GO-2022-0602 Email relay in Apache Traffic Control in github.com/apache/trafficcontrol

Email relay in Apache Traffic Control in github.com/apache/trafficcontrol...

GO-2022-0593 HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul

HashiCorp Consul Privilege Escalation Vulnerability in github.com/hashicorp/consul...

GO-2022-0604 Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server

Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server...

GO-2022-0512 DoS in KubeEdge's Websocket Client in package Viaduct in github.com/kubeedge/kubeedge

DoS in KubeEdge's Websocket Client in package Viaduct in github.com/kubeedge/kubeedge...

GO-2022-0497 Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd

Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params in github.com/argoproj/argo-cd...

GO-2022-0499 Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd

Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2022-0429 Smokescreen SSRF via deny list bypass in github.com/stripe/smokescreen

Smokescreen SSRF via deny list bypass in github.com/stripe/smokescreen...

GO-2022-0451 Ignition config accessible to unprivileged software on VMware in github.com/coreos/ignition

Ignition config accessible to unprivileged software on VMware in github.com/coreos/ignition...

GO-2022-0455 Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd

Argo CD will blindly trust JWT claims if anonymous access is enabled in github.com/argoproj/argo-cd...

GO-2022-0418 Opened exploitable ports in default docker-compose.yaml in go-ipfs in github.com/ipfs/go-ipfs

Opened exploitable ports in default docker-compose.yaml in go-ipfs in github.com/ipfs/go-ipfs...

GO-2022-0392 Denial of service in go-ethereum due to CVE-2020-28362 in github.com/ethereum/go-ethereum

Denial of service in go-ethereum due to CVE-2020-28362 in github.com/ethereum/go-ethereum...

GO-2022-0378 MD5 hash support in github.com/foxcpp/maddy

MD5 hash support in github.com/foxcpp/maddy...

GO-2022-0396 Devices resource list treated as a blacklist by default in github.com/opencontainers/runc

Devices resource list treated as a blacklist by default in github.com/opencontainers/runc...

GO-2022-0375 Improper Access Control in github.com/treeverse/lakefs

Improper Access Control in github.com/treeverse/lakefs...

GO-2022-0398 Import loops in account imports, nats-server DoS in github.com/nats-io/nats-server

Import loops in account imports, nats-server DoS in github.com/nats-io/nats-server...

GO-2022-0393 Network policy may be bypassed by some ICMP Echo Requests in github.com/cilium/cilium

Network policy may be bypassed by some ICMP Echo Requests in github.com/cilium/cilium...

GO-2022-0314 Cross-site Scripting in Gitea in github.com/go-gitea/gitea

Cross-site Scripting in Gitea in github.com/go-gitea/gitea...

GO-2022-0365 User object created with invalid provider data in GoTrue in github.com/netlify/gotrue

User object created with invalid provider data in GoTrue in github.com/netlify/gotrue...

GO-2022-0358 Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd

Path traversal allows leaking out-of-bound files from Argo CD repo-server in github.com/argoproj/argo-cd...

GO-2022-0261 Authentication bypass issue in the Operator Console in github.com/minio/console

Authentication bypass issue in the Operator Console in github.com/minio/console...