Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-cpf4-pmr4-w6cx
  • Go/github.com/zitadel/zitadel
 IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering 17 hours ago
  • Fix available
  • Severity - 8.7 (High)
GO-2025-4004
  • Go/github.com/lxc/lxd
  • Go/github.com/lxc/lxd/v6
 Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns in github.com/lxc/lxd 18 hours ago
  • No fix available
GO-2025-4020
  • Go/github.com/nwaples/rardecode
  • Go/github.com/nwaples/rardecode/v2
 DoS risk due to unrestricted RAR dictionary sizes in github.com/nwaples/rardecode 18 hours ago
  • Fix available
GO-2025-4021
  • Go/github.com/siderolabs/omni
 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni 18 hours ago
  • Fix available
GO-2025-4022
  • Go/github.com/siderolabs/omni
 Omni vulnerable to information leak via API in github.com/siderolabs/omni 18 hours ago
  • Fix available
GO-2025-4023
  • Go/github.com/argoproj/argo-workflows
  • Go/github.com/argoproj/argo-workflows/v2
  • Go/github.com/argoproj/argo-workflows/v3
 Argo Workflow has a Zipslip Vulnerability in github.com/argoproj/argo-workflows 18 hours ago
  • Fix available
GO-2025-4024
  • Go/github.com/argoproj/argo-workflows
  • Go/github.com/argoproj/argo-workflows/v2
  • Go/github.com/argoproj/argo-workflows/v3
 Argo Workflow may expose artifact repository credentials in github.com/argoproj/argo-workflows 18 hours ago
  • Fix available
GO-2025-4078
  • Go/github.com/edgelesssys/contrast
 Contrast has insecure LUKS2 persistent storage partitions may be opened and used in github.com/edgelesssys/contrast 18 hours ago
  • Fix available
GO-2025-4079
  • Go/github.com/bishopfox/sliver
 Silver has unrestricted traffic between Wireguard clients in github.com/bishopfox/sliver 18 hours ago
  • Fix available
GO-2025-4081
  • Go/github.com/hashicorp/consul
 Consul key/value endpoint is vulnerable to denial of service in github.com/hashicorp/consul 18 hours ago
  • Fix available
GO-2025-4082
  • Go/github.com/hashicorp/consul
 Consul event endpoint is vulnerable to denial of service in github.com/hashicorp/consul 18 hours ago
  • Fix available
GO-2025-4083
  • Go/github.com/zitadel/zitadel
 Zitadel May Bypass Second Authentication Factor in github.com/zitadel/zitadel 18 hours ago
  • No fix available
GO-2025-4084
  • Go/github.com/zitadel/zitadel
 ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection in github.com/zitadel/zitadel 18 hours ago
  • No fix available
GO-2025-4085
  • Go/github.com/zitadel/zitadel
 Zitadel allows brute-forcing authentication factors in github.com/zitadel/zitadel 18 hours ago
  • No fix available
GO-2025-4086
  • Go/github.com/TecharoHQ/anubis
 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode in github.com/TecharoHQ/anubis 18 hours ago
  • Fix available
GO-2025-4088
  • Go/github.com/sqls-server/sqls
 sqls-server/sqls is vulnerable to command injection in the config command in github.com/sqls-server/sqls 18 hours ago
  • No fix available
Load more...