Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GO-2025-4254
  • Go/github.com/mattermost/mattermost-plugin-calls
 Mattermost has CSRF vulnerability via Calls Widget page in github.com/mattermost/mattermost-plugin-calls yesterday
  • Fix available
GO-2025-4255
  • Go/github.com/mattermost/mattermost-plugin-calls
 Mattermost fails to check Websocket request for proper UTF-8 format potentially crashing Calls plug-in in github.com/mattermost/mattermost-plugin-calls yesterday
  • Fix available
GO-2025-4256
  • Go/github.com/mattermost/mattermost
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost has an Invite Token Replay Vulnerability via Channel Membership Manipulation in github.com/mattermost/mattermost yesterday
  • Fix available
GO-2025-4257
  • Go/github.com/kedacore/keda
  • Go/github.com/kedacore/keda/v2
 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential in github.com/kedacore/keda yesterday
  • Fix available
GO-2025-4258
  • Go/code.gitea.io/gitea
 Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea yesterday
  • Fix available
GO-2025-4261
  • Go/code.gitea.io/gitea
 Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea yesterday
  • No fix available
GO-2025-4262
  • Go/code.gitea.io/gitea
 Gitea: anonymous user can visit private user's project in code.gitea.io/gitea yesterday
  • Fix available
GO-2025-4263
  • Go/code.gitea.io/gitea
 Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea yesterday
  • Fix available
GO-2025-4264
  • Go/code.gitea.io/gitea
 Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea yesterday
  • Fix available
GO-2025-4265
  • Go/code.gitea.io/gitea
 Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea yesterday
  • Fix available
GO-2025-4266
  • Go/code.gitea.io/gitea
 Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea yesterday
  • Fix available
GO-2025-4267
  • Go/code.gitea.io/gitea
 Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea yesterday
  • Fix available
GO-2025-4268
  • Go/code.gitea.io/gitea
 Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea yesterday
  • Fix available
GO-2025-4249
  • Go/github.com/golang/vscode-go
 Unexpected untrusted code execution in github.com/golang/vscode-go yesterday
  • Fix available
GHSA-43h9-hc38-qph5
  • Go/github.com/actiontech/sqle
 SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key 3 days ago
  • No fix available
  • Severity - 2.9 (Low)
GHSA-7xq4-mwcp-q8fx
  • Go/code.gitea.io/gitea
 Gitea: anonymous user can visit private user's project 5 days ago
  • Fix available
  • Severity - 5.8 (Medium)
Load more...