734 matches found
GO-2024-3181 PAM module may allow accessing with the credentials of another user in github.com/ubuntu/authd
PAM module may allow accessing with the credentials of another user in github.com/ubuntu/authd...
GO-2024-3137 ZITADEL's User Grant Deactivation not Working in github.com/zitadel/zitadel
ZITADEL's User Grant Deactivation not Working in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
GO-2024-3156 CVE-2024-47219 in github.com/vesoft-inc/nebula
CVE-2024-47219 in github.com/vesoft-inc/nebula...
GO-2024-3160 Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials in github.com/ory/kratos
Ory Kratos's setting requiredaal highestavailable does not properly respect code + mfa credentials in github.com/ory/kratos...
GO-2024-3138 ZITADEL Allows Unauthorized Access After Organization or Project Deactivation in github.com/zitadel/zitadel
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GO-2024-3158 Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer
Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer...
GO-2024-3121 Interchain Security: The signers of ICS messages do not need to match the provider address in github.com/cosmos/interchain-security
Interchain Security: The signers of ICS messages do not need to match the provider address in github.com/cosmos/interchain-security...
GO-2024-3116 sigstore-go has an unbounded loop over untrusted input can lead to endless data attack in github.com/sigstore/sigstore-go
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack in github.com/sigstore/sigstore-go...
GHSA-G6Q4-W3J3-JFC4 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...
GO-2024-3081 CWA-2024-006: wasmd non-deterministic module_query_safe query in github.com/CosmWasm/wasmd
CWA-2024-006: wasmd non-deterministic modulequerysafe query in github.com/CosmWasm/wasmd...
GO-2024-3086 Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) in github.com/casdoor/casdoor
Casdoor has reflected XSS in QrCodePage.js GHSL-2024-036 in github.com/casdoor/casdoor...
Improper Authorization
github.com/hyperledger/fabric is vulnerable to Improper Authorization. the vulnerability is due to the improper verification of timestamp authenticity within the request handling process. An attacker can manipulate the timestamp to bypass security controls by sending a crafted request with a...
Cross-Origin Resource Sharing (CORS) Bypass
github.com/usememos/memos is vulnerable to Cross-Origin Resource Sharing CORS Bypass. The vulnerability is due to a CORS misconfiguration where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true, which may allow an attacker to perform cross-origin requests,...
GO-2022-1263 usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
usememos/memos Improper Access Control vulnerability in github.com/usememos/memos...
GO-2022-1264 usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos
usememos/memos has Incorrectly Specified Destination in a Communication Channel in github.com/usememos/memos...
GO-2022-1245 usememos/memos Improper Authorization vulnerability in github.com/usememos/memos
usememos/memos Improper Authorization vulnerability in github.com/usememos/memos...
GO-2022-1253 usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos
usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos...
GO-2022-1239 usememos/memos Improper Authentication vulnerability in github.com/usememos/memos
usememos/memos Improper Authentication vulnerability in github.com/usememos/memos...
GO-2022-1251 usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
usememos/memos Improper Access Control vulnerability in github.com/usememos/memos...
GO-2022-1248 usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos
usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos...