Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-77rm-9x9h-xj3g
  • NuGet/Google.Protobuf
  • Packagist/google/protobuf
  • Maven/com.google.protobuf:protobuf-parent
  • Go/github.com/protocolbuffers/protobuf
  • PyPI/protobuf
NULL Pointer Dereference in Protocol Buffers
  • 0.0.1-test1
  • 3.0.0
  • 3.0.0-alpha4
  • 3.0.0-beta2
  • 3.0.0-beta3
  • 3.0.0-beta4
  • 3.1.0
  • ...
2022-08-15T08:53:05.256472Z Fix available
GHSA-75rw-34q6-72cr
  • crates.io/biscuit-auth
  • Go/github.com/biscuit-auth/biscuit-go
  • Maven/com.clever-cloud:biscuit-java
Signature forgery in Biscuit
  • 0.2.1
  • 0.2.2
  • 0.2.3
  • 0.2.4
  • 0.2.5
  • 0.2.6
  • 0.2.7
  • ...
2022-08-15T08:46:34.747277Z Fix available
GHSA-jwvw-v7c5-m82h
  • NuGet/Google.Protobuf
  • Maven/com.google.protobuf:protobuf-parent
  • Go/github.com/protocolbuffers/protobuf
  • Packagist/google/protobuf
  • PyPI/protobuf
protobuf susceptible to buffer overflow
  • 0.0.1-test1
  • 3.0.0
  • 3.0.0-alpha4
  • 3.0.0-beta2
  • 3.0.0-beta3
  • 3.0.0-beta4
  • 3.1.0
  • ...
2022-08-15T08:22:52.777621Z Fix available
GHSA-x95h-979x-cf3j
  • PyPI/pybluemonday
  • Go/github.com/microcosm-cc/bluemonday
Policies not properly enforced in bluemonday
  • 0.0.1
  • 0.0.2
  • 0.0.3
  • 0.0.4
  • 0.0.5
  • 0.0.6
  • 0.0.7
2022-08-15T08:20:12.416192Z Fix available
GHSA-jh6m-3pqw-242h
  • Go/github.com/keycloak/keycloak-gatekeeper
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers
  • See details.
2022-08-12T20:52:13Z No fix available
GHSA-28r2-q6m8-9hpx
  • Go/github.com/hashicorp/go-getter
  • Go/github.com/hashicorp/go-getter
HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion
  • See details.
2022-08-12T13:12:58Z Fix available
GHSA-cjr4-fv6c-f3mv
  • Go/github.com/hashicorp/go-getter
  • Go/github.com/hashicorp/go-getter
HashiCorp go-getter unsafe downloads could lead to arbitrary host access
  • See details.
2022-08-12T13:12:46Z Fix available
GHSA-3382-r9q8-4hfg
  • Go/github.com/hashicorp/nomad
  • Go/github.com/hashicorp/nomad
  • Go/github.com/hashicorp/nomad
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
  • See details.
2022-08-12T12:53:18Z Fix available
GHSA-q6h7-4qgw-2j9p
  • Go/github.com/hashicorp/consul
  • Go/github.com/hashicorp/consul
  • Go/github.com/hashicorp/consul
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
  • See details.
2022-08-12T12:52:50Z Fix available
GHSA-23fq-q7hc-993r
  • Go/github.com/hashicorp/vault
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
  • See details.
2022-08-11T21:57:44Z Fix available
GO-2021-0265
  • Go/github.com/tidwall/gjson
  • See details.
2022-08-11T20:57:57Z Fix available
GO-2022-0534
  • Go/github.com/runatlantis/atlantis/server/controllers/events
  • See details.
2022-08-11T20:54:51Z Fix available
GHSA-25gf-8qrr-g78r
  • Go/github.com/hashicorp/consul
Hashicorp Consul Missing SSL Certificate Validation
  • See details.
2022-08-11T20:43:48Z Fix available
GHSA-8h2g-r292-j8xh
  • Go/github.com/hashicorp/consul
HashiCorp Consul L7 deny intention results in an allow action
  • See details.
2022-08-11T20:43:23Z Fix available
GHSA-x24g-9w7v-vprh
  • Go/github.com/hashicorp/go-getter
  • Go/github.com/hashicorp/go-getter
HashiCorp go-getter command injection
  • See details.
2022-08-11T19:31:17Z Fix available
GHSA-fcgg-rvwg-jv58
  • Go/github.com/hashicorp/go-getter
  • Go/github.com/hashicorp/go-getter
HashiCorp go-getter unsafe downloads
  • See details.
2022-08-11T19:30:55Z Fix available