Lucene search
K

80 matches found

Chainguard
Chainguard
added 2026/01/15 1:17 a.m.3 views

GHSA-WHQX-F9J3-CH6M vulnerabilities

Vulnerabilities for packages: policy-controller, kyverno-fips, flux-source-controller, goreleaser, cloudbeat, gitsign, teleport, falcoctl, image-factory-fips, kyverno-policy-reporter-plugins-kyverno, tkn, chainctl, kyverno, aactl, witness, kyverno-notation-aws-fips, policy-controller-fips,...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0363

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.0032EPSS
Exploits1References4
Chainguard
Chainguard
added 2025/07/30 1:17 p.m.9 views

CVE-2025-54388 vulnerabilities

Vulnerabilities for packages: trufflehog-fips, splunk-otel-collector, opentelemetry-collector-contrib-fips, bootc-image-builder, cg, trivy, apko, buildkitd, goreleaser, tw, elastic-agent, osv-scanner, falcoctl, grype-fips, cadvisor, melange, k9s-fips, splunk-otel-collector-fips, syft-fips,...

5.1CVSS6.1AI score0.00215EPSS
Exploits0
Wolfi
Wolfi
added 2024/11/04 11:22 p.m.14 views

GHSA-29WX-VH33-7X7R vulnerabilities

Vulnerabilities for packages: coredns, gitsign, kubescape, pulumi-kubernetes-operator, kubeflow-katib, terraform, wal-g, kubernetes, cluster-autoscaler, git-sync, goreleaser, vexctl, buildkitd, flux-source-controller, tkn, minio-operator, kubernetes-dashboard-auth, k3s, azcopy, atlantis, trivy,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2024/11/04 10:15 p.m.25 views

CVE-2024-51744 vulnerabilities

Vulnerabilities for packages: coredns, gitsign, kubescape, pulumi-kubernetes-operator, kubeflow-katib, terraform, wal-g, kubernetes, cluster-autoscaler, git-sync, goreleaser, vexctl, buildkitd, flux-source-controller, tkn, minio-operator, kubernetes-dashboard-auth, k3s, azcopy, atlantis, trivy,...

3.1CVSS6.7AI score0.00521EPSS
Exploits0
Wolfi
Wolfi
added 2024/06/11 5:16 p.m.112 views

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: cortex, fulcio, sigstore-scaffolding, kubescape, wal-g, py3-azure-identity, airflow, hugo-extended, trino, cluster-autoscaler, datadog-agent, goreleaser, sqlpad, buildkitd, flux-source-controller, pulumi, step-ca, tkn, trivy, chezmoi, argo-workflows, velero, zot,...

5.5CVSS6.5AI score0.00788EPSS
Exploits0
OSV
OSV
added 2024/06/04 3:19 p.m.10 views

GO-2024-2860 goreleaser shows environment by default in github.com/goreleaser/goreleaser

goreleaser shows environment by default in github.com/goreleaser/goreleaser...

7.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/15 5:17 p.m.13 views

goreleaser shows environment by default

Summary Since 4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build output is non-empty, goreleaser leaks the environment. PoC Create a Go project with dependencies, do not pull them yet or run goreleaser later in a container, or...

7AI score
Exploits0References4Affected Software1
Chainguard
Chainguard
added 2024/05/15 5:17 p.m.13 views

GHSA-F6MM-5FC7-3G3C vulnerabilities

Vulnerabilities for packages: goreleaser...

7.3AI score
Exploits0
Wolfi
Wolfi
added 2024/05/15 5:17 p.m.16 views

GHSA-F6MM-5FC7-3G3C vulnerabilities

Vulnerabilities for packages: goreleaser...

7.5AI score
Exploits0
OSV
OSV
added 2024/05/15 5:17 p.m.13 views

GHSA-F6MM-5FC7-3G3C goreleaser shows environment by default

Summary Since 4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build output is non-empty, goreleaser leaks the environment. PoC Create a Go project with dependencies, do not pull them yet or run goreleaser later in a container, or...

6.2CVSS7AI score
Exploits0References4
Wolfi
Wolfi
added 2024/03/09 1:15 a.m.59 views

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: fulcio, sigstore-scaffolding, gitsign, kubescape, nerdctl, apko, slsa-verifier, kube-rbac-proxy, goreleaser, vexctl, step-ca, flux-source-controller, tkn, kubernetes-dashboard, melange, argo-workflows, zot, skopeo, temporal-ui-server, policy-controller,...

4.3CVSS6.6AI score0.01956EPSS
Exploits0
Chainguard
Chainguard
added 2024/02/01 8:51 p.m.24 views

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: ko-fips, kpt, k8sgpt, policy-controller, timoni, docker-credential-gcr, eksctl, trivy, skaffold, slsa-verifier, buildkitd, newrelic-infrastructure-agent, tekton-chains, goreleaser, gitsign, falcoctl, helm-fips, kubevela, pulumi, up, falco, cadvisor, k3s, bom, crane,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2024/02/01 5:15 p.m.48 views

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: ko-fips, kpt, k8sgpt, policy-controller, timoni, docker-credential-gcr, eksctl, trivy, skaffold, slsa-verifier, buildkitd, newrelic-infrastructure-agent, tekton-chains, goreleaser, gitsign, falcoctl, helm-fips, kubevela, pulumi, up, falco, cadvisor, k3s, bom, crane,...

7.8CVSS6.8AI score0.00258EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/02/01 12:16 a.m.4 views

SUSE CVE-2024-23840

GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. goreleaser release --debug log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0...

5.5CVSS6.9AI score0.0032EPSS
Exploits1References3
Veracode
Veracode
added 2024/01/31 6:31 a.m.18 views

Sensitive Information Into Log File

github.com/goreleaser/goreleaser is vulnerable to Information Exposure. The vulnerability is due to a flaw in the handling of debug logs WithField"env", c.Env which is used to log environment variables., The goreleaser release --debug command includes sensitive information such as secrets or...

5.5CVSS6.4AI score0.0032EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2024/01/30 10:53 p.m.22 views

CVE-2024-23840

A flaw was found in GoReleaser. This package log shows secret values that are supposed to be hidden when using --debug. Mitigation No mitigation is yet available for this vulnerability despite having control of the --debug and where the logs are located...

5.5CVSS6.8AI score0.0032EPSS
Exploits1References4
Chainguard
Chainguard
added 2024/01/30 8:57 p.m.12 views

GHSA-H3Q2-8WHX-C29H vulnerabilities

Vulnerabilities for packages: goreleaser...

7.3AI score
Exploits0
OSV
OSV
added 2024/01/30 8:57 p.m.22 views

GHSA-H3Q2-8WHX-C29H `goreleaser release --debug` shows secrets

Summary Hello 👋 goreleaser release --debug log shows secret values used in the in the custom publisher. How to reproduce the issue: - Define a custom publisher as the one below. Make sure to provide a custom script to the cmd field and to provide a secret to env .goreleaser.yml publishers: - name...

5.5CVSS5.2AI score0.0032EPSS
Exploits1References4
Wolfi
Wolfi
added 2024/01/30 8:57 p.m.17 views

GHSA-H3Q2-8WHX-C29H vulnerabilities

Vulnerabilities for packages: goreleaser...

7.5AI score
Exploits0
Rows per page
Query Builder