Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GO-2024-2879
  • Go/github.com/dapr/dapr
Dapr API Token Exposure in github.com/dapr/dapr
  • See details.
2024-05-24T20:52:21Z Fix available
GHSA-3f65-m234-9mxr
  • Go/github.com/huandu/facebook/v2
github.com/huandu/facebook may expose access_token in error message.
  • See details.
2024-05-24T20:19:53Z Fix available
GHSA-f7cq-5v43-8pwp
  • Go/github.com/traefik/traefik/v2
  • Go/github.com/traefik/traefik/v3
  • Go/github.com/traefik/traefik
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
  • See details.
2024-05-23T15:19:41Z Fix available
GO-2024-2874
  • Go/github.com/cosmos/ibc-go
  • Go/github.com/cosmos/ibc-go/v2
  • Go/github.com/cosmos/ibc-go/v3
  • Go/github.com/cosmos/ibc-go/v4
  • Go/github.com/cosmos/ibc-go/v5
  • Go/github.com/cosmos/ibc-go/v6
  • Go/github.com/cosmos/ibc-go/v7
Inter-Blockchain Communication (IBC) protocol "Huckleberry" vulnerability in github.com/cosmos/ibc-go
  • See details.
2024-05-23T14:47:35Z Fix available
GO-2024-2571
  • Go/github.com/cosmos/cosmos-sdk
Invalid block proposal in github.com/cosmos/cosmos-sdk
  • See details.
2024-05-22T20:35:43Z Fix available
GHSA-284c-x8m7-9w5h
  • Go/github.com/dapr/dapr
Dapr API Token Exposure
  • See details.
2024-05-22T18:47:58Z Fix available
GO-2024-2870
  • Go/github.com/aquasecurity/trivy
Credential leakage in github.com/aquasecurity/trivy
  • See details.
2024-05-22T16:46:37Z Fix available
GHSA-9766-5277-j5hr
  • Go/github.com/argoproj/argo-cd/v2
  • Go/github.com/argoproj/argo-cd
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
  • See details.
2024-05-21T18:07:09Z Fix available
GO-2024-2812
  • Go/github.com/jub0bs/fcors
Some CORS middleware allow untrusted origins in github.com/jub0bs/fcors
  • See details.
2024-05-21T15:08:01Z Fix available
GO-2024-2813
  • Go/github.com/jub0bs/cors
Some CORS middleware allow untrusted origins in github.com/jub0bs/cors
  • See details.
2024-05-21T15:08:01Z Fix available
GHSA-2j6r-9vv4-6gf5
  • Go/github.com/bincyber/go-sqlcrypter
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
  • See details.
2024-05-20T21:56:07Z No fix available
GHSA-qjcv-rx3v-7mvj
  • Go/github.com/cosmos/ibc-go/v7
  • Go/github.com/cosmos/ibc-go/v6
  • Go/github.com/cosmos/ibc-go/v5
  • Go/github.com/cosmos/ibc-go/v4
  • Go/github.com/cosmos/ibc-go/v3
  • Go/github.com/cosmos/ibc-go/v2
  • Go/github.com/cosmos/ibc-go
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability
  • See details.
2024-05-20T21:51:33Z Fix available
GHSA-crgc-2583-rw27
  • Go/github.com/stacklok/minder
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
  • See details.
2024-05-20T20:43:54Z Fix available
GHSA-xcq4-m2r3-cmrj
  • Go/github.com/aquasecurity/trivy
Trivy possibly leaks registry credential when scanning images from malicious registries
  • See details.
2024-05-20T20:36:53Z Fix available
GO-2024-2748
  • Go/k8s.io/apimachinery
  • Go/k8s.io/kubernetes
Privilege Escalation in Kubernetes in k8s.io/apimachinery
  • See details.
2024-05-20T19:46:32Z Fix available
GO-2024-2632
  • Go/github.com/lestrrat-go/jwx
  • Go/github.com/lestrrat-go/jwx/v2
JWX vulnerable to a denial of service attack using compressed JWE message in github.com/lestrrat-go/jwx
  • See details.
2024-05-20T19:46:23Z Fix available