diff --git a/data/excluded/GO-2022-1160.yaml b/data/excluded/GO-2022-1160.yaml deleted file mode 100644 index f9ecc0c1..00000000 --- a/data/excluded/GO-2022-1160.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1160 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/aws/amazon-cloudwatch-agent -cves: - - CVE-2022-23511 -ghsas: - - GHSA-j8x2-2m5w-j939 diff --git a/data/excluded/GO-2022-1161.yaml b/data/excluded/GO-2022-1161.yaml deleted file mode 100644 index a1506226..00000000 --- a/data/excluded/GO-2022-1161.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1161 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/alist-org/alist/v3 -cves: - - CVE-2022-45968 -ghsas: - - GHSA-4gjr-vgfx-9qvw diff --git a/data/excluded/GO-2022-1164.yaml b/data/excluded/GO-2022-1164.yaml deleted file mode 100644 index 4701416d..00000000 --- a/data/excluded/GO-2022-1164.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1164 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/csaf-poc/csaf_distribution -cves: - - CVE-2022-43996 -ghsas: - - GHSA-xxfx-w2rw-gh63 diff --git a/data/excluded/GO-2022-1171.yaml b/data/excluded/GO-2022-1171.yaml deleted file mode 100644 index 71da0c55..00000000 --- a/data/excluded/GO-2022-1171.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1171 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/alist-org/alist/v3 -cves: - - CVE-2022-45969 -ghsas: - - GHSA-pmg2-rph8-p8r6 diff --git a/data/excluded/GO-2022-1179.yaml b/data/excluded/GO-2022-1179.yaml deleted file mode 100644 index 3572456a..00000000 --- a/data/excluded/GO-2022-1179.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1179 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/openfga/openfga -cves: - - CVE-2022-23542 -ghsas: - - GHSA-m3q4-7qmj-657m diff --git a/data/excluded/GO-2022-1181.yaml b/data/excluded/GO-2022-1181.yaml deleted file mode 100644 index 127c0a09..00000000 --- a/data/excluded/GO-2022-1181.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1181 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/Azure/aad-pod-identity -cves: - - CVE-2022-23551 -ghsas: - - GHSA-p82q-rxpm-hjpc diff --git a/data/excluded/GO-2022-1189.yaml b/data/excluded/GO-2022-1189.yaml deleted file mode 100644 index 08990ec5..00000000 --- a/data/excluded/GO-2022-1189.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1189 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4690 -ghsas: - - GHSA-c8jh-vcjh-fx2w diff --git a/data/excluded/GO-2022-1190.yaml b/data/excluded/GO-2022-1190.yaml deleted file mode 100644 index 76176b9b..00000000 --- a/data/excluded/GO-2022-1190.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1190 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4688 -ghsas: - - GHSA-vwg4-846x-f94v diff --git a/data/excluded/GO-2022-1191.yaml b/data/excluded/GO-2022-1191.yaml deleted file mode 100644 index 7e7692a5..00000000 --- a/data/excluded/GO-2022-1191.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1191 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4689 -ghsas: - - GHSA-w57v-6xp4-rm2v diff --git a/data/excluded/GO-2022-1192.yaml b/data/excluded/GO-2022-1192.yaml deleted file mode 100644 index b3bd27d1..00000000 --- a/data/excluded/GO-2022-1192.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1192 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4683 -ghsas: - - GHSA-qcw2-492v-57xj diff --git a/data/excluded/GO-2022-1200.yaml b/data/excluded/GO-2022-1200.yaml deleted file mode 100644 index ec732b6a..00000000 --- a/data/excluded/GO-2022-1200.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1200 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/ElrondNetwork/elrond-go -cves: - - CVE-2022-46173 -ghsas: - - GHSA-p228-4mrh-ww7r diff --git a/data/excluded/GO-2022-1204.yaml b/data/excluded/GO-2022-1204.yaml deleted file mode 100644 index 9a72eb85..00000000 --- a/data/excluded/GO-2022-1204.yaml +++ /dev/null @@ -1,6 +0,0 @@ -id: GO-2022-1204 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/fkie-cad/yapscan -ghsas: - - GHSA-9h6h-9g78-86f7 diff --git a/data/excluded/GO-2022-1205.yaml b/data/excluded/GO-2022-1205.yaml deleted file mode 100644 index 2ff40379..00000000 --- a/data/excluded/GO-2022-1205.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1205 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4685 -ghsas: - - GHSA-9v48-2h5x-fvpm diff --git a/data/excluded/GO-2022-1206.yaml b/data/excluded/GO-2022-1206.yaml deleted file mode 100644 index 1f16c930..00000000 --- a/data/excluded/GO-2022-1206.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1206 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/cri-o/cri-o -cves: - - CVE-2022-4318 -ghsas: - - GHSA-cm9x-c3rh-7rc4 diff --git a/data/excluded/GO-2022-1208.yaml b/data/excluded/GO-2022-1208.yaml deleted file mode 100644 index d318026e..00000000 --- a/data/excluded/GO-2022-1208.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1208 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/gotify/server -cves: - - CVE-2022-46181 -ghsas: - - GHSA-xv6x-456v-24xh diff --git a/data/excluded/GO-2022-1212.yaml b/data/excluded/GO-2022-1212.yaml deleted file mode 100644 index bf627b52..00000000 --- a/data/excluded/GO-2022-1212.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1212 -excluded: NOT_IMPORTABLE -modules: - - module: github.com/jessfraz/pastebinit -cves: - - CVE-2018-25059 -ghsas: - - GHSA-cwh7-28vg-jmpr diff --git a/data/excluded/GO-2022-1215.yaml b/data/excluded/GO-2022-1215.yaml deleted file mode 100644 index db69796f..00000000 --- a/data/excluded/GO-2022-1215.