[go: up one dir, main page]

Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-2jcc-mxv7-p3f9
  • Go/github.com/oasdiff/oasdiff
oasdiff does not enforce --allow-external-refs=false on the git-revision load path (SSRF / local file read) 20 hours ago
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-6w3m-4hhp-775q
  • Go/github.com/kedacore/keda/v2
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping 20 hours ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-4g5x-hcwm-82jw
  • Go/github.com/zhenorzz/goploy
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise 20 hours ago
  • No fix available
  • Severity - 7.7 (High)
GHSA-26rh-24rg-j3vv
  • Go/github.com/zhenorzz/goploy
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers 20 hours ago
  • No fix available
  • Severity - 9.6 (Critical)
GHSA-gvhc-wv3v-7pf8
  • Go/github.com/zxh326/kite
Kite has an authenticated cluster RBAC bypass in /api/v1/overview 20 hours ago
  • Fix available
  • Severity - 4.3 (Medium)
GO-2026-5932
  • Go/golang.org/x/crypto
The golang.org/x/crypto/openpgp package is unmaintained, unsafe by design, and has known security issues 22 hours ago
  • No fix available
GO-2026-4970
  • Go/stdlib
Root escape via symlink plus trailing slash in os 22 hours ago
  • Fix available
GO-2026-5856
  • Go/stdlib
Invoking Encrypted Client Hello privacy leak in crypto/tls 22 hours ago
  • Fix available
GHSA-7856-g3gv-9wq8
  • Go/github.com/tinfoil-factory/netfoil
netfoil: Attacker controlled data written to logs yesterday
  • Fix available
  • Severity - 2.3 (Low)
GHSA-3g4q-2f67-2gvh
  • Go/github.com/tinfoil-factory/netfoil
netfoil has a resource leak in LRU cache yesterday
  • Fix available
  • Severity - 1.2 (Low)
GHSA-59qp-cfj3-rp64
  • Go/github.com/tinfoil-factory/netfoil
netfoil has a domain name filter bypass via multiple questions yesterday
  • Fix available
  • Severity - 5.9 (Medium)
GO-2026-5073
  • Go/github.com/ipld/go-ipld-prime
DAG-CBOR decoder unbounded memory allocation from CBOR headers in github.com/ipld/go-ipld-prime yesterday
  • Fix available
GO-2026-5313
  • Go/github.com/gohugoio/hugo
Hugo: XSS via text/html content files in github.com/gohugoio/hugo yesterday
  • Fix available
GO-2026-5320
  • Go/github.com/yuin/goldmark
Cross-site Scripting (XSS) in github.com/yuin/goldmark yesterday
  • Fix available
GO-2026-5380
  • Go/github.com/gohugoio/hugo
Hugo: Symlink confinement bypass in resources.Get in github.com/gohugoio/hugo yesterday
  • Fix available
GO-2026-5410
  • Go/github.com/slack-go/slack
SecretsVerifier accepts empty signing secret without precondition in github.com/slack-go/slack yesterday
  • Fix available