Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-2hmf-46v7-v6fx
  • Go/github.com/vektah/gqlparser/v2
  • Go/github.com/vektah/gqlparser
gqlparser denial of service vulnerability via the parserDirectives function
  • See details.
2024-06-12T21:31:19Z Fix available
GHSA-32cj-5wx4-gq8p
  • Go/github.com/hashicorp/vault
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
  • 1.17.0-rc1
2024-06-12T21:31:19Z Fix available
GHSA-7jmw-8259-q9jx
  • Go/github.com/traefik/traefik/v3
  • Go/github.com/traefik/traefik/v2
  • Go/github.com/traefik/traefik
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
  • See details.
2024-06-11T19:29:43Z Fix available
GHSA-m5vv-6r4h-3vj9
  • PyPI/azure-identity
  • npm/@azure/identity
  • Maven/com.azure:azure-identity
  • npm/@azure/msal-node
  • NuGet/Microsoft.Identity.Client
  • Go/github.com/Azure/azure-sdk-for-go/sdk/azidentity
  • Maven/com.microsoft.azure:msal4j
  • NuGet/Azure.Identity
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
  • 1.0.0
  • 1.0.0b1
  • 1.0.0b2
  • 1.0.0b3
  • 1.0.0b4
  • 1.0.1
  • 1.1.0
  • ...
2024-06-11T18:30:50Z Fix available
GHSA-xmmx-7jpf-fx42
  • Go/github.com/docker/docker
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
  • See details.
2024-06-10T18:39:03Z Fix available
GHSA-99pg-grm5-qq3v
  • Go/github.com/docker/cli
Docker CLI leaks private registry credentials to registry-1.docker.io
  • See details.
2024-06-10T18:38:49Z Fix available
GHSA-v994-f8vw-g7j4
  • Go/github.com/docker/docker
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
  • See details.
2024-06-10T18:38:43Z Fix available
GHSA-87m9-rv8p-rgmg
  • Go/github.com/mostynb/go-grpc-compression
go-grpc-compression has a zstd decompression bombing vulnerability
  • See details.
2024-06-10T18:36:23Z Fix available
GO-2024-2731
  • Go/github.com/evmos/evmos/v13
Evmos vulnerable to unauthorized account creation with vesting module in github.com/evmos/evmos/v13
  • See details.
2024-06-10T16:39:03Z No fix available
GO-2024-2753
  • Go/k8s.io/kubernetes
Denial of service in Kubernetes in k8s.io/kubernetes
  • See details.
2024-06-10T16:39:03Z Fix available
GO-2024-2768
  • Go/github.com/rancher/rancher
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher
  • See details.
2024-06-10T16:39:03Z No fix available
GO-2024-2778
  • Go/github.com/rancher/rancher
Rancher Privilege escalation vulnerability via malicious "Connection" header in github.com/rancher/rancher
  • See details.
2024-06-10T16:39:03Z No fix available
GO-2024-2780
  • Go/k8s.io/kubernetes
Kubelet Incorrect Privilege Assignment in k8s.io/kubernetes
  • See details.
2024-06-10T16:39:03Z Fix available
GO-2024-2784
  • Go/github.com/rancher/rancher
Rancher Recreates Default User With Known Password Despite Deletion in github.com/rancher/rancher
  • See details.
2024-06-10T16:39:03Z Fix available
GO-2024-2801
  • Go/github.com/projectcalico/calico
Privilege escalation in Calico CNI install binary in github.com/projectcalico/calico
  • See details.
2024-06-10T16:39:03Z Fix available
GO-2024-2815
  • Go/github.com/pterodactyl/wings
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings
  • See details.
2024-06-10T16:39:03Z Fix available