35 matches found
GO-2026-5746 Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker
Docker: PUT /containers/id/archive executes container binary on the host in github.com/docker/docker...
GO-2026-5694 Cosign's verify-blob-attestation reports false positive when payload parsing fails in github.com/sigstore/cosign
Cosign's verify-blob-attestation reports false positive when payload parsing fails in github.com/sigstore/cosign...
GO-2026-5568 Podman: WORKDIR symlink traversal vulnerability in github.com/containers/podman
Podman: WORKDIR symlink traversal vulnerability in github.com/containers/podman...
GO-2026-5462 Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor in github.com/argoproj/argo-workflows
Argo Vulnerable to Unauthenticated Memory Exhaustion DoS in Webhook Interceptor in github.com/argoproj/argo-workflows...
GO-2026-5416 gitverify has improper tag signature verification in github.com/supply-chain-tools/gitverify
gitverify has improper tag signature verification in github.com/supply-chain-tools/gitverify...
GO-2026-5353 Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure in github.com/aws/amazon-ecs-agent
Amazon ECS Container Agent Windows is vulnerable to Information Disclosure in github.com/aws/amazon-ecs-agent...
GO-2026-5378 containerd user ID handling bypass allows runAsNonRoot evasion in github.com/containerd/containerd
containerd user ID handling bypass allows runAsNonRoot evasion in github.com/containerd/containerd...
GO-2026-5260 SiYuan has incomplete fix for CVE-2026-33066: XSS in github.com/siyuan-note/siyuan/kernel
SiYuan has incomplete fix for CVE-2026-33066: XSS in github.com/siyuan-note/siyuan/kernel...
GO-2026-4886 Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus
Incus vulnerable to denial of source through crafted bucket backup file in github.com/lxc/incus...
GO-2026-4738 File Browser has an Authorization Policy Bypass in Public Share Download Flow in github.com/filebrowser/filebrowser
File Browser has an Authorization Policy Bypass in Public Share Download Flow in github.com/filebrowser/filebrowser...
GO-2026-4903 nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI
nginx-ui Backup Restore Allows Tampering with Encrypted Backups in github.com/0xJacky/Nginx-UI...
GO-2026-4844 Zoraxy: Authenticated Path Traversal in Config Import leads to RCE in github.com/tobychui/zoraxy
Zoraxy: Authenticated Path Traversal in Config Import leads to RCE in github.com/tobychui/zoraxy...
GO-2026-4832 NATS JetStream has an authorization bypass through its Management API in github.com/nats-io/nats-server
NATS JetStream has an authorization bypass through its Management API in github.com/nats-io/nats-server...
GO-2026-4829 NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server
NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server...
GO-2026-4813 New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api
New API has passkey-based secure step-up verification bypass for root-only channel secret disclosure in github.com/QuantumNous/new-api...
GO-2026-4827 NATS credentials are exposed in monitoring port via command-line argv in github.com/nats-io/nats-server
NATS credentials are exposed in monitoring port via command-line argv in github.com/nats-io/nats-server...
GO-2026-4826 NATS: Message tracing can be redirected to arbitrary subject in github.com/nats-io/nats-server
NATS: Message tracing can be redirected to arbitrary subject in github.com/nats-io/nats-server...
GO-2026-4701 github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control...
GO-2026-4708 SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes in github.com/siyuan-note/siyuan
SiYuan importStdMd: unvalidated localPath imports arbitrary host directories as persistent notes in github.com/siyuan-note/siyuan...
GO-2026-4796 ingress-nginx comment-based nginx configuration injection in k8s.io/ingress-nginx
ingress-nginx comment-based nginx configuration injection in k8s.io/ingress-nginx...