleet has an SQL Injection vulnerability via backtick escape in ORDER BY parameter yesterday
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-p2v6-84h2-5x4r
  • Go/github.com/esm-dev/esm.sh
 esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route 2 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-7jp5-298q-jg98
  • Go/code.vikunja.io/api
 Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure 2 days ago
  • No fix available
  • Severity - 7.3 (High)
GHSA-3ccg-x393-96v8
  • Go/code.vikunja.io/api
 Vijkunja has Weak Password Policy Combined with Persistent Sessions After Password Change 2 days ago
  • No fix available
  • Severity - 9.1 (Critical)
Load more...