Go Vulnerability Database

• CVE-2025-26260
• Affects: github.com/plentico/plenti
• Published: Mar 13, 2025
• Unreviewed

CVE-2025-26260 in github.com/plentico/plenti

• GHSA-33cr-m232-xqch
• Affects: github.com/cheqd/cheqd-node
• Published: Mar 13, 2025
• Unreviewed

cheqd-node affected by Non-deterministic JSON Unmarshalling of IBC Acknowledgement in github.com/cheqd/cheqd-node. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/cheqd/cheqd-node before v3.1.7.

• CVE-2024-1725, GHSA-fg9q-5cw2-p6r9
• Affects: github.com/kubevirt/csi-driver
• Published: Mar 13, 2025
• Unreviewed

kubevirt-csi: PersistentVolume allows access to HCP's root node in github.com/kubevirt/csi-driver. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/kubevirt/csi-driver before v0.0.0-202403081943-cc28dcbb0afc14.

• CVE-2025-27403, GHSA-44f7-5fj5-h4px
• Affects: github.com/deislabs/ratify, github.com/ratify-project/ratify
• Published: Mar 13, 2025
• Unreviewed

Ratify Azure authentication providers can leak authentication tokens to non-Azure container registries in github.com/deislabs/ratify

• CVE-2025-1296, GHSA-c3q9-q986-vrwh
• Affects: github.com/hashicorp/nomad
• Published: Mar 13, 2025
• Unreviewed

Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs in github.com/hashicorp/nomad