ROOT-APP-GOBINARY-CVE-2026-27889 CVE-2026-27889 in rootio-github.com/nats-io/nats-server/v2 - Patched by Root

Root has patched CVE-2026-27889 in the rootio-github.com/nats-io/nats-server/v2 package for Root:Go. Multiple fixed versions available...

Cross-site Scripting (XSS)

Overview @tdurieux/anonymousgithub is an Anonymise Github repositories for double-anonymous reviews Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderMD function. An attacker can execute arbitrary JavaScript in the application origin by crafting a maliciou...

MAL-2026-2837 Malicious code in solanakit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8770458eab636335241e359b6cee149cc00640fb2418b4462c89ec88accc93 During import, the code downloads and starts a malicious package hosted on GitHub. It then first ensures persistency e.g., through the autostart registry key...

GHSA-FCV2-XGW5-PQXF vulnerabilities

Vulnerabilities for packages: goreleaser, ko, fulcio, slsa-verifier, zot, gitsign, gh, kubescape, zarf, podman, policy-controller, portieris, skopeo, xeol, cosign, witness, tkn, ratify, spire-server, undock, vexctl, rekor, sigstore-scaffolding, kots, crossplane, tekton-pipelines,...

EUVD-2025-204501

Malicious code in adk-github npm...

EUVD-2022-6368

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-54956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

Malicious Package

Overview github.com/ordinarymea/tnsrids is a malicious package. This package contains malicious code designed to provide attackers with on-demand remote access to a developer's system or CI/CD environment. The package and some other variants use typosquatting to imitate legitimate packages. Upon...

MAL-2025-6745 Malicious code in nr1-github (npm)

The package communicates with a domain associated with malicious activity...

Linux Distros Unpatched Vulnerability : CVE-2023-3012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. CVE-2023-3012 Note that Nessus relies on the presence of the package as reported by the...

CVE-2024-21527

Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-si...

CVE-2024-21497

Versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirecturl parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability,...

[SECURITY] Fedora 35 Update: golang-github-pkg-diff-0-0.4.20210406git20ebb0f.fc35

Module github.com/pkg/diff can be used to create, modify, and print diffs. The top level package, diff, contains convenience functions for the most comm on uses. The subpackages provide very fine-grained control over every aspect: - myers: creates diffs using the Myers diff algorithm. - edit:...

GHSA-H3P9-WRGX-82CM Use of a Broken or Risky Cryptographic Algorithm in Terraform

When using the Azure backend with a shared access signature SAS, Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP. Specific Go Packages Affected github.com/hashicorp/terraform/backend/remote-state/azure...

Authentication flaw

The package github.com/tyktechnologies/tyk-identity-broker before 1.1.1 are vulnerable to Authentication Bypass via the Go XML parser which can cause SAML authentication bypass. This is because the XML parser doesn’t guarantee integrity in the XML round-trip encoding/decoding XML data...

CVE-2021-23347

CVE-2021-23347 affects the Argo CD project, specifically the command line interface in the package github.com/argoproj/argo-cd/cmd before 1.7.13, and in 1.8.0 up to before 1.8.6. The underlying issue is a Cross-site Scripting (XSS) vulnerability triggered when the SSO provider returns a malicious...

CVE-2020-28483

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header...

CVE-2020-7668

In all versions of the package github.com/unknwon/cae/tz, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide...