Go Vulnerability Database
Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more at go.dev/security/vuln.
Search
Recent Reports
- GHSA-7prj-hgx4-2xc3
- Affects: github.com/ryanbekhen/nanoproxy
- Published: Dec 13, 2024
- Unreviewed
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy in github.com/ryanbekhen/nanoproxy
- CVE-2024-55657, GHSA-xx68-37v4-4596
- Affects: github.com/siyuan-note/siyuan/kernel
- Published: Dec 12, 2024
- Unreviewed
SiYuan has an arbitrary file read via /api/template/render in github.com/siyuan-note/siyuan/kernel
- CVE-2024-55659, GHSA-fqj6-whhx-47p7
- Affects: github.com/siyuan-note/siyuan/kernel
- Published: Dec 12, 2024
- Unreviewed
SiYuan has an arbitrary file write in the host via /api/asset/upload in github.com/siyuan-note/siyuan/kernel
- GHSA-c7xh-gjv4-4jgv
- Affects: github.com/kcp-dev/kcp
- Published: Dec 12, 2024
- Unreviewed
kcp's impersonation allows access to global administrative groups in github.com/kcp-dev/kcp
- CVE-2024-55660, GHSA-4pjc-pwgq-q9jp
- Affects: github.com/siyuan-note/siyuan/kernel
- Published: Dec 12, 2024
- Unreviewed
SiYuan has an SSTI via /api/template/renderSprig in github.com/siyuan-note/siyuan/kernel
If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.