GO-2024-2847 Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

GO-2024-2871 Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder...

GO-2024-2855 Grafana Plugin signature bypass in github.com/grafana/grafana

Grafana Plugin signature bypass in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edi...

GO-2024-2811 piraeus-operator allows attacker to impersonate service account in github.com/piraeusdatastore/piraeus-operator

piraeus-operator allows attacker to impersonate service account in github.com/piraeusdatastore/piraeus-operator...

Open Redirect

github.com/goharbor/harbor is vulnerable to open redirect. The vulnerability is due to a lack of validation for the redirecturl parameter with the OIDC authentication, which allows attackers to redirect users to malicious sites after login...

Authentication Bypass

github.com/casgate/casgate is vulnerable to Authentication Bypass. The vulnerability is due to improper authorization checks using the id parameter in GET requests, which allows attackers to bypass authentication and access sensitive information remotely without authorization...

Improper Input Validation

github.com/ollama/ollama is vulnerable to Improper Input Validation. The vulnerability is due to improper validation of the digest format sha256 with 64 hex digits when getting the model path, which results in the mishandling of the TestGetBlobsPath test cases with fewer than 64 hex digits, more...

GO-2024-2675 Temporal UI Server cross-site scripting vulnerability in github.com/temporalio/ui-server

Temporal UI Server cross-site scripting vulnerability in github.com/temporalio/ui-server...

GO-2024-2597 Integer overflow in chunking helper causes dispatching to miss elements or panic in github.com/authzed/spicedb

Integer overflow in chunking helper causes dispatching to miss elements or panic in github.com/authzed/spicedb...

GO-2024-2836 sshproxy vulnerable to SSH option injection in github.com/cea-hpc/sshproxy

sshproxy vulnerable to SSH option injection in github.com/cea-hpc/sshproxy...

GO-2024-2648 Server/API for Vela Insecure Variable Substitution in github.com/go-vela/server

Server/API for Vela Insecure Variable Substitution in github.com/go-vela/server...

GO-2024-2779 Access Restriction Bypass in go-ipfs in github.com/ipfs/go-ipfs

Access Restriction Bypass in go-ipfs in github.com/ipfs/go-ipfs...

GO-2024-2727 Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation

Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation...

GO-2024-2641 Insecure Variable Substitution in Vela in github.com/go-vela/worker

Insecure Variable Substitution in Vela in github.com/go-vela/worker...

GO-2024-2578 Apache Answer Cross-site Scripting vulnerability in github.com/apache/incubator-answer

Apache Answer Cross-site Scripting vulnerability in github.com/apache/incubator-answer...

GO-2024-2649 Types for Vela Insecure Variable Substitution in github.com/go-vela/types

Types for Vela Insecure Variable Substitution in github.com/go-vela/types...

GO-2024-2859 source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller

source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller...

GO-2024-2642 Pterodactyl Wings vulnerable to improper isolation of server file access in github.com/pterodactyl/wings

Pterodactyl Wings vulnerable to improper isolation of server file access in github.com/pterodactyl/wings...

GO-2024-2647 CLI for Vela Insecure Variable Substitution in github.com/go-vela/cli

CLI for Vela Insecure Variable Substitution in github.com/go-vela/cli...

GO-2024-2860 goreleaser shows environment by default in github.com/goreleaser/goreleaser

goreleaser shows environment by default in github.com/goreleaser/goreleaser...