Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to the NewKeyring function not enforcing the ConfirmBeforeUse constraint. An attacker can perform unauthorized signing operations by adding keys with constraints that are silently ignored. Remediation Upgrade...

Allocation of Resources Without Limits or Throttling

Overview std/archive/tar is a Go standard library package std/archive/tar Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted...

GO-2026-4714 Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace in github.com/ctfer-io/romeo/environment/deploy

Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace in github.com/ctfer-io/romeo/environment/deploy. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the EncodeGroupId function when processing a malformed group-id-list parameter. An attacker can cause the application to panic and terminate unexpectedly by supplying specially crafted input...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /download URL validation process. An attacker can access internal resources or trigger unintended network requests by crafting a browser-side redirect that bypasses validation. Remediation Upgrad...

GO-2026-4647 x402 SDK Security Advisory in github.com/coinbase/x402/go

x402 SDK Security Advisory in github.com/coinbase/x402/go. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to...

GO-2025-4259 Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues in github.com/mattermost/mattermost-server

Mattermost doesn't validate user channel membership when attaching Mattermost posts as comments to Jira issues in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. ...

GO-2026-4521 Mattermost fails to properly validate team membership when processing channel mentions in github.com/mattermost/mattermost-server

Mattermost fails to properly validate team membership when processing channel mentions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

GO-2026-4446 OpenFGA Improper Policy Enforcement in github.com/openfga/openfga

OpenFGA Improper Policy Enforcement in github.com/openfga/openfga...

Relative Path Traversal

Overview std/os is a Go standard library package std/os Affected versions of this package are vulnerable to Relative Path Traversal. Go Vulnerability Report: It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open"../"...

OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs

When OpenTofu is acting as a TLS client authenticating a certificate chain provided by a TLS server, an excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com...

Allocation of Resources Without Limits or Throttling

Overview std/archive/tar is a Go standard library package std/archive/tar Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar...

GO-2025-3984 Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher

Rancher CLI SAML authentication is vulnerable to phishing attacks in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabili...

Symlink Attack

Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Symlink Attack. Go Vulnerability Report:os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix...

HTTP Request Smuggling

Overview std/net/http/internal is a Go standard library package std/net/http/internal Affected versions of this package are vulnerable to HTTP Request Smuggling. Go Vulnerability Report:The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This c...

Improper Neutralization

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Improper Neutralization. Go Vulnerability Report: The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a...

Allocation of Resources Without Limits or Throttling

Overview std/net/textproto is a Go standard library package std/net/textproto Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: When parsing a multipart form either explicitly with Request.ParseMultipartForm or...

Uncontrolled Search Path Element

Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Uncontrolled Search Path Element. Go Vulnerability Report: via the LoadLibrary process. An attacker can execute arbitrary code by placing a malicious DLL in a location where it wi...

Uncaught Exception

Overview std/archive/zip is a Go standard library package std/archive/zip Affected versions of this package are vulnerable to Uncaught Exception. Go Vulnerability Report: via the NewReader or OpenReader functions when processing an archive that specifies an unusually large number of files. An...