Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GO-2025-4133
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
Mattermost allows other users to determine when users had read channels via channel member objects in github.com/mattermost/mattermost-server 1 hour ago
  • Fix available
GO-2025-4138
  • Go/github.com/esm-dev/esm.sh
esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh 1 hour ago
  • Fix available
GO-2025-4139
  • Go/github.com/esm-dev/esm.sh
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh 1 hour ago
  • Fix available
GO-2025-4146
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
Mattermost Server is vulnerable to a Denial of Service attack through `invite_people` command in github.com/mattermost/mattermost-server 1 hour ago
  • Fix available
GO-2025-4147
  • Go/github.com/mindersec/minder
Minder does not sandbox http.send in Rego programs in github.com/mindersec/minder 1 hour ago
  • Fix available
GO-2025-4149
  • Go/github.com/google/osv-scalibr
OSV-SCALIBR has NULL Pointer Dereference in github.com/google/osv-scalibr 1 hour ago
  • Fix available
GO-2025-4150
  • Go/github.com/openfga/openfga
OpenFGA Improper Policy Enforcement in github.com/openfga/openfga 1 hour ago
  • Fix available
GO-2025-4151
  • Go/github.com/authzed/spicedb
SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results in github.com/authzed/spicedb 1 hour ago
  • Fix available
GO-2025-4152
  • Go/github.com/hashicorp/terraform-provider-vault
Vault’s Terraform Provider incorrectly set default deny_null_bind parameter for LDAP auth method to false by default in github.com/hashicorp/terraform-provider-vault 1 hour ago
  • No fix available
GO-2025-4153
  • Go/github.com/grafana/grafana
Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana 1 hour ago
  • No fix available
GO-2025-4156
  • Go/github.com/openbao/openbao
OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation in github.com/openbao/openbao 1 hour ago
  • No fix available
GO-2025-4157
  • Go/github.com/babylonlabs-io/babylon
  • Go/github.com/babylonlabs-io/babylon/v2
  • Go/github.com/babylonlabs-io/babylon/v3
  • Go/github.com/babylonlabs-io/babylon/v4
Babylon's malformed vote extensions are not rejected in github.com/babylonlabs-io/babylon 1 hour ago
  • Fix available
GO-2025-4158
  • Go/github.com/lf-edge/ekuiper
  • Go/github.com/lf-edge/ekuiper/v2
LF Edge eKuiper is vulnerable to Arbitrary File Read/Write via unsanitized names and zip extraction in github.com/lf-edge/ekuiper 1 hour ago
  • Fix available
GO-2025-4159
  • Go/github.com/babylonlabs-io/babylon
  • Go/github.com/babylonlabs-io/babylon/v2
  • Go/github.com/babylonlabs-io/babylon/v3
  • Go/github.com/babylonlabs-io/babylon/v4
Babylon's BIP322 signature implementation is not fully compliant to the spec in github.com/babylonlabs-io/babylon 1 hour ago
  • Fix available
GO-2025-4160
  • Go/github.com/anchore/grype
Grype has a credential disclosure vulnerability in its JSON output in github.com/anchore/grype 1 hour ago
  • Fix available
GHSA-6gxw-85q2-q646
  • Go/github.com/anchore/grype
Grype has a credential disclosure vulnerability in its JSON output 5 hours ago
  • Fix available
  • Severity - 8.2 (High)