Lucene search
K

76 matches found

OSV
OSV
added 2026/07/02 12:18 p.m.4 views

ROOT-APP-GOBINARY-CVE-2026-53488 CVE-2026-53488 in rootio-github.com/containerd/containerd/v2 - Patched by Root

Root has patched CVE-2026-53488 in the rootio-github.com/containerd/containerd/v2 package for Root:Go. Multiple fixed versions available...

9.4CVSS5.8AI score0.00203EPSS
Exploits0
EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2026-39661

The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 1:47 p.m.39 views

CVE-2026-13426 Client4 fails to validate path parameters

The Mattermost Go module github.com/mattermost/mattermost/server/public versions v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API calls to unintended endpoints via crafted IDs containing path traversal components. Mattermost...

5.4CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 4:1 p.m.9 views

ROOT-APP-GOBINARY-CVE-2026-42154 CVE-2026-42154 in rootio-github.com/prometheus/prometheus - Patched by Root

Root has patched CVE-2026-42154 in the rootio-github.com/prometheus/prometheus package for Root:Go. Multiple fixed versions available...

7.5CVSS5.8AI score0.00761EPSS
Exploits0
OSV
OSV
added 2026/06/18 2:0 p.m.7 views

ROOT-APP-GOBINARY-CVE-2025-32445 CVE-2025-32445 in rootio-github.com/argoproj/argo-events - Patched by Root

Root has patched CVE-2025-32445 in the rootio-github.com/argoproj/argo-events package for Root:Go. Multiple fixed versions available...

9.9CVSS6.1AI score0.00724EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2026/06/10 12:0 a.m.2 views

The vulnerabilities of the GOMODPROXY and GOSUMDB modules in the Go programming language allow attackers to circumvent security restrictions and gain access to read and modify data.

The vulnerability of GOMODPROXY and GOSUMDB modules written in the Go programming language is related to improper verification of the cryptographic signature. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain access to read and modify data...

7.6CVSS5.8AI score0.00231EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/05/26 2:54 p.m.15 views

SUSE-SU-2026:2079-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.12 views

SUSE SLES15 Security Update : zypper-docker (SUSE-SU-2026:1951-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1951-1 advisory. This update for zypper-docker fixes the following issues - CVE-2026-2808: github.com/hashicorp/consul: unvalidated user-supplied fi...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References7
OSV
OSV
added 2026/05/13 3:9 a.m.8 views

MAL-2026-3624 Malicious code in github.com/BufferZoneCorp/go-stdlib-ext (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/09 8:42 a.m.4 views

OPENSUSE-SU-2026:20711-1 Security update for hauler

This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.3 bsc1262353, CVE-2026-39984, bsc1262942, CVE-2026-34986: 1.4 Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in the gomodules group across 1 directory 1.4 Bump github.com/sigstore/timestamp-authority/v2...

7.5CVSS6.4AI score0.00651EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.7 views

SUSE CVE-2026-33487

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...

7.5CVSS5.8AI score0.00299EPSS
Exploits1References3
OSV
OSV
added 2026/03/16 8:27 p.m.8 views

GO-2026-4696 Gokapi vulnerable to Privilege Escalation in File Replace in github.com/forceu/gokapi

Gokapi vulnerable to Privilege Escalation in File Replace in github.com/forceu/gokapi. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanner...

4.1CVSS5.8AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/03/12 8:57 p.m.7 views

GO-2026-4689 Tinyauth's OIDC authorization codes are not bound to client on token exchange in github.com/steveiliop56/tinyauth

Tinyauth's OIDC authorization codes are not bound to client on token exchange in github.com/steveiliop56/tinyauth. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...

6.5CVSS5.8AI score0.0025EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:28 a.m.3 views

SUSE CVE-2026-23644

esm.sh is a no-build content delivery network CDN for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. path.Clean normalizes a path but does not prevent absolute paths in a malicious tar file...

8.7CVSS5.8AI score0.00476EPSS
Exploits1References3
Filippo.io
Filippo.io
added 2026/01/05 8:6 p.m.8 views

go.sum Is Not a Lockfile

I need everyone to stop looking at go.sum, especially to analyze dependency graphs. It is not a “lockfile,”1 and it has zero semantic effects on version resolution. There is truly no use case for ever parsing it outside of cmd/go. go.sum is only a local cache for the Go Checksum Database. It’s a...

7AI score
Exploits0
OSV
OSV
added 2025/12/18 12:17 a.m.5 views

OPENSUSE-SU-2025:20177-1 Security update for cheat

This update for cheat fixes the following issues: - Security: CVE-2025-47913: Fix client process termination bsc1253593 CVE-2025-58181: Fix potential unbounded memory consumption bsc1253922 CVE-2025-47914: Fix panic due to an out of bounds read bsc1254051 Replace...

9.8CVSS6.8AI score0.93305EPSS
Exploits7References12
OSV
OSV
added 2025/12/15 7:37 p.m.7 views

GO-2025-4212 ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login in github.com/zitadel/zitadel

ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

9.3CVSS6.7AI score0.00322EPSS
Exploits0References2
OSV
OSV
added 2025/11/05 6:41 p.m.7 views

GO-2025-4083 Zitadel May Bypass Second Authentication Factor in github.com/zitadel/zitadel

Zitadel May Bypass Second Authentication Factor in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, pleas...

9.8CVSS6.9AI score0.00336EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 3:2 p.m.3 views

GO-2025-4035 Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server

Mattermost has a Missing Authorization vulnerability in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabili...

8.1CVSS6.8AI score0.00314EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-3035

Malicious code in bioql PyPI...

7.5CVSS6.9AI score0.00634EPSS
Exploits0References4
Rows per page
Query Builder