Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pxq7-h93f-9jrg
  • Go/github.com/oauth2-proxy/oauth2-proxy/v7
 OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_regex 2 hours ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-c5c4-8r6x-56w3
  • Go/github.com/oauth2-proxy/oauth2-proxy/v7
 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims 2 hours ago
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-7x63-xv5r-3p2x
  • Go/github.com/oauth2-proxy/oauth2-proxy/v7
 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing 2 hours ago
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-hv4r-mvr4-25vw
  • Go/github.com/minio/minio
 MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads 21 hours ago
  • No fix available
  • Severity - 8.8 (High)
GHSA-hw5x-4r37-72w7
  • Go/github.com/opentofu/opentofu
 OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses 22 hours ago
  • Fix available
  • Severity - 3.1 (Low)
GHSA-pq96-pwvg-vrr9
  • Go/github.com/fatedier/frp
 frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control 22 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-7jrq-q4pq-rhm6
  • Go/github.com/oxia-db/oxia
 Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles 22 hours ago
  • Fix available
  • Severity - 8.0 (High)
GHSA-5gqc-qhrj-9xw8
  • Go/github.com/oxia-db/oxia
 Oxia affected by server crash via race condition in session heartbeat handling 22 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-fhvp-9hcj-6m33
  • Go/github.com/oxia-db/oxia
 Oxia has an OIDC token audience validation bypass via SkipClientIDCheck 22 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-pm7q-rjjx-979p
  • Go/github.com/oxia-db/oxia
 Oxia exposes bearer token in debug log messages on authentication failure 22 hours ago
  • Fix available
GHSA-8q5w-mmxf-48jg
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan has incomplete fix for CVE-2026-33066: XSS 22 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-7qx6-f23w-3w7f
  • Go/github.com/patrickhener/goshs
  • Go/github.com/patrickhener/goshs/v2
 Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisible-Mode Bypass in goshs `/?redirect` endpoint 22 hours ago
  • No fix available
GHSA-77fj-vx54-gvh7
  • Go/github.com/gomarkdown/markdown
 Go Markdown has an Out-of-bounds Read in SmartypantsRenderer 22 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-rggm-jjmc-3394
  • Go/github.com/kyverno/kyverno
 Kyverno has SSRF via CEL http.Get/http.Post in NamespacedValidatingPolicy allows cross-namespace data access 23 hours ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-jf4f-rr2c-9m58
  • Go/github.com/authzed/spicedb
 SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs 23 hours ago
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-pj97-4p9w-gx3q
  • Go/github.com/zarf-dev/zarf
 Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write 23 hours ago
  • Fix available
  • Severity - 7.1 (High)
Load more...