Go Vulnerability Database
Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more at go.dev/security/vuln.
Search
Recent Reports
- GHSA-7q74-g774-7x3g
- Affects: github.com/cosmos/interchain-security, github.com/cosmos/interchain-security/v2, and 3 more
- Published: Sep 06, 2024
- Unreviewed
Interchain Security: The signers of ICS messages do not need to match the provider address in github.com/cosmos/interchain-security
- CVE-2024-45401, GHSA-fv4g-gwpj-74gr
- Affects: github.com/stripe/stripe-cli
- Published: Sep 06, 2024
- Unreviewed
Path traversal vulnerability in stripe-cli in github.com/stripe/stripe-cli
- CVE-2024-8462
- Affects: github.com/windmill-labs/windmill
- Published: Sep 06, 2024
- Unreviewed
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
- CVE-2024-45395, GHSA-cq38-jh5f-37mq
- Affects: github.com/sigstore/sigstore-go
- Published: Sep 06, 2024
- Unreviewed
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack in github.com/sigstore/sigstore-go
- CVE-2024-43405, GHSA-7h5p-mmpp-hgmm
- Affects: github.com/projectdiscovery/nuclei, github.com/projectdiscovery/nuclei/v2, and 1 more
- Published: Sep 06, 2024
- Unreviewed
Nuclei Template Signature Verification Bypass in github.com/projectdiscovery/nuclei
If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.