Go Vulnerability Database
Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more at go.dev/security/vuln.
Search
Recent Reports
- CVE-2025-24366, GHSA-vj7w-3m8c-6vpx
- Affects: github.com/drakkan/sftpgo, github.com/drakkan/sftpgo/v2
- Published: Feb 07, 2025
- Unreviewed
SFTPGo has insufficient sanitization of user provided rsync command in github.com/drakkan/sftpgo. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: .
- CVE-2025-24787, GHSA-c7w4-9wv8-7x7c
- Affects: github.com/clidey/whodb/core
- Published: Feb 07, 2025
- Unreviewed
WhoDB allows parameter injection in DB connection URIs leading to local file inclusion in github.com/clidey/whodb/core
- CVE-2025-24786, GHSA-9r4c-jwx3-3j76
- Affects: github.com/clidey/whodb/core
- Published: Feb 07, 2025
- Unreviewed
WhoDB has a path traversal opening Sqlite3 database in github.com/clidey/whodb/core
- GHSA-vqv5-385r-2hf8
- Affects: github.com/edgelesssys/contrast
- Published: Feb 05, 2025
- Unreviewed
Contrast's unauthenticated recovery allows Coordinator impersonation in github.com/edgelesssys/contrast
- GHSA-mj4v-hp69-27x5
- Affects: github.com/plentico/plenti
- Published: Feb 05, 2025
- Unreviewed
Plenti - Code Injection - Denial of Services in github.com/plentico/plenti
If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.