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1215 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4686 -ghsas: - - GHSA-68gw-r2x5-7r5r diff --git a/data/excluded/GO-2022-1216.yaml b/data/excluded/GO-2022-1216.yaml deleted file mode 100644 index e47084dc..00000000 --- a/data/excluded/GO-2022-1216.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1216 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4692 -ghsas: - - GHSA-f552-97qx-c694 diff --git a/data/excluded/GO-2022-1217.yaml b/data/excluded/GO-2022-1217.yaml deleted file mode 100644 index c3efde41..00000000 --- a/data/excluded/GO-2022-1217.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1217 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4687 -ghsas: - - GHSA-fv6c-rfg3-gvjw diff --git a/data/excluded/GO-2022-1218.yaml b/data/excluded/GO-2022-1218.yaml deleted file mode 100644 index 81fc01fd..00000000 --- a/data/excluded/GO-2022-1218.yaml +++ /dev/null @@ -1,8 +0,0 @@ -id: GO-2022-1218 -excluded: EFFECTIVELY_PRIVATE -modules: - - module: github.com/usememos/memos -cves: - - CVE-2022-4684 -ghsas: - - GHSA-qr52-59r6-49f4 diff --git a/data/osv/GO-2022-1160.json b/data/osv/GO-2022-1160.json new file mode 100644 index 00000000..ec3b1129 --- /dev/null +++ b/data/osv/GO-2022-1160.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1160", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-23511", + "GHSA-j8x2-2m5w-j939" + ], + "summary": "Amazon CloudWatch Agent for Windows has Privilege Escalation Vector in github.com/aws/amazon-cloudwatch-agent", + "details": "Amazon CloudWatch Agent for Windows has Privilege Escalation Vector in github.com/aws/amazon-cloudwatch-agent", + "affected": [ + { + "package": { + "name": "github.com/aws/amazon-cloudwatch-agent", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.247355.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/aws/amazon-cloudwatch-agent/security/advisories/GHSA-j8x2-2m5w-j939" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23511" + }, + { + "type": "FIX", + "url": "https://github.com/aws/amazon-cloudwatch-agent/commit/6119858864c317ff26f41f576c169148d1250837" + }, + { + "type": "FIX", + "url": "https://github.com/aws/amazon-cloudwatch-agent/commit/6119858864c317ff26f41f576c169148d1250837#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1160", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1161.json b/data/osv/GO-2022-1161.json new file mode 100644 index 00000000..b928a691 --- /dev/null +++ b/data/osv/GO-2022-1161.json @@ -0,0 +1,73 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1161", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-45968", + "GHSA-4gjr-vgfx-9qvw" + ], + "summary": "AList vulnerable to Improper Preservation of Permissions in github.com/alist-org/alist", + "details": "AList vulnerable to Improper Preservation of Permissions in github.com/alist-org/alist", + "affected": [ + { + "package": { + "name": "github.com/alist-org/alist", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/alist-org/alist/v3", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.5.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-4gjr-vgfx-9qvw" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45968" + }, + { + "type": "FIX", + "url": "https://github.com/alist-org/alist/commit/85e1350af82e1759ca6580895e48ab969eb566cf" + }, + { + "type": "REPORT", + "url": "https://github.com/alist-org/alist/issues/2444" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1161", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1164.json b/data/osv/GO-2022-1164.json new file mode 100644 index 00000000..3a31132a --- /dev/null +++ b/data/osv/GO-2022-1164.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1164", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-43996", + "GHSA-xxfx-w2rw-gh63" + ], + "summary": "csaf-poc/csaf_distribution Cross-site Scripting vulnerability in github.com/csaf-poc/csaf_distribution", + "details": "csaf-poc/csaf_distribution Cross-site Scripting vulnerability in github.com/csaf-poc/csaf_distribution", + "affected": [ + { + "package": { + "name": "github.com/csaf-poc/csaf_distribution", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.8.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-xxfx-w2rw-gh63" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43996" + }, + { + "type": "FIX", + "url": "https://github.com/csaf-poc/csaf_distribution/commit/17f22855ee8d4270dd17ff748c30ed7304846fdc" + }, + { + "type": "WEB", + "url": "https://github.com/csaf-poc/csaf_distribution/releases/tag/v0.8.2" + }, + { + "type": "WEB", + "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0003.json" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1164", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1171.json b/data/osv/GO-2022-1171.json new file mode 100644 index 00000000..6a1c741b --- /dev/null +++ b/data/osv/GO-2022-1171.json @@ -0,0 +1,73 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1171", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-45969", + "GHSA-pmg2-rph8-p8r6" + ], + "summary": "Alist vulnerable to Path Traversal in github.com/alist-org/alist", + "details": "Alist vulnerable to Path Traversal in github.com/alist-org/alist", + "affected": [ + { + "package": { + "name": "github.com/alist-org/alist", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/alist-org/alist/v3", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "3.6.