Go Vulnerability Database
Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more at go.dev/security/vuln.
Search
Recent Reports
- CVE-2024-43403, GHSA-h27c-6xm3-mcqp
- Affects: github.com/kanisterio/kanister
- Published: Aug 22, 2024
- Unreviewed
Kanister vulnerable to cluster-level privilege escalation in github.com/kanisterio/kanister
- CVE-2024-6322, GHSA-hh8p-374f-qgr5
- Affects: github.com/grafana/grafana
- Published: Aug 22, 2024
- Unreviewed
Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/grafana/grafana from v11.1.0 before v11.1.1, from v11.1.2 before v11.1.3.
- CVE-2024-43406, GHSA-r5ph-4jxm-6j9p
- Affects: github.com/lf-edge/ekuiper
- Published: Aug 22, 2024
- Unreviewed
LF Edge eKuiper has a SQL Injection in sqlKvStore in github.com/lf-edge/ekuiper
- CVE-2024-39690, GHSA-mq69-4j5w-3qwp
- Affects: github.com/projectcapsule/capsule
- Published: Aug 22, 2024
- Unreviewed
Capsule tenant owner with "patch namespace" permission can hijack system namespaces in github.com/projectcapsule/capsule
- CVE-2024-43379, GHSA-3r74-v83p-f4f4
- Affects: github.com/trufflesecurity/trufflehog, github.com/trufflesecurity/trufflehog/v3
- Published: Aug 22, 2024
- Unreviewed
Trufflehog vulnerable to Blind SSRF in some Detectors in github.com/trufflesecurity/trufflehog
If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.