Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-6vxv-wg6j-5qwp
  • Go/gogs.io/gogs
 Gogs: XSS in .ipynb files renderer due to outdated notebookjs yesterday
  • Fix available
  • Severity - 8.5 (High)
GHSA-4vrg-r928-h5vv
  • Go/github.com/authzed/spicedb
 SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected yesterday
  • Fix available
  • Severity - 3.7 (Low)
GHSA-8w8f-r2xv-4q4j
  • Go/github.com/openbao/openbao
 OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types yesterday
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-mwr2-wmgp-crj6
  • Go/github.com/openbao/openbao
 OpenBao's System Backend allows Unauthorized Management of the containing Namespace yesterday
  • Fix available
  • Severity - 2.3 (Low)
GHSA-c36x-h252-g9x2
  • Go/github.com/openbao/openbao
 OpenBao: Cross-namespace lease revocation/renewal via canonical sys/leases/{revoke,renew} — incomplete fix of CVE-2026-45808 yesterday
  • Fix available
  • Severity - 2.1 (Low)
GHSA-6mwx-4547-5vc9
  • Go/github.com/openbao/openbao
 OpenBao: LDAPi ldaputil (wrong escape func) yesterday
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-w4mc-hhc6-xp28
  • Go/github.com/axllent/mailpit
 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms yesterday
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-m999-j542-5w3r
  • Go/miniflux.app/v2
 Open Redirect Bypass in miniflux-v2 yesterday
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-4mr2-fg2p-w63c
  • Go/github.com/traefik/traefik/v3
 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails yesterday
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-f9m7-vc86-p6jj
  • Go/go.qbee.io/transport
 go.qbee.io/transport: Symlink-chain path traversal in tar extraction (one level outside destination) yesterday
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-fcw4-wwqm-m8cf
  • Go/github.com/grafana/grafana-operator
  • Go/github.com/grafana/grafana-operator/v5
 Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName yesterday
  • Fix available
  • Severity - 6.4 (Medium)
GHSA-wfqx-gjrf-g28r
  • Go/github.com/crossplane/crossplane
  • Go/github.com/crossplane/crossplane/v2
 Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag yesterday
  • No fix available
  • Severity - 9.0 (Critical)
GHSA-x845-2f78-7v36
  • Go/github.com/0xERR0R/blocky
 Blocky DNSSEC validation bypass and validation-cache scope pollution yesterday
  • Fix available
  • Severity - 8.6 (High)
GHSA-33vj-92qq-66hc
  • Go/github.com/containerd/containerd/v2
 containerd CRI checkpoint restore CDI annotation smuggling yesterday
  • Fix available
  • Severity - 8.4 (High)
GHSA-rgh6-rfwx-v388
  • Go/github.com/containerd/containerd/v2
 Arbitrary host CRI log file read via symlink following in CRI checkpoint restore yesterday
  • Fix available
  • Severity - 7.1 (High)
GHSA-xhf5-7wjv-pqxp
  • Go/github.com/containerd/containerd
  • Go/github.com/containerd/containerd/v2
 containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull yesterday
  • Fix available
  • Severity - 8.7 (High)
Load more...