AZL-77547 CVE-2026-2303 affecting package telegraf for versions less than 1.29.4-21

The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...

AZL-77559 CVE-2026-2303 affecting package telegraf 1.31.0-12

The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...

EUVD-2021-2114

Malware in sbrugna...

CVE-2021-38197

unarr.go in go-unarr aka Go bindings for unarr 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive...

Blst has logical error in SigValidate in Go bindings

Impact Blst versions v0.3.0 through 0.3.10 failed to perform a signature group-check if the call to SigValidate in the Go bindings was complemented with a check for infinity. Formally speaking, infinity, or the identity element of the elliptic curve group, is a member of the group, and the...

GHSA-8C37-7QX3-4C4P Blst has logical error in SigValidate in Go bindings

Impact Blst versions v0.3.0 through 0.3.10 failed to perform a signature group-check if the call to SigValidate in the Go bindings was complemented with a check for infinity. Formally speaking, infinity, or the identity element of the elliptic curve group, is a member of the group, and the...

[SECURITY] Fedora 36 Update: golang-github-gosexy-gettext-0.9-8.fc36

Go bindings for GNU gettext, an internationalization and localization library for writing multilingual systems...

[SECURITY] Fedora 35 Update: golang-github-gosexy-gettext-0.9-7.fc35

Go bindings for GNU gettext, an internationalization and localization library for writing multilingual systems...

GHSA-V9J4-CP63-QV62 Tarslip in go-unarr

unarr.go in go-unarr aka Go bindings for unarr 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive...

CVE-2021-38197

unarr.go in go-unarr aka Go bindings for unarr 0.1.1 allows Directory Traversal via ../ in a pathname within a TAR archive...

proglottis/gpgme: Use-after-free in GPGME bindings during container image pull

A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification...