Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GO-2025-3755
  • Go/github.com/CosmWasm/wasmd
 CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error in github.com/CosmWasm/wasmd 8 hours ago
  • Fix available
GO-2025-3570
  • Go/github.com/jumpserver/koko
  • Go/github.com/jumpserver/jumpserver
 SSH public key login without private key challenge if mfa is enabled in jumpserver in github.com/jumpserver/koko in github.com/jumpserver/jumpserver 8 hours ago
  • Fix available
GO-2025-3754
  • Go/github.com/cloudflare/circl
 CIRCL-Fourq: Missing and wrong validation can lead to incorrect results in github.com/cloudflare/circl yesterday
  • Fix available
GO-2025-3756
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost allows authenticated administrator to execute LDAP search filter injection in github.com/mattermost/mattermost-server yesterday
  • Fix available
GO-2025-3757
  • Go/github.com/mattermost/mattermost-server
  • Go/github.com/mattermost/mattermost-server/v5
  • Go/github.com/mattermost/mattermost-server/v6
  • Go/github.com/mattermost/mattermost/server/v8
 Mattermost allows guest users to view information about public teams they are not members of in github.com/mattermost/mattermost-server yesterday
  • Fix available
GO-2025-3750
  • Go/stdlib
 Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall yesterday
  • Fix available
GO-2025-3751
  • Go/stdlib
 Sensitive headers not cleared on cross-origin redirect in net/http yesterday
  • Fix available
GO-2025-3749
  • Go/stdlib
 Usage of ExtKeyUsageAny disables policy validation in crypto/x509 yesterday
  • Fix available
GHSA-rx97-6c62-55mf
  • Go/github.com/hashicorp/nomad
 Hashicorp Nomad Incorrect Privilege Assignment vulnerability yesterday
  • No fix available
  • Severity - 8.1 (High)
GHSA-79xg-q4qm-7v9w
  • Go/github.com/CosmWasm/wasmd
 CWA-2025-006: wasmd's improper error handling may lead to IBC channel opening despite error yesterday
  • Fix available
GHSA-4r67-4x4p-fprg
  • Go/github.com/mattermost/mattermost/server/v8
  • Go/github.com/mattermost/mattermost-server
 Mattermost allows authenticated administrator to execute LDAP search filter injection yesterday
  • Fix available
  • Severity - 4.1 (Medium)
GHSA-jwhw-xf5v-qgxc
  • Go/github.com/mattermost/mattermost/server/v8
  • Go/github.com/mattermost/mattermost-server
 Mattermost allows guest users to view information about public teams they are not members of yesterday
  • Fix available
  • Severity - 3.1 (Low)
GHSA-2x5j-vhc8-9cwm
  • Go/github.com/cloudflare/circl
 CIRCL-Fourq: Missing and wrong validation can lead to incorrect results 2 days ago
  • Fix available
GO-2025-3743
  • Go/github.com/coredns/coredns
 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification in github.com/coredns/coredns 2 days ago
  • Fix available
GO-2025-3744
  • Go/github.com/authzed/spicedb
 SpiceDB checks involving relations with caveats can result in no permission when permission is expected in github.com/authzed/spicedb 2 days ago
  • Fix available
GO-2025-3745
  • Go/github.com/knadh/listmonk
 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk 2 days ago
  • No fix available
Load more...