6574 matches found
GO-2025-3407 Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server
Mattermost webapp crash via a crafted post in github.com/mattermost/mattermost-server...
GO-2025-3384 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...
GO-2025-3377 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server
Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
GO-2025-3376 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh in github.com/MicahParks/jwkset
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh in github.com/MicahParks/jwkset...
GO-2025-3374 Soft Serve vulnerable to path traversal attacks in github.com/charmbracelet/soft-serve
Soft Serve vulnerable to path traversal attacks in github.com/charmbracelet/soft-serve...
GO-2025-3368 Argument Injection via the URL field in github.com/go-git/go-git
Argument Injection via the URL field in github.com/go-git/go-git...
GO-2025-3361 GoPhish sends cleartext passwords in github.com/gophish/gophish
GoPhish sends cleartext passwords in github.com/gophish/gophish...
GO-2024-3358 SQL injection in Apache Traffic Control in github.com/apache/trafficcontrol
SQL injection in Apache Traffic Control in github.com/apache/trafficcontrol...
GO-2025-3364 Karmada PULL Mode Cluster Privilege Escalation in github.com/karmada-io/karmada
Karmada PULL Mode Cluster Privilege Escalation in github.com/karmada-io/karmada...
GO-2024-3359 GoCast OS Command Injection vulnerability in github.com/mayuresh82/gocast
GoCast OS Command Injection vulnerability in github.com/mayuresh82/gocast...
GO-2025-3363 Karmada Tar Slips in CRDs archive extraction in github.com/karmada-io/karmada
Karmada Tar Slips in CRDs archive extraction in github.com/karmada-io/karmada...
GO-2024-3357 Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome
Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome...
GO-2024-3340 Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server
Mattermost Data Amplification vulnerability in github.com/mattermost/mattermost-server...
GO-2024-3336 MinIO vulnerable to privilege escalation in IAM import API in github.com/minio/minio
MinIO vulnerable to privilege escalation in IAM import API in github.com/minio/minio...
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system CMS is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed...
GO-2024-3324 SiYuan has an SSTI via /api/template/renderSprig in github.com/siyuan-note/siyuan/kernel
SiYuan has an SSTI via /api/template/renderSprig in github.com/siyuan-note/siyuan/kernel...
GO-2024-3323 SiYuan has an arbitrary file read and path traversal via /api/export/exportResources in github.com/siyuan-note/siyuan/kernel
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources in github.com/siyuan-note/siyuan/kernel...
GO-2024-3311 NULL Pointer Dereference on moby image history in github.com/moby/moby
NULL Pointer Dereference on moby image history in github.com/moby/moby...
CVE-2022-4375
creationtimestamp| type| source ---|---|--- 2024-12-05 13:56:09+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-4375.yaml...
GO-2024-3304 Moby Race Condition vulnerability in github.com/moby/moby
Moby Race Condition vulnerability in github.com/moby/moby...