Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-6h9x-9j5v-7w9h
  • Go/github.com/rancher/fleet
 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text yesterday
  • Fix available
  • Severity - 7.7 (High)
GHSA-82ff-hg59-8x73
  • Go/github.com/gorilla/csrf
 github.com/gorilla/csrf improperly validates TrustedOrigins allowing CSRF attacks yesterday
  • No fix available
  • Severity - 4.6 (Medium)
GHSA-9fvj-xqr2-xwg8
  • Go/github.com/consensys/gnark
 gnark affected by denial of service when computing scalar multiplication using fake-GLV algorithm yesterday
  • Fix available
  • Severity - 7.5 (High)
GHSA-w469-hj2f-jpr5
  • Go/github.com/harness/gitness
 Harness Allows Arbitrary File Write in Gitness LFS server yesterday
  • Fix available
  • Severity - 8.8 (High)
GHSA-v2ch-c8v8-fgr7
  • Go/github.com/versity/versitygw
 Versity panic induced by AWS chunked data sent to port yesterday
  • Fix available
  • Severity - 7.7 (High)
GO-2025-3884
  • Go/github.com/gorilla/csrf
 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf yesterday
  • No fix available
GHSA-4h45-jpvh-6p5j
  • Go/github.com/rancher/rancher
 Rancher affected by unauthenticated Denial of Service yesterday
  • Fix available
  • Severity - 8.2 (High)
GO-2025-3892
  • Go/github.com/hashicorp/go-getter
 HashiCorp go-getter Vulnerable to Symlink Attacks in github.com/hashicorp/go-getter yesterday
  • Fix available
GO-2025-3900
  • Go/github.com/go-viper/mapstructure
  • Go/github.com/go-viper/mapstructure/v2
 Go-viper's mapstructure May Leak Sensitive Information in Logs in github.com/go-viper/mapstructure yesterday
  • Fix available
GO-2025-3912
  • Go/github.com/consensys/gnark
 Gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks in github.com/consensys/gnark yesterday
  • Fix available
GO-2025-3893
  • Go/github.com/projectcapsule/capsule
 Capsule tenant owners with "patch namespace" permission can hijack system namespaces label in github.com/projectcapsule/capsule yesterday
  • Fix available
GO-2025-3894
  • Go/github.com/openfga/openfga
 OpenFGA Authorization Bypass in github.com/openfga/openfga yesterday
  • Fix available
GO-2025-3895
  • Go/github.com/hydraide/hydraide
 HydrAIDE Authentication Bypass Vulnerability in github.com/hydraide/hydraide yesterday
  • Fix available
GO-2025-3896
  • Go/github.com/Anipaleja/nginx-defender
 Default Credentials in nginx-defender Configuration Files in github.com/Anipaleja/nginx-defender yesterday
  • Fix available
GO-2025-3897
  • Go/github.com/cri-o/cri-o
 CRI-O has Potential High Memory Consumption from File Read in github.com/cri-o/cri-o yesterday
  • No fix available
GO-2025-3901
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost Fails to Validate File Paths in github.com/mattermost/mattermost-server yesterday
  • Fix available
Load more...