Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-xggc-qprg-x6mw
  • Go/github.com/weaveworks/weave-gitops
Weave GitOps leaked cluster credentials into logs on connection errors
  • See details.
2022-06-23T17:40:34Z Fix available
GHSA-75rw-34q6-72cr
  • crates.io/biscuit-auth
  • Go/https://github.com/biscuit-auth/biscuit-go
  • Maven/com.clever-cloud:biscuit-java
Signature forgery in Biscuit
  • 0.2.1
  • 0.2.2
  • 0.2.3
  • 0.2.4
  • 0.2.5
  • 0.2.6
  • 0.2.7
  • ...
2022-06-22T18:02:11.547619Z Fix available
GHSA-jhqp-vf4w-rpwq
  • Go/github.com/argoproj/argo-cd
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
DoS through large manifest files in Argo CD
  • 2.4.0
2022-06-21T22:51:05Z Fix available
GHSA-q4w5-4gq2-98vm
  • Go/github.com/argoproj/argo-cd
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
  • 2.4.0
2022-06-21T20:04:51Z Fix available
GHSA-h4w9-6x78-8vrj
  • Go/github.com/argoproj/argo-cd
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
Argo CD's external URLs for Deployments can include JavaScript
  • 2.4.0
2022-06-21T20:04:34Z Fix available
GHSA-2m7h-86qq-fp4v
  • Go/github.com/argoproj/argo-cd
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd/v2
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
  • 2.4.0
2022-06-21T20:03:23Z Fix available
GHSA-jwvw-v7c5-m82h
  • NuGet/Google.Protobuf
  • Maven/com.google.protobuf:protobuf-parent
  • Go/github.com/protocolbuffers/protobuf
  • Packagist/google/protobuf
  • PyPI/protobuf
protobuf susceptible to buffer overflow
  • 0.0.1-test1
  • 3.0.0
  • 3.0.0-alpha4
  • 3.0.0-beta2
  • 3.0.0-beta3
  • 3.0.0-beta4
  • 3.1.0
  • ...
2022-06-17T22:25:16.563523Z Fix available
GHSA-67mx-jc2f-jgjm
  • Go/gogs.io/gogs
OS Command Injection in file editor in Gogs
  • See details.
2022-06-17T19:21:46Z Fix available
GHSA-994f-7g86-qr56
  • Go/gogs.io/gogs
Path Traversal in file editor on Windows in Gogs
  • See details.
2022-06-17T19:21:00Z Fix available
GHSA-6vcc-v9vw-g2x5
  • Go/gogs.io/gogs
Path Traversal in Git HTTP endpoints in Gogs
  • See details.
2022-06-17T19:20:55Z Fix available
GHSA-r48q-9g5r-8q2h
  • Go/github.com/emicklei/go-restful/v3
  • Go/github.com/emicklei/go-restful/v2
  • Go/github.com/emicklei/go-restful
Authorization Bypass Through User-Controlled Key in go-restful
  • See details.
2022-06-17T18:18:04Z Fix available
GHSA-g63h-q855-vp3q
  • Go/github.com/edgexfoundry/device-sdk-go/v2
  • Go/github.com/edgexfoundry/app-functions-sdk-go/v2
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users
  • See details.
2022-06-17T01:11:42Z Fix available
GHSA-qpgx-64h2-gc3c
  • Go/github.com/argoproj/argo-events
Insecure path traversal in Git Trigger Source can lead to arbitrary file read
  • See details.
2022-06-17T01:03:47Z Fix available
GHSA-5q86-62xr-3r57
  • Go/github.com/argoproj/argo-events
Uses of deprecated API can be used to cause DoS in user-facing endpoints
  • See details.
2022-06-17T01:02:56Z Fix available
GHSA-gwpf-95jc-63rv
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server
Uncontrolled Resource Consumption in Mattermost server
  • See details.
2022-06-17T01:01:48Z Fix available
GHSA-9w9f-6mg8-jp7w
  • Go/github.com/blevesearch/bleve
Missing Role Based Access Control for the REST handlers in bleve/http package
  • See details.
2022-06-15T19:43:17Z No fix available