Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-xff3-5c9p-2mr4
  • Go/github.com/QuantumNous/new-api
 New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud 24 Apr
  • Fix available
  • Severity - 7.1 (High)
GHSA-x92x-px7w-4gx4
  • Go/github.com/dgraph-io/dgraph
  • Go/github.com/dgraph-io/dgraph/v24
  • Go/github.com/dgraph-io/dgraph/v25
 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field 24 Apr
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-mrxx-39g5-ph77
  • Go/github.com/dgraph-io/dgraph
  • Go/github.com/dgraph-io/dgraph/v24
  • Go/github.com/dgraph-io/dgraph/v25
 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field 24 Apr
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-x4mj-7f9g-29h4
  • Go/github.com/projectcontour/contour
 Contour has Lua code injection via Cookie Path Rewrite Policy 24 Apr
  • Fix available
  • Severity - 8.1 (High)
GHSA-q2pw-xx38-p64j
  • Go/chainguard.dev/melange
 melange has Path Traversal via .PKGINFO in --persist-lint-results 23 Apr
  • Fix available
  • Severity - 4.4 (Medium)
GHSA-98f2-w9h9-7fp9
  • Go/chainguard.dev/melange
 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses 23 Apr
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-5jv8-h7qh-rf5p
  • Go/github.com/argoproj/argo-workflows/v3
  • Go/github.com/argoproj/argo-workflows/v4
 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller 23 Apr
  • Fix available
  • Severity - 7.7 (High)
GHSA-pjcq-xvwq-hhpj
  • Go/github.com/Azure/go-ntlmssp
 go-ntlmssp NTLM challenges can panic on malformed payloads 23 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-rhf7-wvw3-vjvm
  • Go/github.com/patrickhener/goshs
  • Go/github.com/patrickhener/goshs/v2
 goshs has Cross-Origin Arbitrary File Write via Missing CSRF on PUT and Wildcard CORS 23 Apr
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-2hp7-65r3-wv54
  • Go/github.com/orneryd/nornicdb
 NornicDB has Improper Network Binding in its Bolt Server, allowing unauthorized remote access 22 Apr
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-hjh7-r5w8-5872
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan: Path Traversal via Double URL Encoding in `/export/` Endpoint (Incomplete Fix Bypass for CVE-2026-30869) 22 Apr
  • Fix available
  • Severity - 7.1 (High)
GHSA-j88v-2chj-qfwx
  • Go/github.com/jackc/pgx
  • Go/github.com/jackc/pgx/v4
  • Go/github.com/jackc/pgx/v5
 pgx: SQL Injection via placeholder confusion with dollar quoted string literals 22 Apr
  • Fix available
  • Severity - 2.3 (Low)
GHSA-3m6q-h5gj-7mrw
  • Go/code.gitea.io/gitea
 Gitea has insecure default SSH settings 22 Apr
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-jm34-66cf-qpvr
  • Go/github.com/projectdiscovery/nuclei/v3
 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions 22 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-29rg-wmcw-hpf4
  • Go/github.com/projectdiscovery/nuclei/v3
 Nuclei: Local File Read via require() Module Loader Bypass 22 Apr
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-29v9-frvh-c426
  • Go/github.com/monetr/monetr
 monetr: Server-side request forgery in Lunch Flow link creation and refresh 22 Apr
  • Fix available
  • Severity - 8.3 (High)
Load more...