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-pmg2-rph8-p8r6" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45969" + }, + { + "type": "FIX", + "url": "https://github.com/alist-org/alist/commit/b5bf5f43253175b55fa2cb511fea601e677d2d83" + }, + { + "type": "REPORT", + "url": "https://github.com/alist-org/alist/issues/2449" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1171", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1179.json b/data/osv/GO-2022-1179.json new file mode 100644 index 00000000..acc5e63e --- /dev/null +++ b/data/osv/GO-2022-1179.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1179", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-23542", + "GHSA-m3q4-7qmj-657m" + ], + "summary": "OpenFGA Authorization Bypass in github.com/openfga/openfga", + "details": "OpenFGA Authorization Bypass in github.com/openfga/openfga", + "affected": [ + { + "package": { + "name": "github.com/openfga/openfga", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.3.0" + }, + { + "fixed": "0.3.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657m" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23542" + }, + { + "type": "FIX", + "url": "https://github.com/openfga/openfga/pull/422" + }, + { + "type": "WEB", + "url": "https://github.com/openfga/openfga/releases/tag/v0.3.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1179", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1181.json b/data/osv/GO-2022-1181.json new file mode 100644 index 00000000..226c57a8 --- /dev/null +++ b/data/osv/GO-2022-1181.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1181", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-23551", + "GHSA-p82q-rxpm-hjpc" + ], + "summary": "AAD Pod Identity obtaining token with backslash in github.com/Azure/aad-pod-identity", + "details": "AAD Pod Identity obtaining token with backslash in github.com/Azure/aad-pod-identity", + "affected": [ + { + "package": { + "name": "github.com/Azure/aad-pod-identity", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.8.13" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23551" + }, + { + "type": "FIX", + "url": "https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d" + }, + { + "type": "WEB", + "url": "https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1181", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1189.json b/data/osv/GO-2022-1189.json new file mode 100644 index 00000000..a5bfdf8b --- /dev/null +++ b/data/osv/GO-2022-1189.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1189", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4690", + "GHSA-c8jh-vcjh-fx2w" + ], + "summary": "usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos", + "details": "usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-c8jh-vcjh-fx2w" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4690" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/pull/833" + }, + { + "type": "WEB", + "url": "https://github.com/usememos/memos" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1189", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1190.json b/data/osv/GO-2022-1190.json new file mode 100644 index 00000000..ad0abac7 --- /dev/null +++ b/data/osv/GO-2022-1190.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1190", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4688", + "GHSA-vwg4-846x-f94v" + ], + "summary": "usememos/memos vulnerable to improper authorization in github.com/usememos/memos", + "details": "usememos/memos vulnerable to improper authorization in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-vwg4-846x-f94v" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4688" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1190", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1191.json b/data/osv/GO-2022-1191.json new file mode 100644 index 00000000..14c9ce2e --- /dev/null +++ b/data/osv/GO-2022-1191.json @@ -0,0 +1,60 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1191", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4689", + "GHSA-w57v-6xp4-rm2v" + ], + "summary": "usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos", + "details": "usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-w57v-6xp4-rm2v" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4689" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/pull/831" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1191", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1192.json b/data/osv/GO-2022-1192.json new file mode 100644 index 00000000..2f54bed5 --- /dev/null +++ b/data/osv/GO-2022-1192.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1192", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4683", + "GHSA-qcw2-492v-57xj" + ], + "summary": "usememos/memos missing Secure cookie attribute in github.com/usememos/memos", + "details": "usememos/memos missing Secure cookie attribute in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qcw2-492v-57xj" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4683" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1192", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1200.json b/data/osv/GO-2022-1200.json new file mode 100644 index 00000000..e5434e98 --- /dev/null +++ b/data/osv/GO-2022-1200.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1200", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-46173", + "GHSA-p228-4mrh-ww7r" + ], + "summary": "Elrond-GO processing: fallback search of SCRs when not found in the main cache in github.com/ElrondNetwork/elrond-go", + "details": "Elrond-GO processing: fallback search of SCRs when not found in the main cache in github.com/ElrondNetwork/elrond-go", + "affected": [ + { + "package": { + "name": "github.com/ElrondNetwork/elrond-go", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.3.50" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-p228-4mrh-ww7r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46173" + }, + { + "type": "FIX", + "url": "https://github.com/ElrondNetwork/elrond-go/commit/39d7ddcb08bb34217dab6daef7cd9d287fb8cab3" + }, + { + "type": "FIX", + "url": "https://github.com/ElrondNetwork/elrond-go/pull/4718" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1200", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1204.json b/data/osv/GO-2022-1204.json new file mode 100644 index 00000000..6532f50e --- /dev/null +++ b/data/osv/GO-2022-1204.json @@ -0,0 +1,59 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1204", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "GHSA-9h6h-9g78-86f7" + ], + "summary": "Yapscan's report receiver server vulnerable to path traversal and log injection in github.com/fkie-cad/yapscan", + "details": "Yapscan's report receiver server vulnerable to path traversal and log injection in github.com/fkie-cad/yapscan", + "affected": [ + { + "package": { + "name": "github.com/fkie-cad/yapscan", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0.18.0" + }, + { + "fixed": "0.19.1" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/fkie-cad/yapscan/security/advisories/GHSA-9h6h-9g78-86f7" + }, + { + "type": "FIX", + "url": "https://github.com/fkie-cad/yapscan/commit/a75a20b50be673b96b1d42187b97f8cfe60728df" + }, + { + "type": "FIX", + "url": "https://github.com/fkie-cad/yapscan/commit/fef9a33ceb66f6b929839f7eaf393b629681bc5d" + }, + { + "type": "REPORT", + "url": "https://github.com/fkie-cad/yapscan/issues/35" + }, + { + "type": "WEB", + "url": "https://github.com/fkie-cad/yapscan/releases/tag/v0.19.1" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1204", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1205.json b/data/osv/GO-2022-1205.json new file mode 100644 index 00000000..19fbc4e0 --- /dev/null +++ b/data/osv/GO-2022-1205.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1205", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4685", + "GHSA-9v48-2h5x-fvpm" + ], + "summary": "usememos/memos vulnerable to improper access control in github.com/usememos/memos", + "details": "usememos/memos vulnerable to improper access control in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-9v48-2h5x-fvpm" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4685" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/015dbf52-8924-4aad-86d7-892cb61157af" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1205", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1206.json b/data/osv/GO-2022-1206.json new file mode 100644 index 00000000..752211b4 --- /dev/null +++ b/data/osv/GO-2022-1206.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1206", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4318", + "GHSA-cm9x-c3rh-7rc4" + ], + "summary": "CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation in github.com/cri-o/cri-o", + "details": "CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation in github.com/cri-o/cri-o", + "affected": [ + { + "package": { + "name": "github.com/cri-o/cri-o", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "1.26.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/cri-o/cri-o/security/advisories/GHSA-cm9x-c3rh-7rc4" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4318" + }, + { + "type": "FIX", + "url": "https://github.com/cri-o/cri-o/pull/6450" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:1033" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/errata/RHSA-2023:1503" + }, + { + "type": "WEB", + "url": "https://access.redhat.com/security/cve/CVE-2022-4318" + }, + { + "type": "WEB", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152703" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1206", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1208.json b/data/osv/GO-2022-1208.json new file mode 100644 index 00000000..eb69ffca --- /dev/null +++ b/data/osv/GO-2022-1208.json @@ -0,0 +1,73 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1208", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-46181", + "GHSA-xv6x-456v-24xh" + ], + "summary": "gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server", + "details": "gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server", + "affected": [ + { + "package": { + "name": "github.com/gotify/server", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": {} + }, + { + "package": { + "name": "github.com/gotify/server/v2", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "2.2.