Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-m38g-vww2-mvgx
  • Go/github.com/siderolabs/talos
 Talos Linux has a local privilege escalation from untrusted workloads 20 minutes ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-v8j7-hp7c-738f
  • Go/github.com/kubetail-org/kubetail/modules/cli
  • Go/github.com/kubetail-org/kubetail/modules/dashboard
 Kubetail has a Cross-Site WebSocket Hijacking issue that allows attacker to read Kubernetes logs from authenticated users 23 minutes ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-j7w6-vpvq-j3gm
  • PyPI/diffusers
 Diffusers: None.py has Trust Remote Code Bypass 33 minutes ago
  • Fix available
  • Severity - 8.8 (High)
GHSA-4cx3-3c38-j9vv
  • RubyGems/katalyst-koi
 katalyst-koi: Session cookies can be replayed after user logout 44 minutes ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-585v-hcgf-jhfr
  • Go/github.com/free5gc/udm
 Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information 48 minutes ago
  • No fix available
  • Severity - 7.7 (High)
GHSA-w239-58x2-q8p5
  • Go/github.com/ipld/go-ipld-prime
 go-ipld-prime's DAG-CBOR and DAG-JSON decoders have unbounded recursion depth 50 minutes ago
  • Fix available
  • Severity - 6.2 (Medium)
GHSA-ff6c-w6qf-7xqc
  • RubyGems/css_parser
 CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content 51 minutes ago
  • Fix available
  • Severity - 5.8 (Medium)
GHSA-6rgm-gr97-x3j5
  • Go/github.com/free5gc/pcf
 Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI 59 minutes ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-3v3m-wc6v-x4x3
  • Go/github.com/argoproj/argo-cd/v3
 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction 1 hour ago
  • Fix available
  • Severity - 9.6 (Critical)
GHSA-vrrx-58h3-prmh
  • Go/github.com/free5gc/amf
 Free5GC AMF has Missing Concurrent NAS SMC Validation During NGAP Handover 1 hour ago
  • No fix available
  • Severity - 3.7 (Low)
GHSA-fpf5-4jw8-67x8
  • crates.io/rust-zserio
 rust-zserio has Unbounded Memory Allocation 1 hour ago
  • Fix available
  • Severity - 7.5 (High)
GHSA-77x9-rf64-92gv
  • Go/github.com/free5gc/amf
 Free5GC AMF Bypasses UE Security Capabilities on NGAP PathSwitchRequest 1 hour ago
  • No fix available
  • Severity - 6.1 (Medium)
GHSA-m98r-6667-4wq7
  • PyPI/aegra-api
 Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR) 1 hour ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-7j59-v9qr-6fq9
  • Go/github.com/microsoft/kiota-http-go
  • Maven/com.microsoft.kiota:microsoft-kiota-abstractions
  • NuGet/Microsoft.Kiota.Abstractions
  • PyPI/microsoft-kiota-http
  • npm/kiota-typescript
 Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect 1 hour ago
  • Fix available
  • Severity - 7.0 (High)
GHSA-39g5-644c-qwcg
  • SwiftURL/github.com/apple/container
 container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command 1 hour ago
  • Fix available
  • Severity - 1.9 (Low)
GHSA-765j-qfrp-hm3j
  • Go/github.com/rancher/fleet
 Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering 1 hour ago
  • Fix available
  • Severity - 9.9 (Critical)
Load more...