SUSE: Security Advisory (SUSE-SU-2026:0641-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2026:0659-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - CVE-2025-30204: Fixed a vulnerability in jwt-go which allowed excessive memory allocation during header parsing. bsc1240513...

EUVD-2021-1212

Malware in sbrugna...

RLSA-2025:3344 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 For more details about the security issues, including the impact, a CVSS...

RHEL 9 : osbuild-composer (RHSA-2025:8267)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8267 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

ALSA-2025:7404 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 For more details about the security issues, including the impact, a CVSS...

ALSA-2025:7475 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 For more details about the security issues, including the impact, a CVSS...

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

jwt-go 安全漏洞

jwt-go is a Go language JWT implementation of the golang-jwt open source. A security vulnerability exists in jwt-go versions prior to 5.2.2 and prior to 4.5.2, which stems from a memory allocation issue that can be caused by the parse.ParseUnverified function when processing malicious requests...

Security Bulletin: IBM Security Guardium Insights is affected by JWT-Go vulnerability (CVE-2020-26160)

Summary IBM Security Guardium Insights adreesed the following issue Vulnerability Details CVEID: CVE-2020-26160 DESCRIPTION: jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m"aud" happens to be string. By sending a specially-crafted...