Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-7x23-j8gv-v54x
  • Go/github.com/ctfer-io/monitoring
 github.com/ctfer-io/monitoring Vulnerable to Improper Access Control 2 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-4j3x-hhg2-fm2x
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB 2 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-q926-c743-49qj
  • Go/github.com/centrifugal/centrifugo/v6
 Centrifugo's InsecureSkipTokenSignatureVerify flag silently disables JWT verification with no warning 2 days ago
  • Fix available
GHSA-j77h-rr39-c552
  • Go/github.com/centrifugal/centrifugo/v6
 Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL 2 days ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-45vh-rpc8-hxpp
  • Go/github.com/forceu/gokapi
 Gokapi's File Request MaxSize Limit Bypassed via Multi-Chunk Upload 2 days ago
  • Fix available
  • Severity - 4.3 (Medium)
GHSA-qwc6-vc2v-2ggj
  • Go/github.com/forceu/gokapi
 Gokapi vulnerable to DoS in E2E Metadata Parser 2 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-j6jp-78w8-34x6
  • Go/github.com/forceu/gokapi
 Gokapi vulnerable to Privilege Escalation in File Replace 2 days ago
  • Fix available
  • Severity - 4.1 (Medium)
GHSA-m83q-5wr4-4gfp
  • Go/github.com/drakkan/sftpgo/v2
 SFTPGo improperly sanitizes placeholders in group home directories/key prefixes 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-x8qh-7475-c5mp
  • Go/github.com/drakkan/sftpgo
  • Go/github.com/drakkan/sftpgo/v2
 SFTPGo Vulnerable to Path Traversal and Permission Bypass via Path Normalization Discrepancy 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-5xxp-2vrj-x855
  • Go/github.com/emmansun/gmsm
 SM9 Infinity-Point Ciphertext Forgery Vulnerability 2 days ago
  • Fix available
  • Severity - 9.2 (Critical)
GHSA-m4q3-457p-hh2x
  • Go/github.com/dagu-org/dagu
 Dagu: Path Traversal via `dagRunId` in Inline DAG Execution 3 days ago
  • No fix available
  • Severity - 9.1 (Critical)
GHSA-j478-p7vq-3347
  • Go/github.com/ellanetworks/core
 Ella Core: AMF DoS via malformed PathSwitchRequest with empty NR security capability bitstrings 3 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-m9pm-w3gv-c68f
  • Go/github.com/ellanetworks/core
 Ella Core vulnerable to Unauthenticated AMF DoS via malformed InitialUEMessage with undersized integrity-protected NAS payload 3 days ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-3q28-qjrv-qr39
  • Go/github.com/steveiliop56/tinyauth
 Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint 3 days ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-xg2q-62g2-cvcm
  • Go/github.com/steveiliop56/tinyauth
 Tinyauth's OIDC authorization codes are not bound to client on token exchange 3 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-4hjq-9h5c-252j
  • Go/github.com/traefik/traefik/v2
  • Go/github.com/traefik/traefik/v3
 Traefik: HTTP/2 frames can cause a running server to panic 4 days ago
  • Fix available
  • Severity - 7.7 (High)
Load more...