Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
github.com vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-36568
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote malicious users to cause resource exhaustion via memory allocation.
Revel Revel
7.8
CVSSv3
CVE-2021-29606
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of `Split_V`(https://github.com/tensorflow/tensorflow/blob/c59c37e7b2d563967da813fa50fe20b21f4da683/tensorflow/li...
Google Tensorflow
7.5
CVSSv3
CVE-2020-7711
This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
Goxmldsig Project Goxmldsig
7.5
CVSSv3
CVE-2019-25073
Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote malicious users to read files outside of the intended directory.
Goa.design Goa
7.5
CVSSv3
CVE-2021-23409
The package github.com/pires/go-proxyproto prior to 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.
Go-proxyproto Project Go-proxyproto
7.5
CVSSv3
CVE-2020-7731
This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.
Gosaml2 Project Gosaml2
7.5
CVSSv3
CVE-2021-29499
SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used as a dependency. A patch ...
Sylabs Singularity Image Format
9.8
CVSSv3
CVE-2023-31062
Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 up to and including 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by se...
Apache Inlong
9.8
CVSSv3
CVE-2021-21403
In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.
Kongchuanhujiao Project Kongchuanhujiao
9.1
CVSSv3
CVE-2020-36569
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.
Digitalocean Golang-nanoauth
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »