Insights from over 1 million Software Bill of Materials
351,691 occurrences
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set o...
96,270 occurrences
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of inval...
84,042 occurrences
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to version...
76,429 occurrences
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6....
67,112 occurrences
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" co...
66,196 occurrences
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!...
65,635 occurrences
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or respo...
62,446 occurrences
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an exce...
58,245 occurrences
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Hos...
51,305 occurrences
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU t...