Insights from over 1 million Software Bill of Materials
272,283 occurrences
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set o...
95,598 occurrences
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of inval...
63,700 occurrences
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" co...
62,824 occurrences
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!...
62,529 occurrences
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or respo...
59,588 occurrences
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an exce...
57,372 occurrences
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Hos...
56,831 occurrences
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to version...
54,679 occurrences
containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6....
50,525 occurrences
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU t...