Insights from over 1 million Software Bill of Materials
260,515 occurrences
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set o...
95,486 occurrences
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of inval...
63,233 occurrences
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" co...
62,359 occurrences
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!...
62,102 occurrences
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or respo...
59,206 occurrences
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an exce...
57,223 occurrences
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Hos...
50,392 occurrences
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU t...
46,723 occurrences
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, suff...
46,608 occurrences
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause exces...