Go Vulnerability Database
Data about new vulnerabilities come directly from Go package maintainers or sources such as MITRE and GitHub. Reports are curated by the Go Security team. Learn more at go.dev/security/vuln.
Search
Recent Reports
GO-2024-3191
- CVE-2024-9180, GHSA-rr8j-7w34-xp5j
- Affects: github.com/hashicorp/vault
- Published: Oct 11, 2024
Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault
GO-2024-3190
- CVE-2024-47067, GHSA-8pph-gfhp-w226
- Affects: github.com/alist-org/alist, github.com/alist-org/alist/v3
- Published: Oct 11, 2024
Alist reflected Cross-Site Scripting vulnerability in github.com/alist-org/alist
GO-2024-3188
- CVE-2024-9312, GHSA-4gfw-wf7c-w6g2
- Affects: github.com/ubuntu/authd
- Published: Oct 11, 2024
Authd allows attacker-controlled usernames to yield controllable UIDs in github.com/ubuntu/authd
GO-2024-3186
- CVE-2024-9675, GHSA-586p-749j-fhwp
- Affects: github.com/containers/buildah
- Published: Oct 11, 2024
Buildah allows arbitrary directory mount in github.com/containers/buildah
GO-2024-3185
- CVE-2024-47832
- Affects: github.com/ssoready/ssoready
- Published: Oct 11, 2024
XML Signature Bypass via differential XML parsing in ssoready in github.com/ssoready/ssoready
If you don't see an existing, public Go vulnerability in a publicly importable package in our database, please let us know.