Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-jv3w-x3r3-g6rm
  • Go/github.com/containernetworking/plugins
 CNA Plugins Portmap nftables backend can intercept non-local traffic 5 hours ago
  • Fix available
  • Severity - 6.6 (Medium)
GHSA-4r66-7rcv-x46x
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan vulnerable to RCE via zip slip and Command Injection via PandocBin 5 hours ago
  • No fix available
  • Severity - 8.6 (High)
GHSA-gqfv-g4v7-m366
  • Go/github.com/siyuan-note/siyuan/kernel
 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE 5 hours ago
  • No fix available
  • Severity - 7.8 (High)
GHSA-xrqc-7xgx-c9vh
  • Go/github.com/argoproj/argo-workflows/v3
  • Go/github.com/argoproj/argo-workflows
 RCE via ZipSlip and symbolic links in argoproj/argo-workflows 5 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-4rmq-mc2c-r495
  • Go/github.com/babylonlabs-io/babylon/v4
  • Go/github.com/babylonlabs-io/babylon/v3
  • Go/github.com/babylonlabs-io/babylon/v2
  • Go/github.com/babylonlabs-io/babylon
 Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond 8 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-m6wq-66p2-c8pc
  • Go/github.com/babylonlabs-io/babylon/v4
  • Go/github.com/babylonlabs-io/babylon/v3
  • Go/github.com/babylonlabs-io/babylon/v2
  • Go/github.com/babylonlabs-io/babylon
 Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers yesterday
  • Fix available
  • Severity - 8.7 (High)
GHSA-v959-qxv6-6f8p
  • Go/github.com/zitadel/zitadel
  • Go/github.com/zitadel/zitadel/v2
 ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login yesterday
  • Fix available
  • Severity - 8.0 (High)
GHSA-pfrf-9r5f-73f5
  • Go/github.com/zitadel/zitadel
  • Go/github.com/zitadel/zitadel/v2
 ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login yesterday
  • Fix available
  • Severity - 8.1 (High)
GHSA-7wfc-4796-gmg5
  • Go/github.com/zitadel/zitadel
  • Go/github.com/zitadel/zitadel/v2
 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login yesterday
  • Fix available
  • Severity - 9.3 (Critical)
GO-2025-4176
  • Go/github.com/apptainer/apptainer
 Apptainer ineffectively applies selinux and apparmor --security options in github.com/apptainer/apptainer yesterday
  • Fix available
GO-2025-4177
  • Go/github.com/sylabs/singularity
  • Go/github.com/sylabs/singularity/v4
 Singularity ineffectively applies of selinux / apparmor LSM process labels in github.com/sylabs/singularity yesterday
  • No fix available
GO-2025-4178
  • Go/github.com/mattermost/mattermost
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost fails to validate user permissions in Boards in github.com/mattermost/mattermost yesterday
  • Fix available
GO-2025-4179
  • Go/github.com/docker/mcp-gateway
 Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode in github.com/docker/mcp-gateway yesterday
  • Fix available
GO-2025-4180
  • Go/github.com/smallstep/certificates
 Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates yesterday
  • Fix available
GO-2025-4181
  • Go/github.com/smallstep/certificates
 step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates yesterday
  • Fix available
GO-2025-4182
  • Go/github.com/coder/coder
  • Go/github.com/coder/coder/v2
 Coder logs sensitive objects unsanitized in github.com/coder/coder yesterday
  • Fix available
Load more...