Occurrences: 93700
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf....
Occurrences: 83962
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memo...
Occurrences: 59727
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the c...
Occurrences: 58914
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can ...
Occurrences: 58899
The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to i...
Occurrences: 56285
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEA...
Occurrences: 54894
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses t...
Occurrences: 48322
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted...
Occurrences: 44901
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests....
Occurrences: 44063
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server....
Occurrences: 41703
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming t...
Occurrences: 40673
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The iss...
Occurrences: 35103
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the C...
Occurrences: 35103
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This ma...
Occurrences: 34952
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not i...
PURL: pkg:golang/github.com/beorn7/perks@v1.0.1
PURL: pkg:golang/github.com/pkg/errors@v0.9.1
PURL: pkg:golang/github.com/spf13/pflag@v1.0.5
PURL: pkg:golang/gopkg.in/yaml.v3@v3.0.1
PURL: pkg:golang/github.com/spf13/cast@v1.5.0
PURL: pkg:golang/github.com/magiconair/properties@v1.8.7
PURL: pkg:golang/github.com/prometheus/client_model@v0.2.0
PURL: pkg:golang/github.com/mitchellh/mapstructure@v1.5.0
PURL: pkg:golang/github.com/hashicorp/hcl@v1.0.0
PURL: pkg:golang/github.com/grpc-ecosystem/go-grpc-middleware@v1.3.0
PURL: pkg:golang/github.com/cespare/xxhash/v2@v2.2.0
PURL: pkg:golang/github.com/russross/blackfriday/v2@v2.1.0
PURL: pkg:golang/github.com/prometheus/procfs@v0.7.3
PURL: pkg:golang/github.com/golang/protobuf@v1.5.3
PURL: pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2