Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GO-2024-3232
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
Mattermost Server allows user to get private channel names in github.com/mattermost/mattermost-server 9 hours ago
  • Fix available
GO-2024-3230
  • Go/github.com/kyverno/kyverno
Kyverno's PolicyException objects can be created in any namespace by default in github.com/kyverno/kyverno 9 hours ago
  • Fix available
GO-2024-3228
  • Go/github.com/coder/coder
  • Go/github.com/coder/coder/v2
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') in github.com/coder/coder 15 hours ago
  • Fix available
GO-2024-3227
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
Mattermost incorrectly issues two sessions when using desktop SSO in github.com/mattermost/mattermost-server 15 hours ago
  • Fix available
GO-2024-3226
  • Go/github.com/argoproj/argo-workflows
  • Go/github.com/argoproj/argo-workflows/v2
  • Go/github.com/argoproj/argo-workflows/v3
Argo Workflows Controller: Denial of Service via malicious daemon Workflows in github.com/argoproj/argo-workflows 15 hours ago
  • Fix available
GHSA-f748-7hpg-88ch
  • Go/github.com/NVIDIA/nvidia-container-toolkit
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system yesterday
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-mjjw-553x-87pq
  • Go/github.com/NVIDIA/nvidia-container-toolkit
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability yesterday
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-66c4-2g2v-54qw
  • Go/github.com/grafana/grafana
Grafana org admin can delete pending invites in different org yesterday
  • No fix available
  • Severity - 2.1 (Low)
GHSA-qjvc-p88j-j9rm
  • Go/github.com/kyverno/kyverno
Kyverno's PolicyException objects can be created in any namespace by default yesterday
  • Fix available
  • Severity - 8.7 (High)
GHSA-6mvp-gh77-7vwh
  • Go/github.com/mattermost/mattermost/server/v8
Mattermost Server allows user to get private channel names yesterday
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-762g-9p7f-mrww
  • Go/github.com/mattermost/mattermost/server/v8
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery yesterday
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-762v-rq7q-ff97
  • Go/github.com/mattermost/mattermost/server/v8
Mattermost Server vulnerable to application crash from attacker-generated large response yesterday
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-g376-m3h3-mj4r
  • Go/github.com/mattermost/mattermost/server/v8
Mattermost server allows authenticated user to delete arbitrary post yesterday
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-wcx9-ccpj-hx3c
  • Go/github.com/coder/coder/v2
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') 2 days ago
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-ghjw-32xw-ffwr
  • Go/github.com/argoproj/argo-workflows/v3
Argo Workflows Controller: Denial of Service via malicious daemon Workflows 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-hm57-h27x-599c
  • Go/github.com/mattermost/mattermost/server/v8
Mattermost incorrectly issues two sessions when using desktop SSO 2 days ago
  • Fix available
  • Severity - 2.4 (Low)