Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
go vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2018-20744
The Olivier Poitrey Go CORS handler up to and including 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
Go Cors Project Go Cors
7.5
CVSSv3
CVE-2022-37315
graphql-go (aka GraphQL for Go) up to and including 0.8.0 has infinite recursion in the type definition parser.
Graphql-go Project Graphql-go
9.8
CVSSv3
CVE-2023-1800
A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. Th...
Go-fastdfs Project Go-fastdfs
6.1
CVSSv3
CVE-2019-18923
Insufficient content type validation of proxied resources in go-camo prior to 2.1.1 allows a remote malicious user to serve arbitrary content from go-camo's origin.
Go-camo Project Go-camo
9.8
CVSSv3
CVE-2019-14255
A Server Side Request Forgery (SSRF) vulnerability in go-camo up to version 1.1.4 allows a remote malicious user to perform HTTP requests to internal endpoints.
Go-camo Project Go-camo
9.8
CVSSv3
CVE-2023-49569
A path traversal vulnerability exists in go-git versions prior to v5.11. This vulnerability allows an malicious user to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are us...
Go-git Project Go-git
1 Github repository
9.8
CVSSv3
CVE-2022-42980
go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key.
Go-admin Go-admin 2.0.12
7.5
CVSSv3
CVE-2022-30591
quic-go up to and including 0.27.0 allows remote malicious users to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu_discoverer.go misparses the MTU Discovery service and consequently...
Quic-go Project Quic-go
1 Github repository
7.5
CVSSv3
CVE-2020-26160
jwt-go prior to 4.0.0-preview1 allows malicious users to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security proble...
Jwt-go Project Jwt-go
3 Github repositories
6.5
CVSSv3
CVE-2022-21708
graphql-go is a GraphQL server with a focus on ease of use. In versions before 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access ...
Graphql-go Project Graphql-go
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »