Your dependencies cross-checked against the OSV vulnerability database.
-
Worth fixing GHSA-h395-qcrw-5vmq Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.sum
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
Worth fixing GHSA-7vpp-9cxj-q8gv mholt/archiver Vulnerable to Path Traversal via Crafted ZIP File
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.sum
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
Worth fixing GHSA-7vpp-9cxj-q8gv mholt/archiver Vulnerable to Path Traversal via Crafted ZIP File
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/pkg/update/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
Worth fixing GHSA-77fj-vx54-gvh7 Go Markdown has an Out-of-bounds Read in SmartypantsRenderer
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/tools/sitegen/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
Worth fixing GHSA-m9xq-6h2j-65r2 Markdown vulnerable to Out-of-bounds Read while parsing citations
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/tools/sitegen/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
Worth fixing GHSA-6v2p-p543-phr9 golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/tools/sitegen/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0493 Incorrect privilege reporting in syscall and golang.org/x/sys/unix
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2026-5024 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GHSA-p782-xgp4-8hr8 golang.org/x/sys/unix has Incorrect privilege reporting in syscall
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0433 Stack overflow from a large amount of PEM data in encoding/pem
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0435 Panic due to large inputs affecting P-256 curves in crypto/elliptic
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0477 Indefinite hang with large buffers on Windows in crypto/rand
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0493 Incorrect privilege reporting in syscall and golang.org/x/sys/unix
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0515 Stack exhaustion due to deeply nested types in go/parser
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0520 Exposure of client IP addresses in net/http
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0521 Stack exhaustion from deeply nested XML documents in encoding/xml
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0522 Stack exhaustion on crafted paths in path/filepath
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0523 Stack exhaustion when unmarshaling certain documents in encoding/xml
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0524 Stack exhaustion when reading certain archives in compress/gzip
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0525 Improper sanitization of Transfer-Encoding headers in net/http
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0526 Stack exhaustion when decoding certain messages in encoding/gob
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0527 Stack exhaustion in Glob on certain paths in io/fs
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0531 Session tickets lack random ticket_age_add in crypto/tls
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0532 Empty Cmd.Path can trigger unintended binary in os/exec on Windows
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.
-
FYI GO-2022-0533 Path traversal via Clean on Windows in path/filepath
/workdirs/scan-8d788090-c526-46ca-9a77-c74263d75ea4/app/go.mod
A package you depend on has a known security hole. Fix: Update that package to its patched version.