CVE-2025-27144 affecting package telegraf for versions less than 1.31.0-8

CVE-2025-27144 affecting package telegraf for versions less than 1.31.0-8. A patched version of the package is available...

AZL-43083 CVE-2024-37298 affecting package telegraf for versions less than 1.31.0-2

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running schema.Decoder.Decode on a struct that has a field of type struct... opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of...

AZL-35761 CVE-2024-28110 affecting package telegraf for versions less than 1.28.5-5

Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When...

AZL-35426 CVE-2023-50658 affecting package telegraf for versions less than 1.29.4-1

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...