Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-vwq2-jx9q-9h9f
  • Go/github.com/charmbracelet/soft-serve
 Soft Serve is vulnerable to SSRF through its Webhooks yesterday
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-46xp-26xh-hpqh
  • Go/github.com/kubevirt/kubevirt
 KubeVirt Vulnerable to Arbitrary Host File Read and Write 4 days ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-fv2r-r8mp-pg48
  • Go/github.com/charmbracelet/soft-serve
 Soft Serve does not sanitize ANSI escape sequences in user input 5 days ago
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-2r4r-5x78-mvqf
  • Go/github.com/kubevirt/kubevirt
 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes 5 days ago
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-7xgm-5prm-v5gc
  • Go/github.com/kubevirt/kubevirt
 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes 5 days ago
  • No fix available
  • Severity - 6.9 (Medium)
GHSA-9m94-w2vq-hcf9
  • Go/github.com/kubevirt/kubevirt
 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation 5 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-ggp9-c99x-54gp
  • Go/kubevirt.io/kubevirt
 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing 5 days ago
  • Fix available
  • Severity - 4.7 (Medium)
GHSA-qw6q-3pgr-5cwq
  • Go/github.com/kubevirt/kubevirt
 KubeVirt Arbitrary Container File Read 5 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-38jw-g2qx-4286
  • Go/kubevirt.io/kubevirt
 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer 5 days ago
  • Fix available
  • Severity - 4.7 (Medium)
GHSA-m6hq-p25p-ffr2
  • Go/github.com/containerd/containerd
  • Go/github.com/containerd/containerd/v2
 containerd CRI server: Host memory exhaustion through Attach goroutine leak 5 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-w2jf-268q-mrvh
  • Go/github.com/opentofu/opentofu
 OpenTofu affected denials of service in "tofu init" with maliciously-crafted module package responses 6 days ago
  • Fix available
  • Severity - 3.1 (Low)
GHSA-pwhc-rpq9-4c8w
  • Go/github.com/containerd/containerd
  • Go/github.com/containerd/containerd/v2
 containerd affected by a local privilege escalation via wide permissions on CRI directory 6 days ago
  • Fix available
  • Severity - 7.3 (High)
GHSA-cpf4-pmr4-w6cx
  • Go/github.com/zitadel/zitadel
 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering 6 days ago
  • Fix available
  • Severity - 8.7 (High)
GO-2025-4004
  • Go/github.com/lxc/lxd
  • Go/github.com/lxc/lxd/v6
 Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns in github.com/lxc/lxd 6 days ago
  • No fix available
GO-2025-4020
  • Go/github.com/nwaples/rardecode
  • Go/github.com/nwaples/rardecode/v2
 DoS risk due to unrestricted RAR dictionary sizes in github.com/nwaples/rardecode 6 days ago
  • Fix available
GO-2025-4021
  • Go/github.com/siderolabs/omni
 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni 6 days ago
  • Fix available
Load more...