Search CVE reports


Toggle filters

11 – 20 of 1619 results


CVE-2026-45045

Medium priority

Not in release

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an...

2 affected packages

golang-github-gofiber-fiber, golang-github-gofiber-fiber-v2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-github-gofiber-fiber Not in release Not in release Not in release
golang-github-gofiber-fiber-v2 Not in release Not in release Not in release
Show less packages

CVE-2026-44332

Medium priority

Not in release

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash...

1 affected package

golang-github-gofiber-fiber

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-github-gofiber-fiber Not in release Not in release Not in release
Show less packages

CVE-2026-54908

Medium priority
Needs evaluation

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. This issue has been...

2 affected packages

golang-github-pion-dtls-v3, golang-github-pion-dtls.v2

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-github-pion-dtls-v3 Needs evaluation Not in release Not in release
golang-github-pion-dtls.v2 Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2026-55677

Medium priority
Needs evaluation

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path (preserving %2F as-is), while StaticDirectoryHandler...

3 affected packages

golang-github-labstack-echo, golang-github-labstack-echo.v2, golang-github-labstack-echo.v3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-github-labstack-echo Needs evaluation Needs evaluation Needs evaluation
golang-github-labstack-echo.v2 Not in release Not in release Needs evaluation Needs evaluation
golang-github-labstack-echo.v3 Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2026-12681

Medium priority
Needs evaluation

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList() does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID...

1 affected package

golang-github-google-go-attestation

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-github-google-go-attestation Needs evaluation Not in release Not in release
Show less packages

CVE-2026-44517

Medium priority
Needs evaluation

[Unknown description]

1 affected package

golang-github-containers-buildah

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-github-containers-buildah Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-9694

Medium priority

Not in release

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate...

1 affected package

gitlab

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gitlab Not in release Not in release Not in release
Show less packages

CVE-2026-9204

Medium priority

Not in release

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to read arbitrary...

1 affected package

gitlab

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gitlab Not in release Not in release Not in release
Show less packages

CVE-2026-8589

Medium priority

Not in release

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized...

1 affected package

gitlab

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gitlab Not in release Not in release Not in release
Show less packages

CVE-2026-7250

Medium priority

Not in release

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an unauthenticated user to cause denial...

1 affected package

gitlab

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gitlab Not in release Not in release Not in release
Show less packages