Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-gxhx-2686-5h9g
  • Go/github.com/slack-go/slack
 slack-go `SecretsVerifier` accepts empty signing secret without precondition 44 minutes ago
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-3vcp-chfh-f6r2
  • Go/github.com/kumahq/kuma
 Default kuma-cp leaks admin token cross-origin via CORS wildcard + LocalhostIsAdmin 1 hour ago
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-qw64-3x98-g7q2
  • Go/github.com/go-git/go-billy/v5
  • Go/github.com/go-git/go-billy/v6
 go-billy has path traversal vulnerabilities 3 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-cqpq-2fgr-8mvc
  • Go/github.com/portainer/portainer
 Portainer missing authorization on custom template file endpoint, which exposes template content 5 hours ago
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-jvp4-q659-95mj
  • Go/github.com/portainer/portainer
 Portainer: JWT accepted in URL query leaks tokens to logs and referers 5 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-5fxq-qcf3-244w
  • Go/github.com/portainer/portainer
 Portainer has an endpoint security bypass via Swarm service create/update 5 hours ago
  • Fix available
  • Severity - 9.4 (Critical)
GHSA-mgq6-4x29-88r3
  • Go/github.com/portainer/portainer
 Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization 5 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-rpgq-m5fp-32wr
  • Go/github.com/portainer/portainer
 Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update 5 hours ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-7fw3-x4r2-g7wc
  • Go/github.com/portainer/portainer
 Portainer has a bind-mount restriction bypass via HostConfig.Mounts 5 hours ago
  • Fix available
  • Severity - 8.5 (High)
GHSA-m8fg-67j7-cx4v
  • Go/github.com/portainer/portainer
 Portainer has a path traversal in backup archive extraction that allows arbitrary file write 5 hours ago
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-rrmm-9v76-h3p4
  • Go/github.com/portainer/portainer
 Portainer missing authorization on Docker plugin endpoints, which allows host RCE 5 hours ago
  • Fix available
  • Severity - 9.4 (Critical)
GHSA-mxmp-wr3w-rvqx
  • Go/github.com/fleetdm/fleet/v4
 Fleet: IP spoofing allows bypassing API rate limiting 8 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-9vcr-g537-3w5v
  • Go/github.com/fleetdm/fleet/v4
 Fleet vulnerable to OS command injection in software packages 8 hours ago
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-x67p-9m2r-fxqv
  • Go/github.com/fleetdm/fleet/v4
 Fleet server may terminate unexpectedly when handling certain gRPC requests 8 hours ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-ffg9-j72f-j6xm
  • Go/github.com/fleetdm/fleet/v4
 Fleet Windows MDM Azure AD JWT Authentication Bypass 8 hours ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-j8h8-75h3-jg53
  • Go/github.com/fleetdm/fleet/v4
 Fleet has a rate limiting bypass via untrusted client IP headers 8 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
Load more...