Vulnerability Library

search
ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-58g2-vgpg-335q
  • Go/github.com/darklynx/request-baskets
 request-baskets vulnerable to Server-Side Request Forgery
  • See details.
 2023-03-31T22:44:28Z No fix available
GHSA-3hwm-922r-47hw
  • Go/atomys.codes/stud42
 Stud42 vulnerable to denial of service
  • See details.
 2023-03-31T19:33:44Z No fix available
GHSA-v3hp-mcj5-pg39
  • Go/github.com/hashicorp/vault
  • Go/github.com/hashicorp/vault
  • Go/github.com/hashicorp/vault
 HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
  • See details.
 2023-03-30T20:43:55Z Fix available
GHSA-g2j6-57v7-gm8c
  • Go/github.com/opencontainers/runc
 runc AppArmor bypass with symlinked /proc
  • See details.
 2023-03-30T20:20:23Z Fix available
GHSA-m8cg-xc2p-r3fc
  • Go/github.com/opencontainers/runc
 rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
  • See details.
 2023-03-30T20:17:24Z Fix available
GHSA-5j5w-g665-5m35
  • Go/github.com/containerd/containerd
  • Go/github.com/containerd/containerd
 Ambiguous OCI manifest parsing
  • See details.
 2023-03-30T14:50:04Z Fix available
GHSA-528j-9r78-wffx
  • Go/go.etcd.io/etcd/client/v3
  • Go/go.etcd.io/etcd/client/v3
 etcd user credentials are stored in WAL logs in plaintext
  • See details.
 2023-03-30T14:46:31Z Fix available
GHSA-vpvm-3wq2-2wvm
  • Go/github.com/opencontainers/runc
 Opencontainers runc Incorrect Authorization vulnerability
  • See details.
 2023-03-29T14:46:15Z Fix available
GHSA-jwvw-v7c5-m82h
  • NuGet/Google.Protobuf
  • Maven/com.google.protobuf:protobuf-parent
  • Go/github.com/protocolbuffers/protobuf
  • Packagist/google/protobuf
  • PyPI/protobuf
 protobuf susceptible to buffer overflow
  • 0.0.1-test1
  • 3.0.0
  • 3.0.0-alpha4
  • 3.0.0-beta2
  • 3.0.0-beta3
  • 3.0.0-beta4
  • 3.1.0
  • ...
 2023-03-28T05:44:27.287742Z Fix available
GHSA-75rw-34q6-72cr
  • crates.io/biscuit-auth
  • Go/github.com/biscuit-auth/biscuit-go
  • Maven/com.clever-cloud:biscuit-java
 Signature forgery in Biscuit
  • 0.2.1
  • 0.2.2
  • 0.2.3
  • 0.2.4
  • 0.2.5
  • 0.2.6
  • 0.2.7
  • ...
 2023-03-28T05:43:38.870519Z Fix available
GHSA-77rm-9x9h-xj3g
  • NuGet/Google.Protobuf
  • Packagist/google/protobuf
  • Maven/com.google.protobuf:protobuf-parent
  • Go/github.com/protocolbuffers/protobuf
  • PyPI/protobuf
 NULL Pointer Dereference in Protocol Buffers
  • 0.0.1-test1
  • 3.0.0
  • 3.0.0-alpha4
  • 3.0.0-beta2
  • 3.0.0-beta3
  • 3.0.0-beta4
  • 3.1.0
  • ...
 2023-03-28T05:38:33.705668Z Fix available
GHSA-x95h-979x-cf3j
  • PyPI/pybluemonday
  • Go/github.com/microcosm-cc/bluemonday
 Policies not properly enforced in bluemonday
  • 0.0.1
  • 0.0.2
  • 0.0.3
  • 0.0.4
  • 0.0.5
  • 0.0.6
  • 0.0.7
 2023-03-28T05:30:55.593694Z Fix available
GHSA-8gg8-wr4j-v2wr
  • Go/github.com/gophish/gophish
 Gophish vulnerable to Denial of Service via crafted payload involving autofocus
  • See details.
 2023-03-28T02:42:24Z No fix available
GHSA-55m9-hm92-xm8j
  • Go/github.com/gophish/gophish
 Gophish vulnerable to Cross-site Scripting via crafted landing page
  • See details.
 2023-03-28T02:41:53Z No fix available
GHSA-qwqv-rqgf-8qh8
  • Go/github.com/containers/podman/v4
 Podman Time-of-check Time-of-use (TOCTOU) Race Condition
  • See details.
 2023-03-27T22:33:20Z Fix available
GHSA-cp96-jpmq-xrr2
  • Go/kubevirt.io/kubevirt
 On a compromised node, the virt-handler service account can be used to modify all node specs
  • See details.
 2023-03-27T22:24:34Z No fix available
Load more...