GO-2024-2789 Cluster Monitoring Operator contains a credentials leak in github.com/openshift/cluster-monitoring-operator

Cluster Monitoring Operator contains a credentials leak in github.com/openshift/cluster-monitoring-operator...

GO-2024-2637 Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel

Account Takeover via Session Fixation in Zitadel Bypassing MFA in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

GO-2024-2707 Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server

Mattermost Server Improper Access Control in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners...

GO-2024-2788 ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel

ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

GO-2024-2732 Evmos vulnerable to DOS and transaction fee expropriation through Authz exploit in github.com/evmos/evmos

Evmos vulnerable to DOS and transaction fee expropriation through Authz exploit in github.com/evmos/evmos...

GO-2024-2698 Archiver Path Traversal vulnerability in github.com/mholt/archiver

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privilege...

GO-2024-2872 github.com/bincyber/go-sqlcrypter vulnerable to IV collision

github.com/bincyber/go-sqlcrypter vulnerable to IV collision...

GO-2024-2886 MinIO information disclosure vulnerability in github.com/minio/minio

MinIO information disclosure vulnerability in github.com/minio/minio...

GO-2024-2857 Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana

Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanner...

GO-2024-2848 Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana

Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2024-2843 Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana

Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

GO-2024-2852 Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana

Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, plea...

GO-2024-2854 Grafana folders admin only permission privilege escalation in github.com/grafana/grafana

Grafana folders admin only permission privilege escalation in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

GO-2024-2847 Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2024-2865 Stakater Forecastle has a directory traversal vulnerability in github.com/stakater/Forecastle

Stakater Forecastle has a directory traversal vulnerability in github.com/stakater/Forecastle...

GO-2024-2871 Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder...

GO-2024-2844 Grafana User enumeration via forget password in github.com/grafana/grafana

Grafana User enumeration via forget password in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

GO-2024-2849 dotmesh arbitrary file read and/or write in github.com/dotmesh-io/dotmesh

dotmesh arbitrary file read and/or write in github.com/dotmesh-io/dotmesh...

GO-2024-2855 Grafana Plugin signature bypass in github.com/grafana/grafana

Grafana Plugin signature bypass in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edi...

GO-2024-2811 piraeus-operator allows attacker to impersonate service account in github.com/piraeusdatastore/piraeus-operator

piraeus-operator allows attacker to impersonate service account in github.com/piraeusdatastore/piraeus-operator...