241 matches found
GO-2025-3526 Index out-of-range panic in github.com/onosproject/onos-lib-go
Index out-of-range panic in github.com/onosproject/onos-lib-go...
Unexpected memory consumption during token parsing in golang.org/x/oauth2
...
GO-2025-3494 IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement in github.com/cosmos/ibc-go
IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement in github.com/cosmos/ibc-go...
Linux Distros Unpatched Vulnerability : CVE-2023-42821
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion...
GO-2025-3462 Unencrypted transmission in Temporal api-go library in go.temporal.io/api
Unencrypted transmission in Temporal api-go library in go.temporal.io/api...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in cli workflow. Confidential information such as s3secretaccesskey is cached in shell history. Remediation Upgrade github.com/kuzudb/go-kuzu to version 0.8.2 or higher. References - GitH...
Unencrypted transmission in Temporal api-go library
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
GHSA-Q9W6-CWJ4-GF4P Unencrypted transmission in Temporal api-go library
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-1243
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-1243
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-1243 Field in api-go proxy not transformed before version 1.44.1
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-1243 Field in api-go proxy not transformed before version 1.44.1
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
Denial Of Service (DoS)
The compose-go library is vulnerable to a Denial of Service DoS. The vulnerability is due to excessive memory and CPU consumption when parsing malicious YAML payloads, which can be sent by an authorized user...
CVE-2024-10846
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
CVE-2024-10846
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
CVE-2024-10846 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
CVE-2024-10846 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
CVE-2024-10846
Summary: CVE-2024-10846 affects the compose-go library. The vulnerability occurs in versions v2.10–v2.4.0 of the compose-go component when an authorized user sends malicious YAML payloads, causing the library to consume excessive memory and CPU cycles during YAML parsing (as used by Docker Compos...
GHSA-36GQ-35J3-P9R9 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...