Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-xjvp-7243-rg9h
  • Go/charm.land/wish/v2
  • Go/github.com/charmbracelet/wish
 Wish has SCP Path Traversal that allows arbitrary file read/write 8 hours ago
  • Fix available
  • Severity - 9.6 (Critical)
GHSA-mph4-q2vm-w2pw
  • Go/github.com/kubernetes-sigs/aws-efs-csi-driver
 Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields 8 hours ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-6g38-8j4p-j3pr
  • Go/github.com/nhost/nhost
 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass 8 hours ago
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-3xc5-wrhm-f963
  • Go/github.com/go-git/go-git/v5
  • Go/github.com/go-git/go-git/v6
 go-git: Credential leak via cross-host redirect in smart HTTP transport 11 hours ago
  • Fix available
  • Severity - 4.7 (Medium)
GHSA-8gmg-3w2q-65f4
  • Go/go.opentelemetry.io/obi
 OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR 11 hours ago
  • Fix available
  • Severity - 8.4 (High)
GHSA-85gx-3qv6-4463
  • Go/github.com/dapr/dapr
 Dapr: Service Invocation path traversal ACL bypass 11 hours ago
  • Fix available
  • Severity - 8.1 (High)
GHSA-c97m-vxhj-p7j6
  • Go/github.com/yuin/goldmark/renderer/html
 goldmark vulnerable to Cross-site Scripting (XSS) 18 hours ago
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-88v5-9hxc-f85r
  • Go/github.com/hashicorp/vault
 HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations yesterday
  • No fix available
  • Severity - 7.5 (High)
GHSA-72gw-fmmr-c4r4
  • Go/github.com/hashicorp/vault
 HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization yesterday
  • No fix available
  • Severity - 7.5 (High)
GHSA-8r5m-3f66-qpr3
  • Go/github.com/hashicorp/vault
 HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS yesterday
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-m2w4-8ggf-rj47
  • Go/github.com/hashicorp/vault
 HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service yesterday
  • No fix available
  • Severity - 8.1 (High)
GHSA-fgw5-hp8f-xfhc
  • Go/istio.io/istio
 Istio: SSRF via RequestAuthentication jwksUri yesterday
  • Fix available
  • Severity - 5.0 (Medium)
GHSA-8wfp-579w-6r25
  • Go/github.com/kyverno/kyverno
 Kyverno apiCall automatically forwards ServiceAccount token to external endpoints (credential leak) yesterday
  • Fix available
  • Severity - 7.7 (High)
GHSA-f9g8-6ppc-pqq4
  • Go/github.com/kyverno/kyverno
 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL yesterday
  • Fix available
  • Severity - 8.1 (High)
GHSA-cvq5-hhx3-f99p
  • Go/github.com/kyverno/kyverno
 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) yesterday
  • No fix available
  • Severity - 7.7 (High)
GHSA-qqx8-2xmm-jrv8
  • Go/github.com/go-acme/lego
  • Go/github.com/go-acme/lego/v3
  • Go/github.com/go-acme/lego/v4
 ACME Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider yesterday
  • Fix available
  • Severity - 8.8 (High)
Load more...