Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-58g2-vgpg-335q
  • Go/github.com/darklynx/request-baskets
request-baskets vulnerable to Server-Side Request Forgery
  • See details.
2023-03-31T22:44:28Z No fix available
GHSA-3hwm-922r-47hw
  • Go/atomys.codes/stud42
Stud42 vulnerable to denial of service
  • See details.
2023-03-31T19:33:44Z No fix available
GHSA-v3hp-mcj5-pg39
  • Go/github.com/hashicorp/vault
  • Go/github.com/hashicorp/vault
  • Go/github.com/hashicorp/vault
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
  • See details.
2023-03-30T20:43:55Z Fix available
GHSA-g2j6-57v7-gm8c
  • Go/github.com/opencontainers/runc
runc AppArmor bypass with symlinked /proc
  • See details.
2023-03-30T20:20:23Z Fix available
GHSA-m8cg-xc2p-r3fc
  • Go/github.com/opencontainers/runc
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
  • See details.
2023-03-30T20:17:24Z Fix available
GHSA-5j5w-g665-5m35
  • Go/github.com/containerd/containerd
  • Go/github.com/containerd/containerd
Ambiguous OCI manifest parsing
  • See details.
2023-03-30T14:50:04Z Fix available
GHSA-528j-9r78-wffx
  • Go/go.etcd.io/etcd/client/v3
  • Go/go.etcd.io/etcd/client/v3
etcd user credentials are stored in WAL logs in plaintext
  • See details.
2023-03-30T14:46:31Z Fix available
GHSA-vpvm-3wq2-2wvm
  • Go/github.com/opencontainers/runc
Opencontainers runc Incorrect Authorization vulnerability
  • See details.
2023-03-29T14:46:15Z Fix available
GHSA-jwvw-v7c5-m82h
  • NuGet/Google.Protobuf
  • Maven/com.google.protobuf:protobuf-parent
  • Go/github.com/protocolbuffers/protobuf
  • Packagist/google/protobuf
  • PyPI/protobuf
protobuf susceptible to buffer overflow
  • 0.0.1-test1
  • 3.0.0
  • 3.0.0-alpha4
  • 3.0.0-beta2
  • 3.0.0-beta3
  • 3.0.0-beta4
  • 3.1.0
  • ...
2023-03-28T05:44:27.287742Z Fix available
GHSA-75rw-34q6-72cr
  • crates.io/biscuit-auth
  • Go/github.com/biscuit-auth/biscuit-go
  • Maven/com.clever-cloud:biscuit-java
Signature forgery in Biscuit
  • 0.2.1
  • 0.2.2
  • 0.2.3
  • 0.2.4
  • 0.2.5
  • 0.2.6
  • 0.2.7
  • ...
2023-03-28T05:43:38.870519Z Fix available
GHSA-77rm-9x9h-xj3g
  • NuGet/Google.Protobuf
  • Packagist/google/protobuf
  • Maven/com.google.protobuf:protobuf-parent
  • Go/github.com/protocolbuffers/protobuf
  • PyPI/protobuf
NULL Pointer Dereference in Protocol Buffers
  • 0.0.1-test1
  • 3.0.0
  • 3.0.0-alpha4
  • 3.0.0-beta2
  • 3.0.0-beta3
  • 3.0.0-beta4
  • 3.1.0
  • ...
2023-03-28T05:38:33.705668Z Fix available
GHSA-x95h-979x-cf3j
  • PyPI/pybluemonday
  • Go/github.com/microcosm-cc/bluemonday
Policies not properly enforced in bluemonday
  • 0.0.1
  • 0.0.2
  • 0.0.3
  • 0.0.4
  • 0.0.5
  • 0.0.6
  • 0.0.7
2023-03-28T05:30:55.593694Z Fix available
GHSA-8gg8-wr4j-v2wr
  • Go/github.com/gophish/gophish
Gophish vulnerable to Denial of Service via crafted payload involving autofocus
  • See details.
2023-03-28T02:42:24Z No fix available
GHSA-55m9-hm92-xm8j
  • Go/github.com/gophish/gophish
Gophish vulnerable to Cross-site Scripting via crafted landing page
  • See details.
2023-03-28T02:41:53Z No fix available
GHSA-qwqv-rqgf-8qh8
  • Go/github.com/containers/podman/v4
Podman Time-of-check Time-of-use (TOCTOU) Race Condition
  • See details.
2023-03-27T22:33:20Z Fix available
GHSA-cp96-jpmq-xrr2
  • Go/kubevirt.io/kubevirt
On a compromised node, the virt-handler service account can be used to modify all node specs
  • See details.
2023-03-27T22:24:34Z No fix available