Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-43mm-m3h2-3prc
  • Go/github.com/filebrowser/filebrowser
  • Go/github.com/filebrowser/filebrowser/v2
 File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login 15 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-cv54-7wv7-qxcw
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan vulnerable to Arbitrary file Read / SSRF 15 hours ago
  • Fix available
  • Severity - 7.8 (High)
GHSA-94c7-g2fj-7682
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality 15 hours ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-6jxm-fv7w-rw5j
  • Go/github.com/axllent/mailpit
 Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API 15 hours ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-w836-5gpm-7r93
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon 15 hours ago
  • Fix available
  • Severity - 2.1 (Low)
GHSA-63m5-974w-448v
  • Go/github.com/fleetdm/fleet
 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment 19 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-4r5r-ccr6-q6f6
  • Go/github.com/fleetdm/fleet
  • Go/github.com/fleetdm/fleet/v4
 Fleet has an Access Control vulnerability in debug/pprof endpoints 19 hours ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-gfpw-jgvr-cw4j
  • Go/github.com/fleetdm/fleet
  • Go/github.com/fleetdm/fleet/v4
 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability 19 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-54wq-72mp-cq7c
  • Go/github.com/axllent/mailpit
 Mailpit has an SMTP Header Injection via Regex Bypass 22 hours ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-2657-3c98-63jq
  • Go/github.com/esm-dev/esm.sh
 esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages 23 hours ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-77v3-r3jw-j2v2
  • Go/github.com/external-secrets/external-secrets
 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function 23 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-2497-gp99-2m74
  • Go/github.com/pterodactyl/wings
 Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered 23 hours ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-8w7m-w749-rx98
  • Go/github.com/pterodactyl/wings
 Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks 23 hours ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-cc8m-98fm-rc9g
  • Go/github.com/zalando/skipper
 Skipper is vulnerable to arbitrary code execution through lua filters 4 days ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-pcjq-j3mq-jv5j
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan Has a Stored Cross-Site Scripting (XSS) Vulnerability via Unrestricted SVG File Upload 4 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mx8m-v8qm-xwr8
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost is vulnerable to DoS due to infinite re-renders on API errors 5 days ago
  • Fix available
  • Severity - 6.8 (Medium)
Load more...