Remote Code Execution (RCE)

github.com/kubernetes/dns leverages the dnsmasq library which is vulnerable to a heap-based buffer overflow. An attacker could cause a denial of service or execute arbitrary code via crafted DNS response. This issue in dnsmasq has been assigned CVE-2017-14491...

Denial Of Service (DoS) Via Multipart Request

net/http in github.com/golang/go is vulnerable to denial of service DoS attacks. The attacks exist because Request.ParseMultipartForm begins writing temporary files regardless of the request body size surpassing the given "maxMemory" limit. Attacker can send malicious multipart request to consume...

Information Disclosure

github.com/opencontainers/runc is vulnerable to information disclosure attacks. These attacks are possible because a run exec command can be ptraced by the pid 1 of the container. Using this, it allows attackers to gain access to the file-descriptors of new processes during initialization. It may...

HTTP Header Injection

net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling...

Weak Authentication

github.com/etcd-io/etcd is vulnerable to privilege escalation. The vulnerability exists as it uses Common Name CN in the etcd client server TLS certificate to authenticate user with any valid certificate to the gRPC-gateway...

Cross Site Request Forgery (CSRF)

github.com/gogs/gog is vulnerable to cross-site request forgery CSRF attack. The library does not properly validate the token for user sign-in process, allowing a malicious user to launch a cross-site request forgery attack...

Denial Of Service (DoS)

github.com/golang/net is vulnerable to a denial of service DoS attack. The library does not parse nested tags properly, causing a panic: runtime error exception which crashes the application...

Directory Traversal

github.com/astaxie/beego is vulnerable to directory traversal. The library does not properly sanitize the sessionID field, allowing a malicious user to pass a string with the ./ characters through this field to traverse the directory and gain access to sensitive files...

DNS Rebinding

github.com/kubernetes/minikube is vulnerable to DNS rebinding. The library does not randomize its ports or enforce host checking, allowing a malicious user to conduct a DNS rebinding to execute arbitrary code on another user's minikube cluster...

Denial Of Service (DoS)

github.com/moby/moby is vulnerable to denial of service DoS attacks. The vulnerability exists when a large number of CPU units is provided which causes a DoS attack when the value is used...

Denial Of Service (DoS)

github.com/golang/net is vulnerable to denial of service. A panic: runtime error occurs in inBodyIM in parse.go when the html.Parse is called with an unclosed tag, resulting in a denial of service condition...

Denial Of Service (DoS)

github.com/golang/net is vulnerable to a denial of service DoS attack. The library does not properly handle special TokenTypes when parsed during the in frameset insertion mode, causing a panic: runtime error that can crash the application...

Denial Of Service (DoS)

github.com/nanomsg/mangos is vulnerable to denial of service. The websocket module does not limit the size of messages which would allow an attacker to submit large messages and cause a denial of service condition on the server...

Cross-site Scripting (XSS)

github.com/portainer/portainer is vulnerable to cross-site scripting XSS attacks. The library does not use HTTP Secure Headers, allowing a malicious user to inject and execute arbitrary Javascript through the Team Name field...

Path Traversal

github.com/openshift/osin is vulnerable to path traversal. The vulnerability exists because it does not properly validate the redirect URL, allowing access to sensitive files...

Open Redirect

github.com/s-gv/orangeforum is susceptible to open redirect attacks. The attacks exist because views/auth.go does not properly handle the redirectURL parameter in LoginHandler and LogoutHandler, allowing an attacker to create a link to redirect users to a malicious webpage...

Directory Traversal

github.com/golang/gddo is vulnerable to directory traversal attacks. The vulnerability exists due to the tags in the packages that are fetched by github.com/golang/gddo, allowing directory traversal attacks...

Remote Code Execution (RCE)

github.com/src-d/go-git is vulnerable to remote code execution RCE attacks. A malicious user can pass a .gitmodules file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules command. This is related to CVE-2018-11235...

Cross-Site Scripting (XSS)

github.com/go-gitea/gitea is susceptible to cross-site scripting XSS attacks. The search query and wiki page title parameters are not escaped properly, allowing an attacker to inject and execute arbitrary code through it...

Cross-site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through HTML links on the dashboard...