Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-g9vw-6pvx-7gmw
  • Go/github.com/envoyproxy/envoy
 Envoy: Race condition in Dynamic Forward Proxy leads to use-after-free and segmentation faults 2 hours ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-jxmr-2h4q-rhxp
  • Go/github.com/SpectoLabs/hoverfly
 WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled 4 days ago
  • Fix available
  • Severity - 7.8 (High)
GHSA-r4h8-hfp2-ggmf
  • Go/github.com/SpectoLabs/hoverfly
 Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation 4 days ago
  • No fix available
  • Severity - 9.8 (Critical)
GHSA-rf24-wg77-gq7w
  • Go/github.com/knadh/listmonk
 listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover 5 days ago
  • No fix available
  • Severity - 8.6 (High)
GHSA-93mf-426m-g6x9
  • Go/github.com/coredns/coredns
 CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion 5 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-p46v-f2x8-qp98
  • Go/github.com/prest/prest/v2
 pREST has a Systemic SQL Injection Vulnerability 6 days ago
  • No fix available
  • Severity - 9.3 (Critical)
GO-2025-3916
  • Go/github.com/suyuan32/simple-admin-core
 simple-admin-core SQL Injection vulnerability in github.com/suyuan32/simple-admin-core 08 Sep
  • Fix available
GO-2025-3917
  • Go/github.com/neuvector/neuvector
 NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector 08 Sep
  • No fix available
GO-2025-3918
  • Go/github.com/neuvector/neuvector
 NeuVector admin account has insecure default password in github.com/neuvector/neuvector 08 Sep
  • No fix available
GO-2025-3919
  • Go/github.com/neuvector/neuvector
 NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector 08 Sep
  • No fix available
GO-2025-3920
  • Go/github.com/edgelesssys/contrast
 Contrast leaks workload secrets to logs on INFO level in github.com/edgelesssys/contrast 08 Sep
  • Fix available
GO-2025-3921
  • Go/github.com/coder/coder
  • Go/github.com/coder/coder/v2
 Coder accepts an APIKey beyond the linked OIDC expiry if there is no refresh token in github.com/coder/coder 08 Sep
  • Fix available
GO-2025-3923
  • Go/github.com/rancher/rancher
 Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher 08 Sep
  • Fix available
GO-2025-3924
  • Go/github.com/hashicorp/vault
 HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault 08 Sep
  • Fix available
GO-2025-3925
  • Go/github.com/versity/versitygw
 Versity panic induced by AWS chunked data sent to port in github.com/versity/versitygw 08 Sep
  • Fix available
GO-2025-3927
  • Go/github.com/rancher/fleet
 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text in github.com/rancher/fleet 08 Sep
  • Fix available
Load more...