734 matches found
Improper Input Validation
github.com/golang/go/ is vulnerable to Improper Input Validation. The vulnerability is due to a misalignment in the behavior of zip implementations, which can be exploited to create zip files with varying contents based on the implementation reading the file...
Path Traversal
github.com/cri-o/cri-o is vulnerable to Path Traversal. The vulnerability is due to the path of the /etc directory being relative to the base of the container, which could lead to a container escape...
GO-2024-2737 IPv6 enabled on IPv4-only network interfaces in github.com/docker/docker
IPv6 enabled on IPv4-only network interfaces in github.com/docker/docker...
GO-2024-2809 CVE-2024-32359 in github.com/carina-io/carina
CVE-2024-32359 in github.com/carina-io/carina...
GO-2024-2771 Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher
Rancher's Steve API Component Improper authorization check allows privilege escalation in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...
GO-2024-2793 Mattermost allows team admins to promote guests to team admins in github.com/mattermost/mattermost-server
Mattermost allows team admins to promote guests to team admins in github.com/mattermost/mattermost-server...
GO-2024-2468 snapd Race Condition vulnerability in github.com/snapcore/snapd
snapd Race Condition vulnerability in github.com/snapcore/snapd. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an...
GO-2024-2717 LocalAI Command Injection in audioToWav in github.com/go-skynet/LocalAI
LocalAI Command Injection in audioToWav in github.com/go-skynet/LocalAI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
GO-2024-2875 Wiki.js Stored XSS through Client Side Template Injection in github.com/requarks/wiki
Wiki.js Stored XSS through Client Side Template Injection in github.com/requarks/wiki...
GO-2024-2705 LocalAI cross-site request forgery vulnerability in github.com/go-skynet/LocalAI
LocalAI cross-site request forgery vulnerability in github.com/go-skynet/LocalAI...
GO-2024-2664 ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel
ZITADEL's actions can overload reserved claims in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
GO-2024-2885 Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder
Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder...
GO-2024-2580 Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer
Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer...
GO-2024-2741 Owncast Path Traversal vulnerability in github.com/owncast/owncast
Owncast Path Traversal vulnerability in github.com/owncast/owncast...
GO-2024-2729 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...
GO-2024-2644 Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime in github.com/fluid-cloudnative/fluid
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime in github.com/fluid-cloudnative/fluid...
GO-2024-2692 Pebble service manager's file pull API allows access by any user in github.com/canonical/pebble
Pebble service manager's file pull API allows access by any user in github.com/canonical/pebble...
GO-2024-2792 Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences in github.com/argoproj/argo-cd...
GO-2024-2747 Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo
Hugo Markdown titles are not escaped in internal render hooks in github.com/gohugoio/hugo...
GO-2024-2766 Information disclosure in podman in github.com/containers/libpod
Information disclosure in podman in github.com/containers/libpod...