Insights from over 1 million Software Bill of Materials
311,179 occurrences
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set o...
95,948 occurrences
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of inval...
84,033 occurrences
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to version...
76,429 occurrences
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6....
65,275 occurrences
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" co...
64,379 occurrences
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!...
63,958 occurrences
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or respo...
60,879 occurrences
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an exce...
57,831 occurrences
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Hos...
50,934 occurrences
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU t...