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46181" + }, + { + "type": "FIX", + "url": "https://github.com/gotify/server/pull/534" + }, + { + "type": "FIX", + "url": "https://github.com/gotify/server/pull/535" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1208", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1212.json b/data/osv/GO-2022-1212.json new file mode 100644 index 00000000..a96aca49 --- /dev/null +++ b/data/osv/GO-2022-1212.json @@ -0,0 +1,68 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1212", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2018-25059", + "GHSA-cwh7-28vg-jmpr" + ], + "summary": "pastebinit Path Traversal vulnerability in github.com/jessfraz/pastebinit", + "details": "pastebinit Path Traversal vulnerability in github.com/jessfraz/pastebinit", + "affected": [ + { + "package": { + "name": "github.com/jessfraz/pastebinit", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.2.3" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-cwh7-28vg-jmpr" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25059" + }, + { + "type": "FIX", + "url": "https://github.com/jessfraz/pastebinit/commit/1af2facb6d95976c532b7f8f82747d454a092272" + }, + { + "type": "FIX", + "url": "https://github.com/jessfraz/pastebinit/pull/3" + }, + { + "type": "WEB", + "url": "https://github.com/jessfraz/pastebinit/releases/tag/v0.2.3" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.217040" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.217040" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1212", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1215.json b/data/osv/GO-2022-1215.json new file mode 100644 index 00000000..10c65c68 --- /dev/null +++ b/data/osv/GO-2022-1215.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1215", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4686", + "GHSA-68gw-r2x5-7r5r" + ], + "summary": "usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos", + "details": "usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-68gw-r2x5-7r5r" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4686" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1215", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1216.json b/data/osv/GO-2022-1216.json new file mode 100644 index 00000000..f676f5a0 --- /dev/null +++ b/data/osv/GO-2022-1216.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1216", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4692", + "GHSA-f552-97qx-c694" + ], + "summary": "usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos", + "details": "usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-f552-97qx-c694" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4692" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/9d1ed6ea-f7a0-4561-9325-a2babef99c74" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1216", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1217.json b/data/osv/GO-2022-1217.json new file mode 100644 index 00000000..4963ccf9 --- /dev/null +++ b/data/osv/GO-2022-1217.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1217", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4687", + "GHSA-fv6c-rfg3-gvjw" + ], + "summary": "usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos", + "details": "usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-fv6c-rfg3-gvjw" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4687" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1217", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/osv/GO-2022-1218.json b/data/osv/GO-2022-1218.json new file mode 100644 index 00000000..06c32534 --- /dev/null +++ b/data/osv/GO-2022-1218.json @@ -0,0 +1,56 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2022-1218", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2022-4684", + "GHSA-qr52-59r6-49f4" + ], + "summary": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "details": "usememos/memos Improper Access Control vulnerability in github.com/usememos/memos", + "affected": [ + { + "package": { + "name": "github.com/usememos/memos", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.9.0" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/advisories/GHSA-qr52-59r6-49f4" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4684" + }, + { + "type": "FIX", + "url": "https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9" + }, + { + "type": "WEB", + "url": "https://huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2022-1218", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2022-1160.yaml b/data/reports/GO-2022-1160.yaml new file mode 100644 index 00000000..4706f07b --- /dev/null +++ b/data/reports/GO-2022-1160.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1160 +modules: + - module: github.com/aws/amazon-cloudwatch-agent + versions: + - fixed: 1.247355.0 + vulnerable_at: 1.247354.0 +summary: Amazon CloudWatch Agent for Windows has Privilege Escalation Vector in github.com/aws/amazon-cloudwatch-agent +cves: + - CVE-2022-23511 +ghsas: + - GHSA-j8x2-2m5w-j939 +references: + - advisory: https://github.com/aws/amazon-cloudwatch-agent/security/advisories/GHSA-j8x2-2m5w-j939 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-23511 + - fix: https://github.com/aws/amazon-cloudwatch-agent/commit/6119858864c317ff26f41f576c169148d1250837 + - fix: https://github.com/aws/amazon-cloudwatch-agent/commit/6119858864c317ff26f41f576c169148d1250837#diff-76ed074a9305c04054cdebb9e9aad2d818052b07091de1f20cad0bbac34ffb52 +source: + id: GHSA-j8x2-2m5w-j939 + created: 2024-08-20T14:52:59.251423-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1161.yaml b/data/reports/GO-2022-1161.yaml new file mode 100644 index 00000000..dd31e595 --- /dev/null +++ b/data/reports/GO-2022-1161.yaml @@ -0,0 +1,23 @@ +id: GO-2022-1161 +modules: + - module: github.com/alist-org/alist + vulnerable_at: 1.0.6 + - module: github.com/alist-org/alist/v3 + versions: + - fixed: 3.5.1 + vulnerable_at: 3.4.0 +summary: AList vulnerable to Improper Preservation of Permissions in github.com/alist-org/alist +cves: + - CVE-2022-45968 +ghsas: + - GHSA-4gjr-vgfx-9qvw +references: + - advisory: https://github.com/advisories/GHSA-4gjr-vgfx-9qvw + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-45968 + - fix: https://github.com/alist-org/alist/commit/85e1350af82e1759ca6580895e48ab969eb566cf + - report: https://github.com/alist-org/alist/issues/2444 +source: + id: GHSA-4gjr-vgfx-9qvw + created: 2024-08-20T14:53:02.97972-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1164.yaml b/data/reports/GO-2022-1164.yaml new file mode 100644 index 00000000..6330ab46 --- /dev/null +++ b/data/reports/GO-2022-1164.yaml @@ -0,0 +1,22 @@ +id: GO-2022-1164 +modules: + - module: github.com/csaf-poc/csaf_distribution + versions: + - fixed: 0.8.2 + vulnerable_at: 0.8.1 +summary: csaf-poc/csaf_distribution Cross-site Scripting vulnerability in github.com/csaf-poc/csaf_distribution +cves: + - CVE-2022-43996 +ghsas: + - GHSA-xxfx-w2rw-gh63 +references: + - advisory: https://github.com/advisories/GHSA-xxfx-w2rw-gh63 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-43996 + - fix: https://github.com/csaf-poc/csaf_distribution/commit/17f22855ee8d4270dd17ff748c30ed7304846fdc + - web: https://github.com/csaf-poc/csaf_distribution/releases/tag/v0.8.2 + - web: https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0003.json +source: + id: GHSA-xxfx-w2rw-gh63 + created: 2024-08-20T14:53:09.415665-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1171.yaml b/data/reports/GO-2022-1171.yaml new file mode 100644 index 00000000..0de50da6 --- /dev/null +++ b/data/reports/GO-2022-1171.yaml @@ -0,0 +1,23 @@ +id: GO-2022-1171 +modules: + - module: github.com/alist-org/alist + vulnerable_at: 1.0.6 + - module: github.com/alist-org/alist/v3 + versions: + - fixed: 3.6.0 + vulnerable_at: 3.5.1 +summary: Alist vulnerable to Path Traversal in github.com/alist-org/alist +cves: + - CVE-2022-45969 +ghsas: + - GHSA-pmg2-rph8-p8r6 +references: + - advisory: https://github.com/advisories/GHSA-pmg2-rph8-p8r6 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-45969 + - fix: https://github.com/alist-org/alist/commit/b5bf5f43253175b55fa2cb511fea601e677d2d83 + - report: https://github.com/alist-org/alist/issues/2449 +source: + id: GHSA-pmg2-rph8-p8r6 + created: 2024-08-20T14:53:15.290117-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1179.yaml b/data/reports/GO-2022-1179.yaml new file mode 100644 index 00000000..d8beaad1 --- /dev/null +++ b/data/reports/GO-2022-1179.yaml @@ -0,0 +1,22 @@ +id: GO-2022-1179 +modules: + - module: github.com/openfga/openfga + versions: + - introduced: 0.3.0 + - fixed: 0.3.1 + vulnerable_at: 0.3.0 +summary: OpenFGA Authorization Bypass in github.com/openfga/openfga +cves: + - CVE-2022-23542 +ghsas: + - GHSA-m3q4-7qmj-657m +references: + - advisory: https://github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657m + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-23542 + - fix: https://github.com/openfga/openfga/pull/422 + - web: https://github.com/openfga/openfga/releases/tag/v0.3.1 +source: + id: GHSA-m3q4-7qmj-657m + created: 2024-08-20T14:53:23.989951-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1181.yaml b/data/reports/GO-2022-1181.yaml new file mode 100644 index 00000000..b13bae20 --- /dev/null +++ b/data/reports/GO-2022-1181.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1181 +modules: + - module: github.com/Azure/aad-pod-identity + versions: + - fixed: 1.8.13 + vulnerable_at: 1.8.12 +summary: AAD Pod Identity obtaining token with backslash in github.com/Azure/aad-pod-identity +cves: + - CVE-2022-23551 +ghsas: + - GHSA-p82q-rxpm-hjpc +references: + - advisory: https://github.com/Azure/aad-pod-identity/security/advisories/GHSA-p82q-rxpm-hjpc + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-23551 + - fix: https://github.com/Azure/aad-pod-identity/commit/7e01970391bde6c360d077066ca17d059204cb5d + - web: https://github.com/Azure/aad-pod-identity/releases/tag/v1.8.13 +source: + id: GHSA-p82q-rxpm-hjpc + created: 2024-08-20T14:53:27.835686-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1189.yaml b/data/reports/GO-2022-1189.yaml new file mode 100644 index 00000000..45362e7b --- /dev/null +++ b/data/reports/GO-2022-1189.yaml @@ -0,0 +1,24 @@ +id: GO-2022-1189 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.3 +summary: usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos +cves: + - CVE-2022-4690 +ghsas: + - GHSA-c8jh-vcjh-fx2w +references: + - advisory: https://github.com/advisories/GHSA-c8jh-vcjh-fx2w + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4690 + - fix: https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e + - fix: https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82 + - fix: https://github.com/usememos/memos/pull/833 + - web: https://github.com/usememos/memos + - web: https://huntr.dev/bounties/7e1be91d-3b13-4300-8af2-9bd9665ec335 +source: + id: GHSA-c8jh-vcjh-fx2w + created: 2024-08-20T14:53:42.498059-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1190.yaml b/data/reports/GO-2022-1190.yaml new file mode 100644 index 00000000..a73d2f9f --- /dev/null +++ b/data/reports/GO-2022-1190.