Address
:
[go:
up one dir
,
main page
]
Include Form
Remove Scripts
Accept Cookies
Show Images
Show Referer
Rotate13
Base64
Strip Meta
Strip Title
Session Cookies
Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
757966
AlmaLinux
5219
Alpaquita
11433
Alpine
4339
Android
3403
Azure Linux
12016
BellSoft Hardened Containers
560
Bitnami
8260
Chainguard
8800
CleanStart
1547
CRAN
14
crates.io
2555
Debian
59625
Echo
6595
GHC
3
GIT
92706
GitHub Actions
54
Go
8122
Hackage
32
Hex
170
Julia
984
Linux
25414
Mageia
6007
Maven
6665
MinimOS
82684
npm
221538
NuGet
1766
opam
19
openEuler
7136
openSUSE
13363
OSS-Fuzz
3955
Packagist
6639
Pub
11
PyPI
22290
Red Hat
21095
Rocky Linux
3589
Root
17307
RubyGems
2008
SUSE
21239
SwiftURL
58
TuxCare
5651
Ubuntu
56966
VSCode
20
Wolfi
6109
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2jcc-mxv7-p3f9
Go/github.com/oasdiff/oasdiff
oasdiff does not enforce --allow-external-refs=false on the git-revision load path (SSRF / local file read)
20 hours ago
Fix available
Severity - 6.0 (Medium)
GHSA-6w3m-4hhp-775q
Go/github.com/kedacore/keda/v2
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
20 hours ago
Fix available
Severity - 5.9 (Medium)
GHSA-4g5x-hcwm-82jw
Go/github.com/zhenorzz/goploy
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
20 hours ago
No fix available
Severity - 7.7 (High)
GHSA-26rh-24rg-j3vv
Go/github.com/zhenorzz/goploy
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
20 hours ago
No fix available
Severity - 9.6 (Critical)
GHSA-gvhc-wv3v-7pf8
Go/github.com/zxh326/kite
Kite has an authenticated cluster RBAC bypass in /api/v1/overview
20 hours ago
Fix available
Severity - 4.3 (Medium)
GO-2026-5932
Go/golang.org/x/crypto
The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues
22 hours ago
No fix available
GO-2026-4970
Go/stdlib
Root escape via symlink plus trailing slash in os
22 hours ago
Fix available
GO-2026-5856
Go/stdlib
Invoking Encrypted Client Hello privacy leak in crypto/tls
22 hours ago
Fix available
GHSA-7856-g3gv-9wq8
Go/github.com/tinfoil-factory/netfoil
netfoil: Attacker controlled data written to logs
yesterday
Fix available
Severity - 2.3 (Low)
GHSA-3g4q-2f67-2gvh
Go/github.com/tinfoil-factory/netfoil
netfoil has a resource leak in LRU cache
yesterday
Fix available
Severity - 1.2 (Low)
GHSA-59qp-cfj3-rp64
Go/github.com/tinfoil-factory/netfoil
netfoil has a domain name filter bypass via multiple questions
yesterday
Fix available
Severity - 5.9 (Medium)
GO-2026-5073
Go/github.com/ipld/go-ipld-prime
DAG-CBOR decoder unbounded memory allocation from CBOR headers in github.com/ipld/go-ipld-prime
yesterday
Fix available
GO-2026-5313
Go/github.com/gohugoio/hugo
Hugo: XSS via text/html content files in github.com/gohugoio/hugo
yesterday
Fix available
GO-2026-5320
Go/github.com/yuin/goldmark
Cross-site Scripting (XSS) in github.com/yuin/goldmark
yesterday
Fix available
GO-2026-5380
Go/github.com/gohugoio/hugo
Hugo: Symlink confinement bypass in resources.Get in github.com/gohugoio/hugo
yesterday
Fix available
GO-2026-5410
Go/github.com/slack-go/slack
SecretsVerifier accepts empty signing secret without precondition in github.com/slack-go/slack
yesterday
Fix available
Load more...
Go - OSV