Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-j94x-8wcp-x7hm
  • Go/github.com/akuity/kargo
 Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration 10 hours ago
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-hxm7-9q36-c77f
  • Go/github.com/ctfer-io/fullchain
 Fullchain's Invalid NetworkPolicy enables a malicious actor to pivot into another namespace 10 hours ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-p799-g7vv-f279
  • Go/github.com/ctfer-io/romeo/webserver
 Romeo is vulnerable to Archive Slip due to missing checks in sanitization 10 hours ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-f7cq-gvh6-qr25
  • Go/github.com/ctfer-io/monitoring
 Monitoring is vulnerable to Archive Slip due to missing checks in sanitization 10 hours ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-fgm3-q9r5-43v9
  • Go/github.com/ctfer-io/romeo/environment/deploy
 Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace 11 hours ago
  • Fix available
  • Severity - 7.9 (High)
GHSA-mw24-f3xh-j3qv
  • Go/github.com/ctfer-io/chall-manager/deploy
  • Go/github.com/ctfer-io/chall-manager/sdk
 Chall-Manager's invalid NetworkPolicy enables a malicious actor to pivot into another namespace 11 hours ago
  • Fix available
  • Severity - 7.9 (High)
GHSA-9f3r-2vgw-m8xp
  • Go/github.com/filebrowser/filebrowser/v2
 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter 11 hours ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-j7wh-x834-p3r7
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API 11 hours ago
  • No fix available
  • Severity - 9.8 (Critical)
GHSA-5gg9-5g7w-hm73
  • Go/github.com/filebrowser/filebrowser/v2
 File Browser Signup Grants Admin When Default Permissions Include Admin 11 hours ago
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-v3mg-9v85-fcm7
  • Go/siyuan
 SiYuan Vulnerable to Remote Code Execution via Malicious Bazaar Package — Marketplace XSS 11 hours ago
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-ffx7-75gc-jg7c
  • Go/github.com/filebrowser/filebrowser/v2
 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely 11 hours ago
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-qr46-rcv3-4hq3
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface 12 hours ago
  • No fix available
  • Severity - 5.1 (Medium)
GHSA-rjhh-m223-9qqv
  • Go/github.com/siyuan-note/siyuan
 SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes 12 hours ago
  • No fix available
  • Severity - 6.8 (Medium)
GHSA-qvvf-q994-x79v
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write 12 hours ago
  • No fix available
  • Severity - 7.6 (High)
GHSA-xp2m-98x8-rpj6
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan Vulnerable to Cross-Origin WebSocket Hijacking via Authentication Bypass — Unauthenticated Information Disclosure 12 hours ago
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-h5vh-m7fg-w5h6
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets 12 hours ago
  • No fix available
  • Severity - 6.8 (Medium)
Load more...