Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pmc3-p9hx-jq96
  • Go/github.com/refraction-networking/utls
 uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries yesterday
  • Fix available
  • Severity - 6.5 (Medium)
GO-2025-3630
  • Go/github.com/osrg/gobgp
  • Go/github.com/osrg/gobgp/v3
 GoBGP does not properly check the input length in github.com/osrg/gobgp yesterday
  • Fix available
GO-2025-3631
  • Go/github.com/osrg/gobgp
  • Go/github.com/osrg/gobgp/v3
 GoBGP panics due to a zero value for softwareVersionLen in github.com/osrg/gobgp yesterday
  • Fix available
GO-2025-3632
  • Go/github.com/osrg/gobgp
  • Go/github.com/osrg/gobgp/v3
 GoBGP crashes in the flowspec parser in github.com/osrg/gobgp yesterday
  • Fix available
GO-2025-3633
  • Go/github.com/osrg/gobgp
  • Go/github.com/osrg/gobgp/v3
 GoBGP does not verify that the input length in github.com/osrg/gobgp yesterday
  • Fix available
GO-2025-3623
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server yesterday
  • Fix available
GO-2025-3625
  • Go/github.com/cnlh/nps
 cnlh nps vulnerable to file overwrite by local user in github.com/cnlh/nps yesterday
  • Fix available
GO-2025-3627
  • Go/github.com/traefik/traefik
  • Go/github.com/traefik/traefik/v2
  • Go/github.com/traefik/traefik/v3
 Traefik affected by Go HTTP Request Smuggling Vulnerability in github.com/traefik/traefik yesterday
  • Fix available
GO-2025-3634
  • Go/github.com/traefik/traefik
  • Go/github.com/traefik/traefik/v2
  • Go/github.com/traefik/traefik/v3
 Traefik has a possible vulnerability with the path matchers in github.com/traefik/traefik yesterday
  • Fix available
GO-2025-3635
  • Go/github.com/cilium/cilium
 In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium yesterday
  • Fix available
GO-2025-3636
  • Go/github.com/songquanpeng/one-api
 one-api Cross-site Scripting vulnerability in github.com/songquanpeng/one-api yesterday
  • No fix available
GO-2025-3637
  • Go/github.com/minio/operator
 Minio Operator uses Kubernetes apiserver audience for AssumeRoleWithWebIdentity STS in github.com/minio/operator yesterday
  • No fix available
GO-2025-3607
  • Go/github.com/gorilla/csrf
 gorilla/csrf CSRF vulnerability due to broken Referer validation in github.com/gorilla/csrf yesterday
  • Fix available
GO-2025-3603
  • Go/github.com/ClickHouse/ch-go
 Query smuggling in ch-go library in github.com/ClickHouse/ch-go yesterday
  • Fix available
GO-2025-3604
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint in github.com/mattermost/mattermost-server yesterday
  • Fix available
GO-2025-3608
  • Go/github.com/argoproj/argo-events
 Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR in github.com/argoproj/argo-events yesterday
  • Fix available
Load more...