GO-2025-3805 Juju allows arbitrary executable uploads via authenticated endpoint without authorization in github.com/juju/juju

Juju allows arbitrary executable uploads via authenticated endpoint without authorization in github.com/juju/juju. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...

GO-2025-3804 Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju

Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju...

GO-2025-3808 Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive in github.com/ctfer-io/chall-manager

Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive in github.com/ctfer-io/chall-manager...

GO-2025-3770 Host header injection which leads to open redirect in RedirectSlashes in github.com/go-chi/chi

Host header injection which leads to open redirect in RedirectSlashes in github.com/go-chi/chi...

GO-2025-3765 SQL injection vulnerability in github.com/uptrace/bun/driver/pgdriver

SQL injection vulnerability in github.com/uptrace/bun/driver/pgdriver...

CVE-2024-36675

creationtimestamp| type| source ---|---|--- 2025-07-17 11:50:29+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-36675.yaml 2025-07-18 21:02:28+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lubdsqyf772p 2025-08-12...

CVE-2025-4380

creationtimestamp| type| source ---|---|--- 2025-07-09 05:00:00+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-4380.yaml 2025-07-09 21:02:24+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3ltkpmbglm423 2025-08-06...

CVE-2025-50178

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the GitForge.getrepo function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not...

CVE-2025-50178 GitForge.jl lacks validation for user provided fields

GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the GitForge.getrepo function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not...

CVE-2025-48954

creationtimestamp| type| source ---|---|--- 2025-06-25 14:51:34+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19462 2025-08-05 19:56:00+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-48954.yaml 2025-08-06...

CVE-2019-9879

creationtimestamp| type| source ---|---|--- 2025-06-10 22:14:49+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-9879.yaml 2025-06-10 22:14:49+00:00| confirmed|...

CVE-2018-11133

creationtimestamp| type| source ---|---|--- 2025-06-10 20:41:02+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2018/CVE-2018-11133.yaml 2025-06-10 20:41:02+00:00| confirmed|...

GO-2025-3744 SpiceDB checks involving relations with caveats can result in no permission when permission is expected in github.com/authzed/spicedb

SpiceDB checks involving relations with caveats can result in no permission when permission is expected in github.com/authzed/spicedb...

GO-2025-3741 kro Confused Deputy vulnerability in github.com/kro-run/kro

kro Confused Deputy vulnerability in github.com/kro-run/kro...

GO-2025-3740 Grafana vulnerable to authenticated users bypassing dashboard, folder permissions in github.com/grafana/grafana

Grafana vulnerable to authenticated users bypassing dashboard, folder permissions in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

CVE-2021-33558

creationtimestamp| type| source ---|---|--- 2025-06-09 08:11:19+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-33558.yaml 2025-06-12 21:02:24+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lrgsziadi62h...

GO-2025-3729 Mattermost fails to clear Google OAuth credentials in github.com/mattermost/mattermost-server

Mattermost fails to clear Google OAuth credentials in github.com/mattermost/mattermost-server...

GO-2025-3728 Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server

Mattermost fails to properly enforce access control restrictions for System Manager roles in github.com/mattermost/mattermost-server...

GO-2025-3737 Gokapi vulnerable to stored XSS via uploading file with malicious file name in github.com/forceu/gokapi

Gokapi vulnerable to stored XSS via uploading file with malicious file name in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2020-12262

creationtimestamp| type| source ---|---|--- 2025-05-30 17:26:06+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2020/CVE-2020-12262.yaml 2025-05-31 21:02:17+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lqingbowdy27...