ROOT-APP-GOBINARY-CVE-2026-42306 CVE-2026-42306 in rootio-github.com/docker/docker - Patched by Root

Root has patched CVE-2026-42306 in the rootio-github.com/docker/docker package for Root:Go. Multiple fixed versions available...

PT-2026-42374

DevGuard has an unauthenticated identity assertion via X-Admin-Token header in github.com/l3montree-dev/devguard...

Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)

Details on CVE-2026-3854: A critical flaw in GitHub’s internal git infrastructure enabling RCE on GitHub.com and GitHub Enterprise Server...

GO-2026-4489 FrankenPHP leaks session data between requests in worker mode in github.com/dunglas/frankenphp

FrankenPHP leaks session data between requests in worker mode in github.com/dunglas/frankenphp...

GO-2026-4414 Alist has Insecure TLS Config in github.com/alist-org/alist

Alist has Insecure TLS Config in github.com/alist-org/alist...

PT-2026-6518

Incus container environment configuration newline injection in github.com/lxc/incus...

GO-2025-4003 CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI in github.com/canonical/lxd

CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI in github.com/canonical/lxd...

GO-2025-4036 Mattermost has an Observable Timing Discrepancy vulnerability in github.com/mattermost/mattermost-server

Mattermost has an Observable Timing Discrepancy vulnerability in github.com/mattermost/mattermost-server...

EUVD-2023-1536

Malicious code in bioql PyPI...

GO-2025-3967 esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header in github.com/esm-dev/esm.sh

esm.sh has arbitrary file write via path traversal in X-Zone-Id header in github.com/esm-dev/esm.sh...

Cross-site Scripting (XSS)

github.com/forceu/gokapi is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the API key renaming feature, which allowed authenticated users to inject JavaScript that would execute when another user accessed the API tab...

GO-2025-3706 Fiber panics when fiber.Ctx.BodyParser parses invalid range index in github.com/gofiber/fiber

Fiber panics when fiber.Ctx.BodyParser parses invalid range index in github.com/gofiber/fiber...

SUSE CVE-2024-53858

The gh cli is GitHub's official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several gh commands...

GO-2024-3310 Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli

Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli...

GO-2024-3307 CVE-2024-50948 in github.com/mochi-mqtt/server

CVE-2024-50948 in github.com/mochi-mqtt/server...

GO-2024-3305 Moby Race Condition vulnerability in github.com/moby/moby

Moby Race Condition vulnerability in github.com/moby/moby...

GO-2024-3296 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli

Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli...

SUSE CVE-2024-53859

go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. go-gh sources authentication tokens...

GO-2024-3265 Git credentials are exposed in Atlantis logs in github.com/runatlantis/atlantis

Git credentials are exposed in Atlantis logs in github.com/runatlantis/atlantis...

GO-2024-3274 Stored XSS using two files in usememos/memos in github.com/usememos/memos

Stored XSS using two files in usememos/memos in github.com/usememos/memos...