AZL-59227 CVE-2025-30204 affecting package etcd for versions less than 3.5.21-1

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-77522 CVE-2025-30204 affecting package influxdb 2.7.5-10

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-77514 CVE-2025-30204 affecting package keda for versions less than 2.4.0-32

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

CVE-2004-2027

Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service crash via a long Basic Authorization header that triggers an out-of-bounds read...