Authentication Bypass By Spoofing

github.com/kubernetes/kubernetes/ is vulnerable to Authentication Bypass By Spoofing. The vulnerability is due to improper issuers check which allows an attacker to bypass the issue "iss" check during JSON Web Token JWT authentication...

Improper Authorization

github.com/argoproj/argo-cd/ is vulnerable to Improper Authorization. The vulnerability is caused by the exposure of the passwordPattern setting through the /api/v1/settings endpoint without authentication...

Improper Input Validation

github.com/golang/go/ is vulnerable to Improper Input Validation. The vulnerability is due to various methods IsPrivate, IsLoopback, etc. which do not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

Denial Of Service (DoS)

github.com/envoyproxy/envoy is vulnerable to Denial Of Service DOS. The vulnerability is due to the async HTTP client buffering the mirror response with an unbounded buffer, which allows attackers to potentially cause an out-of-memory scenario by sending huge responses...

Use After Free

github.com/envoyproxy/envoy is vulnerable to a use-after-free. The vulnerability is due to QUICHE continuing to push request headers after the StopReading method is called on the stream, which can lead to accessing a destroyed HCM ActiveStream object. This allows attackers to disrupt service by...

GO-2024-2777 IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax

IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax...

GO-2024-2770 IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax

IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax...

GO-2024-2629 Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana

Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

GO-2024-2762 Rancher code injection via fluentd config commands in github.com/rancher/rancher

Rancher code injection via fluentd config commands in github.com/rancher/rancher...

GO-2024-2576 registry-support: decompress can delete files outside scope via relative paths in github.com/devfile/registry-support/registry-library

registry-support: decompress can delete files outside scope via relative paths in github.com/devfile/registry-support/registry-library. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

GO-2024-2795 Mattermost crashes web clients via a malformed custom status in github.com/mattermost/mattermost-server

Mattermost crashes web clients via a malformed custom status in github.com/mattermost/mattermost-server...

GO-2024-2761 Rancher Login Parameter Can Be Edited in github.com/rancher/rancher

Rancher Login Parameter Can Be Edited in github.com/rancher/rancher...

GO-2024-2750 Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure

Kubernetes Secrets Store CSI Driver plugins arbitrary file write in github.com/Azure/secrets-store-csi-driver-provider-azure. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

GO-2024-2696 Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server

Mattermost fails to authenticate the source of certain types of post actions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

GO-2024-2797 Mattermost's detailed error messages reveal the full file path in github.com/mattermost/mattermost-server

Mattermost's detailed error messages reveal the full file path in github.com/mattermost/mattermost-server...

GO-2024-2722 Traefik vulnerable to denial of service with Content-length header in github.com/traefik/traefik

Traefik vulnerable to denial of service with Content-length header in github.com/traefik/traefik...

GO-2024-2734 1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel

1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...

GO-2024-2796 Mattermost fails to limit the size of a request path in github.com/mattermost/mattermost-server

Mattermost fails to limit the size of a request path in github.com/mattermost/mattermost-server...

GO-2024-2799 MCUboot Injection attack of unprotected TLV values in github.com/mcu-tools/mcuboot

MCUboot Injection attack of unprotected TLV values in github.com/mcu-tools/mcuboot...

GO-2024-2808 CSRF in firebase-tools emulator suite in github.com/firebase/firebase-tools

CSRF in firebase-tools emulator suite in github.com/firebase/firebase-tools...