Cross-site Scripting (XSS)

github.com/koding/koding is vulnerable to cross-site scripting XSS attacks. The attacks exist since it does not encode the user input value in crawler to avoid the attack...

Cross-site Scripting (XSS)

github.com/koding/koding is susceptible to cross-site scripting XSS attacks. It happens because it encodes title as html in setPaneTitle of KDTabView.coffee...

Phishing Attack

github.com/microcosm-cc/bluemonday is vulnerable as a vector for phishing attacks. The library doesn't protect against the window.opener vulnerability. This allows a malicious user to redirect users to a malicious URL...

Arbitrary Log Read

github.com/kubernetes/kubernetes is vulnerable to arbitrary log reads. Using a container name, attackers are able to read the pod logs...

Insecure Cookies

github.com/sensu/uchiwa doesn't use correctly secured cookies for sensitive information. The SecureFlag is currently not being set in the AuthenticationToken and the XSRF-Token cookies. This allows attackers to observe the cookies as they are sent in plaintext...

Denial Of Service (DoS)

github.com/ugorji/go is vulnerable to denial of service DoS attacks. The vulnerability exists because it doe not limit the size of length of input when it decodes a very large or corrupted string or bytes value...

Privilege Escalation

github.com/docker/libcontainer is vulnerable to privilege escalation attacks. These attacks are possible because github.com/docker/libcontainer and docker open the file-descriptor passed to pid-1 before performing chroot actions. The attacks can be triggered through a symlink attack...

Man-in-the-middle (MitM)

github.com/golang/crypto is vulnerable to man-in-the-middle MitM attacks. The HostKeyCallback function currently interprets nil as to accept any host keys. A MitM server can allow the login to succeed and get the agemt to authenticate to the actual server...

Privilege Escalation

github.com/opencontainers/runc is vulnerable to privilege escalation attacks. These attacks are possible because github.com/opencontainers/runc treats a numeric UID as a potential username. This allows local users to gain privileges though a numeric username in the password file. This transitivel...

Timing Attack

github.com/hashicorp/vault is vulnerable to timing attacks. This vulnerability is caused because passwords are not compared in constant time, allowing malicious users to guess valid passwords based on the time that a comparison takes...

Cross-site Request Forgery (CSRF)

github.com/bitly/oauth2proxy is vulnerable to cross-site request forgery CSRF attacks. The vulnerability is possible due to a flaw in OAuth flow where it uses state parameter as redirect target URL without secure randomness...

POODLE Attack

github.com/zenazn/goji is vulnerable to POODLE attacks. A malicious user can compromise the SSL 3.0 channel to listen in and execute a man-in-the-middle MitM attacks. This is related to CVE-2014-3566...

Denial Of Service (DoS)

github.com/grpc/grpc-go is vulnerable to denial of service DoS attacks. A malicious user can send an empty hpack string to the system and cause it to crash...

Cross-site Scripting (XSS)

net/http in github.com/golang/go is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the Error function as a user can control the error message...

Unauthorized Modification Of Data

github.com/go-gitea/gitea is vulnerable to unauthorized deletion of user emails. A malicious user can modify the HTTP post requests to delete another user's email...

Timing Attacks

github.com/go-gitea/gitea is vulnerable to timing attacks. This vulnerability is caused because the passwords are not compared in constant time, allowing malicious users to guess the valid passwords based on the time that a comparison takes...

Integer Overflow

github.com/golang/protobuf is vulnerable to integer overflows. A malicious user can pass an integer larger than 64-bit to the system, causing an integer overflow and crashing the system...

Cross-site Scripting (XSS)

github.com/hashicorp/consul is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the sessionName, sessionMeta and aclName strings, allowing an attacker to inject and execute arbitrary script...

Information Disclosure

github.com/tianon/gosu is vulnerable information disclosure. The library changes and leaves file descriptors open when accessing them. This can allow a malicious user to change permissions on sensitive files and read them...

Cross-site Request Forgery (CSRF)

github.com/koding/koding is vulnerable to cross-site request forgery CSRF attacks. The vulnerability exists because it does not incorporate the state parameter logic into the authorization process...