-
Notifications
You must be signed in to change notification settings - Fork 65
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- data/reports/GO-2025-3459.yaml - data/reports/GO-2025-3460.yaml - data/reports/GO-2025-3461.yaml - data/reports/GO-2025-3465.yaml - data/reports/GO-2025-3466.yaml - data/reports/GO-2025-3467.yaml - data/reports/GO-2025-3468.yaml - data/reports/GO-2025-3470.yaml - data/reports/GO-2025-3472.yaml - data/reports/GO-2025-3474.yaml - data/reports/GO-2025-3475.yaml - data/reports/GO-2025-3477.yaml - data/reports/GO-2025-3479.yaml - data/reports/GO-2025-3480.yaml - data/reports/GO-2025-3481.yaml - data/reports/GO-2025-3482.yaml - data/reports/GO-2025-3483.yaml - data/reports/GO-2025-3484.yaml - data/reports/GO-2025-3489.yaml - data/reports/GO-2025-3490.yaml - data/reports/GO-2025-3491.yaml - data/reports/GO-2025-3492.yaml - data/reports/GO-2025-3495.yaml Fixes #3459 Fixes #3460 Fixes #3461 Fixes #3465 Fixes #3466 Fixes #3467 Fixes #3468 Fixes #3470 Fixes #3472 Fixes #3474 Fixes #3475 Fixes #3477 Fixes #3479 Fixes #3480 Fixes #3481 Fixes #3482 Fixes #3483 Fixes #3484 Fixes #3489 Fixes #3490 Fixes #3491 Fixes #3492 Fixes #3495 Change-Id: I3ddc8c94fc7a3c681c4f59504ffd5907f38316ab Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/654257 Auto-Submit: Neal Patel <nealpatel@google.com> Commit-Queue: Neal Patel <nealpatel@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
- Loading branch information
1 parent
890c00c
commit a5c443c
Showing
46 changed files
with
2,212 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2025-3459", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2025-24016" | ||
| ], | ||
| "summary": "Remote code execution in Wazuh server in github.com/wazuh/wazuh", | ||
| "details": "Remote code execution in Wazuh server in github.com/wazuh/wazuh", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/wazuh/wazuh", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "4.4.0+incompatible" | ||
| }, | ||
| { | ||
| "fixed": "4.9.1+incompatible" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24016" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2025-3459", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2025-3460", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2025-24976", | ||
| "GHSA-phw4-mc57-4hwc" | ||
| ], | ||
| "summary": "Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution", | ||
| "details": "Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT in github.com/distribution/distribution", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/distribution/distribution", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/distribution/distribution/security/advisories/GHSA-phw4-mc57-4hwc" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24976" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/distribution/distribution/commit/5ea9aa028db65ca5665f6af2c20ecf9dc34e5fcd" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2025-3460", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2025-3461", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2025-25199", | ||
| "GHSA-29c6-3hcj-89cf" | ||
| ], | ||
| "summary": "go-crypto-winnative BCryptGenerateSymmetricKey memory leak in github.com/microsoft/go-crypto-winnative", | ||
| "details": "go-crypto-winnative BCryptGenerateSymmetricKey memory leak in github.com/microsoft/go-crypto-winnative", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/microsoft/go-crypto-winnative", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "0.0.0-20250211154640-f49c8e1379ea" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/microsoft/go-crypto-winnative/security/advisories/GHSA-29c6-3hcj-89cf" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25199" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/microsoft/go-crypto-winnative/commit/f49c8e1379ea4b147d5bff1b3be5b0ff45792e41" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2025-3461", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2025-3465", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2025-0426", | ||
| "GHSA-jgfp-53c3-624w" | ||
| ], | ||
| "summary": "Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes", | ||
| "details": "Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "k8s.io/kubernetes", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "1.29.14" | ||
| }, | ||
| { | ||
| "introduced": "1.30.0" | ||
| }, | ||
| { | ||
| "fixed": "1.30.10" | ||
| }, | ||
| { | ||
| "introduced": "1.31.0" | ||
| }, | ||
| { | ||
| "fixed": "1.31.6" | ||
| }, | ||
| { | ||
| "introduced": "1.32.0" | ||
| }, | ||
| { | ||
| "fixed": "1.32.2" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/advisories/GHSA-jgfp-53c3-624w" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0426" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "http://www.openwall.com/lists/oss-security/2025/02/13/1" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/kubernetes/kubernetes/issues/130016" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://groups.google.com/g/kubernetes-security-announce/c/KiODfu8i6w8" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2025-3465", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2025-3466", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-57603", | ||
| "GHSA-772m-773g-qmhc" | ||
| ], | ||
| "summary": "Missing rate limit in MaysWind ezBookkeeping in github.com/mayswind/ezbookkeeping", | ||
| "details": "Missing rate limit in MaysWind ezBookkeeping in github.com/mayswind/ezbookkeeping", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/mayswind/ezbookkeeping", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/advisories/GHSA-772m-773g-qmhc" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57603" | ||
| }, | ||
| { | ||
| "type": "REPORT", | ||
| "url": "https://github.com/mayswind/ezbookkeeping/issues/33" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://hkohi.ca/vulnerability/1" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2025-3466", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2025-3467", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2025-25204", | ||
| "GHSA-fgw4-v983-mgp8" | ||
| ], | ||
| "summary": "`gh attestation verify` returns incorrect exit code during verification if no attestations are present in github.com/cli/cli", | ||
| "details": "`gh attestation verify` returns incorrect exit code during verification if no attestations are present in github.com/cli/cli", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/cli/cli", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "github.com/cli/cli/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "2.49.0" | ||
| }, | ||
| { | ||
| "fixed": "2.67.0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/cli/cli/security/advisories/GHSA-fgw4-v983-mgp8" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25204" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/cli/cli/pull/10421" | ||
| }, | ||
| { | ||
| "type": "REPORT", | ||
| "url": "https://github.com/cli/cli/issues/10418" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2025-3467", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
Oops, something went wrong.