CVE-2026-48787 gin-vue-admin vulnerable to RCE

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

GO-2026-4754 free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion in github.com/free5gc/ausf

free5GC AUSF UE Authentication Panic on Nil SuciSupiMap Interface Conversion in github.com/free5gc/ausf...

CVE-2026-32805

CVE-2026-32805 corresponds to an Archive Slip flaw in Romeo’s webserver sanitization (github.com/ctfer-io/romeo/webserver). The root cause is a missing trailing path separator in the strings.HasPrefix check within sanitizeArchivePath, enabling a crafted tar to traverse outside the intended destin...

CVE-2026-32805

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.2, the sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path...

CVE-2026-32737

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...

Romeo 路径遍历漏洞

Romeo is an open-source Go application code coverage calculation tool developed by CTFer.io. Versions of Romeo prior to 0.2.2 contained a path traversal vulnerability. This vulnerability stemmed from defects in the path traversal checks, which could lead to arbitrary file writing...

PT-2026-5930

Name of the Vulnerable Software and Affected Versions Go affected versions not specified Description A difference in how Go and C/C++ interpret comments can allow malicious code to be hidden within the compiled binary when using cgo. This technique, known as code smuggling, enables attackers to...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to unsafe handling of compiler flags in CgoPkgConfig. An attacker can exploit the vulnerability to execute arbitrary code on...

EUVD-2022-1028

Malicious code in bioql PyPI...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the SplitRTR function in the rtr.go file, which allows access to data without checking the input length. An attacker can cause a denial of service by sending specially crafted input. Remediation Upgrade...

go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion

A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion...

CVE-2023-37896 Nuclei Path Traversal vulnerability

Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code SDK running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. Ther...

CVE-2023-36456

authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy a...

CVE-2023-36456 Authentik lacks Proxy IP headers validation

authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy a...

[SECURITY] Fedora 36 Update: nex-20210330-4.fc36

Nex is a lexer similar to Lex/Flex that: 1 generates Go code instead of C code, 2 integrates with Go's Yacc instead of YACC/Bison, 3 supports UTF-8, and 4 supports nested structural regular expressions...

[SECURITY] Fedora 36 Update: golang-github-shurcool-vfsgen-0-0.12.20210113git0d455de.fc36

Package Vfsgen takes an http.FileSystem likely at go generate time and generates Go code that statically implements the provided http.FileSystem...

[SECURITY] Fedora 36 Update: go-bindata-3.0.7-23.gita0ff256.fc36

A small utility which generates Go code from any file This tool converts any file into managable Go source code. Useful for embedding binary data into a go program. The file data is optionally gzip compressed before being converted to a raw byte slice...

[SECURITY] Fedora 35 Update: go-bindata-3.0.7-22.gita0ff256.fc35

A small utility which generates Go code from any file This tool converts any file into managable Go source code. Useful for embedding binary data into a go program. The file data is optionally gzip compressed before being converted to a raw byte slice...

[SECURITY] Fedora 35 Update: nex-20210330-2.fc35

Nex is a lexer similar to Lex/Flex that: 1 generates Go code instead of C code, 2 integrates with Go's Yacc instead of YACC/Bison, 3 supports UTF-8, and 4 supports nested structural regular expressions...

[SECURITY] Fedora 36 Update: golang-github-shurcool-vfsgen-0-0.11.20210113git0d455de.fc36

Package Vfsgen takes an http.FileSystem likely at go generate time and generates Go code that statically implements the provided http.FileSystem...