Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-m9xq-6h2j-65r2
  • Go/github.com/gomarkdown/markdown
Out-of-bounds Read while parsing citations
  • See details.
2023-09-22T19:59:49Z Fix available
GHSA-x4hh-vjm7-g2jv
  • Go/github.com/contribsys/faktory
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input
  • See details.
2023-09-20T22:51:09Z Fix available
GHSA-364c-vvqx-446c
  • Go/github.com/schollz/croc/v9
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
  • See details.
2023-09-20T06:30:50Z No fix available
GHSA-7g3v-4ggr-xvjf
  • Go/github.com/schollz/croc/v9
Croc may expose secret to local users
  • See details.
2023-09-20T06:30:50Z No fix available
GHSA-7mp6-929p-pqhj
  • Go/github.com/schollz/croc/v9
Croc requires senders to provide local IP addresses in cleartext
  • See details.
2023-09-20T06:30:50Z No fix available
GHSA-8c8w-f7wp-2jr2
  • Go/github.com/schollz/croc
Sender can cause a receiver to overwrite files during ZIP extraction in Croc
  • See details.
2023-09-20T06:30:50Z No fix available
GHSA-hp56-xvf4-g6wr
  • Go/github.com/schollz/croc/v9
Cros secrets may be disclosed to untrusted relay
  • See details.
2023-09-20T06:30:50Z No fix available
GHSA-ppjh-xp5v-46wc
  • Go/github.com/schollz/croc/v9
Croc sender may send dangerous new files to receiver
  • See details.
2023-09-20T06:30:50Z No fix available
GHSA-vpjc-4jcv-jc29
  • Go/github.com/nats-io/nats-server
NATS nats-server allows directory traversal via unintended path to a management action
  • See details.
2023-09-19T03:30:34Z Fix available
GHSA-2g7r-9xq5-c6hv
  • Go/github.com/usememos/memos
Cross-Site Request Forgery (CSRF) in usememos/memos
  • See details.
2023-09-18T06:30:14Z Fix available
GHSA-v84f-6r39-cpfc
  • Go/github.com/hashicorp/vault
  • Go/github.com/hashicorp/vault
  • Go/github.com/hashicorp/vault
HashiCorp Vault Improper Input Validation vulnerability
  • See details.
2023-09-15T00:30:29Z Fix available
GO-2023-2048
  • Go/github.com/cyphar/filepath-securejoin
Paths outside of the rootfs could be produced on Windows
  • See details.
2023-09-13T19:45:03Z Fix available
GO-2023-2024
  • Go/github.com/libp2p/go-libp2p
libp2p nodes vulnerable to OOM attack
  • See details.
2023-09-13T16:37:01Z Fix available
GO-2023-2052
  • Go/github.com/gofiber/fiber/v2
IsFromLocal local address check can be circumvented in github.com/gofiber/fiber/v2
  • See details.
2023-09-12T17:31:22Z Fix available
GHSA-j7hp-h8jx-5ppr
  • crates.io/libwebp-sys2
  • crates.io/libwebp-sys
  • npm/electron
  • npm/electron
  • npm/electron
  • npm/electron
  • npm/electron
  • NuGet/SkiaSharp
  • Go/github.com/chai2010/webp
libwebp: OOB write in BuildHuffmanTable
  • 2.80.0
  • 2.80.1
  • 2.80.2
  • 2.80.3
  • 2.80.4
  • 2.88.0
  • 2.88.1
  • ...
2023-09-12T15:30:20Z Fix available
GHSA-p45j-vfv5-wprq
  • Go/github.com/rancher/rke2
  • Go/github.com/rancher/rke2
  • Go/github.com/rancher/rke2
  • Go/github.com/rancher/rke2
  • Go/github.com/rancher/rke2
RKE2 supervisor port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack
  • See details.
2023-09-11T13:47:16Z Fix available