Insights from over 1 million Software Bill of Materials
277,763 occurrences
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set o...
95,647 occurrences
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of inval...
63,926 occurrences
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" co...
63,049 occurrences
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!...
62,735 occurrences
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or respo...
61,626 occurrences
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to version...
59,773 occurrences
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an exce...
58,789 occurrences
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6....
57,444 occurrences
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Hos...
50,590 occurrences
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU t...