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1190 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.3 +summary: usememos/memos vulnerable to improper authorization in github.com/usememos/memos +cves: + - CVE-2022-4688 +ghsas: + - GHSA-vwg4-846x-f94v +references: + - advisory: https://github.com/advisories/GHSA-vwg4-846x-f94v + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4688 + - fix: https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 + - web: https://huntr.dev/bounties/23856e7e-94ff-4dee-97d0-0cd47e9b8ff6 +source: + id: GHSA-vwg4-846x-f94v + created: 2024-08-20T14:53:47.737998-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1191.yaml b/data/reports/GO-2022-1191.yaml new file mode 100644 index 00000000..539b08a7 --- /dev/null +++ b/data/reports/GO-2022-1191.yaml @@ -0,0 +1,22 @@ +id: GO-2022-1191 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.3 +summary: usememos/memos vulnerable to account takeover due to improper access control in github.com/usememos/memos +cves: + - CVE-2022-4689 +ghsas: + - GHSA-w57v-6xp4-rm2v +references: + - advisory: https://github.com/advisories/GHSA-w57v-6xp4-rm2v + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4689 + - fix: https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 + - fix: https://github.com/usememos/memos/pull/831 + - web: https://huntr.dev/bounties/a78c4326-6e7b-47fe-aa82-461e5c12a4e3 +source: + id: GHSA-w57v-6xp4-rm2v + created: 2024-08-20T14:53:51.990446-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1192.yaml b/data/reports/GO-2022-1192.yaml new file mode 100644 index 00000000..a40af25d --- /dev/null +++ b/data/reports/GO-2022-1192.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1192 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.3 +summary: usememos/memos missing Secure cookie attribute in github.com/usememos/memos +cves: + - CVE-2022-4683 +ghsas: + - GHSA-qcw2-492v-57xj +references: + - advisory: https://github.com/advisories/GHSA-qcw2-492v-57xj + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4683 + - fix: https://github.com/usememos/memos/commit/7efa749c6628c75b19a912ca170529f5c293bb2e + - web: https://huntr.dev/bounties/84973f6b-739a-4d7e-8757-fc58cbbaf6ef +source: + id: GHSA-qcw2-492v-57xj + created: 2024-08-20T14:53:56.364729-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1200.yaml b/data/reports/GO-2022-1200.yaml new file mode 100644 index 00000000..0e9a2fb9 --- /dev/null +++ b/data/reports/GO-2022-1200.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1200 +modules: + - module: github.com/ElrondNetwork/elrond-go + versions: + - fixed: 1.3.50 + vulnerable_at: 1.3.50-hf01 +summary: 'Elrond-GO processing: fallback search of SCRs when not found in the main cache in github.com/ElrondNetwork/elrond-go' +cves: + - CVE-2022-46173 +ghsas: + - GHSA-p228-4mrh-ww7r +references: + - advisory: https://github.com/ElrondNetwork/elrond-go/security/advisories/GHSA-p228-4mrh-ww7r + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-46173 + - fix: https://github.com/ElrondNetwork/elrond-go/commit/39d7ddcb08bb34217dab6daef7cd9d287fb8cab3 + - fix: https://github.com/ElrondNetwork/elrond-go/pull/4718 +source: + id: GHSA-p228-4mrh-ww7r + created: 2024-08-20T14:54:00.236427-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1204.yaml b/data/reports/GO-2022-1204.yaml new file mode 100644 index 00000000..f9f199e5 --- /dev/null +++ b/data/reports/GO-2022-1204.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1204 +modules: + - module: github.com/fkie-cad/yapscan + versions: + - introduced: 0.18.0 + - fixed: 0.19.1 + vulnerable_at: 0.19.0 +summary: Yapscan's report receiver server vulnerable to path traversal and log injection in github.com/fkie-cad/yapscan +ghsas: + - GHSA-9h6h-9g78-86f7 +references: + - advisory: https://github.com/fkie-cad/yapscan/security/advisories/GHSA-9h6h-9g78-86f7 + - fix: https://github.com/fkie-cad/yapscan/commit/a75a20b50be673b96b1d42187b97f8cfe60728df + - fix: https://github.com/fkie-cad/yapscan/commit/fef9a33ceb66f6b929839f7eaf393b629681bc5d + - report: https://github.com/fkie-cad/yapscan/issues/35 + - web: https://github.com/fkie-cad/yapscan/releases/tag/v0.19.1 +source: + id: GHSA-9h6h-9g78-86f7 + created: 2024-08-20T14:54:03.71442-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1205.yaml b/data/reports/GO-2022-1205.yaml new file mode 100644 index 00000000..cc90b2f1 --- /dev/null +++ b/data/reports/GO-2022-1205.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1205 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.3 +summary: usememos/memos vulnerable to improper access control in github.com/usememos/memos +cves: + - CVE-2022-4685 +ghsas: + - GHSA-9v48-2h5x-fvpm +references: + - advisory: https://github.com/advisories/GHSA-9v48-2h5x-fvpm + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4685 + - fix: https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 + - web: https://huntr.dev/bounties/015dbf52-8924-4aad-86d7-892cb61157af +source: + id: GHSA-9v48-2h5x-fvpm + created: 2024-08-20T14:54:06.426535-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1206.yaml b/data/reports/GO-2022-1206.yaml new file mode 100644 index 00000000..cac65ea1 --- /dev/null +++ b/data/reports/GO-2022-1206.yaml @@ -0,0 +1,24 @@ +id: GO-2022-1206 +modules: + - module: github.com/cri-o/cri-o + versions: + - fixed: 1.26.0 + vulnerable_at: 1.25.5 +summary: CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation in github.com/cri-o/cri-o +cves: + - CVE-2022-4318 +ghsas: + - GHSA-cm9x-c3rh-7rc4 +references: + - advisory: https://github.com/cri-o/cri-o/security/advisories/GHSA-cm9x-c3rh-7rc4 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4318 + - fix: https://github.com/cri-o/cri-o/pull/6450 + - web: https://access.redhat.com/errata/RHSA-2023:1033 + - web: https://access.redhat.com/errata/RHSA-2023:1503 + - web: https://access.redhat.com/security/cve/CVE-2022-4318 + - web: https://bugzilla.redhat.com/show_bug.cgi?id=2152703 +source: + id: GHSA-cm9x-c3rh-7rc4 + created: 2024-08-20T14:54:09.908736-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1208.yaml b/data/reports/GO-2022-1208.yaml new file mode 100644 index 00000000..af8dda34 --- /dev/null +++ b/data/reports/GO-2022-1208.yaml @@ -0,0 +1,25 @@ +id: GO-2022-1208 +modules: + - module: github.com/gotify/server + vulnerable_at: 1.2.1 + - module: github.com/gotify/server/v2 + versions: + - fixed: 2.2.2 + vulnerable_at: 2.2.1 +summary: |- + gotify/server vulnerable to Cross-site Scripting in the application image file + upload in github.com/gotify/server +cves: + - CVE-2022-46181 +ghsas: + - GHSA-xv6x-456v-24xh +references: + - advisory: https://github.com/gotify/server/security/advisories/GHSA-xv6x-456v-24xh + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-46181 + - fix: https://github.com/gotify/server/pull/534 + - fix: https://github.com/gotify/server/pull/535 +source: + id: GHSA-xv6x-456v-24xh + created: 2024-08-20T14:54:17.668824-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1212.yaml b/data/reports/GO-2022-1212.yaml new file mode 100644 index 00000000..49fa770f --- /dev/null +++ b/data/reports/GO-2022-1212.yaml @@ -0,0 +1,24 @@ +id: GO-2022-1212 +modules: + - module: github.com/jessfraz/pastebinit + versions: + - fixed: 0.2.3 + vulnerable_at: 0.2.2 +summary: pastebinit Path Traversal vulnerability in github.com/jessfraz/pastebinit +cves: + - CVE-2018-25059 +ghsas: + - GHSA-cwh7-28vg-jmpr +references: + - advisory: https://github.com/advisories/GHSA-cwh7-28vg-jmpr + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2018-25059 + - fix: https://github.com/jessfraz/pastebinit/commit/1af2facb6d95976c532b7f8f82747d454a092272 + - fix: https://github.com/jessfraz/pastebinit/pull/3 + - web: https://github.com/jessfraz/pastebinit/releases/tag/v0.2.3 + - web: https://vuldb.com/?ctiid.217040 + - web: https://vuldb.com/?id.217040 +source: + id: GHSA-cwh7-28vg-jmpr + created: 2024-08-20T14:54:21.663613-04:00 +review_status: UNREVIEWED +unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2022-1215.yaml b/data/reports/GO-2022-1215.yaml new file mode 100644 index 00000000..a9cffe1e --- /dev/null +++ b/data/reports/GO-2022-1215.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1215 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.3 +summary: usememos/memos Authorization Bypass Through User-Controlled Key vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4686 +ghsas: + - GHSA-68gw-r2x5-7r5r +references: + - advisory: https://github.com/advisories/GHSA-68gw-r2x5-7r5r + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4686 + - fix: https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 + - web: https://huntr.dev/bounties/caa0b22c-501f-44eb-af65-65c315cd1637 +source: + id: GHSA-68gw-r2x5-7r5r + created: 2024-08-20T14:54:47.135744-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1216.yaml b/data/reports/GO-2022-1216.yaml new file mode 100644 index 00000000..bac51856 --- /dev/null +++ b/data/reports/GO-2022-1216.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1216 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.3 +summary: usememos/memos vulnerable to stored Cross-site Scripting in github.com/usememos/memos +cves: + - CVE-2022-4692 +ghsas: + - GHSA-f552-97qx-c694 +references: + - advisory: https://github.com/advisories/GHSA-f552-97qx-c694 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4692 + - fix: https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82 + - web: https://huntr.dev/bounties/9d1ed6ea-f7a0-4561-9325-a2babef99c74 +source: + id: GHSA-f552-97qx-c694 + created: 2024-08-20T14:54:51.082382-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1217.yaml b/data/reports/GO-2022-1217.yaml new file mode 100644 index 00000000..e92c63d3 --- /dev/null +++ b/data/reports/GO-2022-1217.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1217 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.3 +summary: usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos +cves: + - CVE-2022-4687 +ghsas: + - GHSA-fv6c-rfg3-gvjw +references: + - advisory: https://github.com/advisories/GHSA-fv6c-rfg3-gvjw + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4687 + - fix: https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 + - web: https://huntr.dev/bounties/b908377f-a61b-432c-8e6a-c7498da69788 +source: + id: GHSA-fv6c-rfg3-gvjw + created: 2024-08-20T14:54:55.46259-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2022-1218.yaml b/data/reports/GO-2022-1218.yaml new file mode 100644 index 00000000..23457e6e --- /dev/null +++ b/data/reports/GO-2022-1218.yaml @@ -0,0 +1,21 @@ +id: GO-2022-1218 +modules: + - module: github.com/usememos/memos + versions: + - fixed: 0.9.0 + vulnerable_at: 0.8.3 +summary: usememos/memos Improper Access Control vulnerability in github.com/usememos/memos +cves: + - CVE-2022-4684 +ghsas: + - GHSA-qr52-59r6-49f4 +references: + - advisory: https://github.com/advisories/GHSA-qr52-59r6-49f4 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2022-4684 + - fix: https://github.com/usememos/memos/commit/dca35bde877aab6e64ef51b52e590b5d48f692f9 + - web: https://huntr.dev/bounties/b66f2bdd-8b41-456c-bf65-92302c2e03b5 +source: + id: GHSA-qr52-59r6-49f4 + created: 2024-08-20T14:54:59.22965-04:00 +review_status: UNREVIEWED +unexcluded: EFFECTIVELY_PRIVATE