Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-923j-vrcg-hxwh
  • Go/github.com/chainguard-dev/malcontent
 malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction 2 hours ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-9m43-p3cx-w8j5
  • Go/github.com/chainguard-dev/malcontent
 malcontent OCI image pull credential exfiltration via malicious registry token realm 2 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-j477-6vpg-6c8x
  • Go/github.com/juju/juju
 Juju has broken CMR authorization 9 hours ago
  • No fix available
  • Severity - 2.1 (Low)
GHSA-c4jr-5q7w-f6r9
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan has Arbitrary File Write via /api/file/copyFile leading to RCE 9 hours ago
  • No fix available
  • Severity - 9.1 (Critical)
GHSA-f72r-2h5j-7639
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan File Read API Case Sensitivity Bypass can Lead to Path Traversal yesterday
  • No fix available
  • Severity - 8.7 (High)
GO-2026-4342
  • Go/stdlib
 Excessive CPU consumption when building archive index in archive/zip yesterday
  • Fix available
GO-2026-4341
  • Go/stdlib
 Memory exhaustion in query parameter parsing in net/url yesterday
  • Fix available
GO-2026-4340
  • Go/stdlib
 Handshake messages may be processed at the incorrect encryption level in crypto/tls yesterday
  • Fix available
GO-2026-4339
  • Go/toolchain
 Arbitrary file write using cgo pkg-config directive in cmd/go yesterday
  • Fix available
GO-2026-4338
  • Go/toolchain
 Unexpected code execution when invoking toolchain in cmd/go yesterday
  • Fix available
GHSA-w5wv-wvrp-v5m5
  • Go/github.com/akuity/kargo
 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-r2rj-wwm5-x6mq
  • Go/github.com/kyverno/kyverno
 Kyverno Denial of Service via Context Variable Amplification in Policy Engine 2 days ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-8p9x-46gm-qfx2
  • Go/github.com/kyverno/kyverno
 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall 2 days ago
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-j49h-6577-5xwq
  • Go/github.com/gmrtd/gmrtd
 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values 2 days ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-m855-r557-5rc5
  • Go/github.com/amir20/dozzle
 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access 2 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-jqc5-w2xx-5vq4
  • Go/github.com/theupdateframework/go-tuf/v2
 go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names 3 days ago
  • Fix available
  • Severity - 4.7 (Medium)
Load more...