6574 matches found
CVE-2022-0203
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2...
CVE-2022-0957
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4...
CVE-2022-0777
Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3...
CVE-2022-0939
Server-Side Request Forgery SSRF in GitHub repository janeczku/calibre-web prior to 0.6.18...
CVE-2022-0945
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4...
CVE-2022-0819
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1...
CVE-2022-0855
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcsplugin prior to 0.0.4...
CVE-2022-0721
Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3...
GO-2025-3438 Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana
Grafana Alerting VictorOps integration could be exposed to users with Viewer permission in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
GO-2025-3435 Kubewarden-Controller information leak via AdmissionPolicyGroup Resource in github.com/kubewarden/kubewarden-controller
Kubewarden-Controller information leak via AdmissionPolicyGroup Resource in github.com/kubewarden/kubewarden-controller...
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB...
BIT-GITLAB-2023-6195 Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image...
CVE-2023-6195 Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image...
CVE-2023-6195 Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image...
CVE-2023-6195 Server-Side Request Forgery (SSRF) in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.5 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. GitLab was vulnerable to Server Side Request Forgery when an attacker uses a malicious URL in the markdown image...
GO-2025-3426 CRI-O Path Traversal vulnerability in github.com/cri-o/cri-o
CRI-O Path Traversal vulnerability in github.com/cri-o/cri-o...
GO-2025-3424 Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0 in github.com/Xe/x
Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0 in github.com/Xe/x. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
GO-2025-3414 Buildah allows build breakout using malicious Containerfiles and concurrent builds in github.com/containers/buildah
Buildah allows build breakout using malicious Containerfiles and concurrent builds in github.com/containers/buildah...
GO-2025-3410 Insecure default config access in WriteFreely in github.com/writefreely/writefreely
Insecure default config access in WriteFreely in github.com/writefreely/writefreely...
uniapi version 1.0.7 contained an information harvesting script.
uniapi version 1.0.7 introduces code that would executeon import of the module and download a script from a remote URL,and would then execute the downloaded script in a thread.The downloaded script would harvest system informationand POST the information to another remote URL.This code was found ...