We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
$ ./trivy_0.41.0_Linux-64bit/trivy repo https://git.mills.io/prologic/wiki 2023-07-29T01:31:45.633+0200 INFO Vulnerability scanning is enabled 2023-07-29T01:31:45.633+0200 INFO Secret scanning is enabled 2023-07-29T01:31:45.633+0200 INFO If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2023-07-29T01:31:45.633+0200 INFO Please see also https://aquasecurity.github.io/trivy/v0.41/docs/secret/scanning/#recommendation for faster secret detection Enumerating objects: 93, done. Counting objects: 100% (93/93), done. Compressing objects: 100% (78/78), done. Total 93 (delta 7), reused 81 (delta 5), pack-reused 0 2023-07-29T01:31:56.715+0200 INFO Number of language-specific files: 1 2023-07-29T01:31:56.715+0200 INFO Detecting gomod vulnerabilities... go.mod (gomod) Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 7, HIGH: 15, CRITICAL: 0) ┌─────────────────────────────────────┬────────────────┬──────────┬───────────────────────────────────┬───────────────────────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │ ├─────────────────────────────────────┼────────────────┼──────────┼───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ github.com/dgrijalva/jwt-go │ CVE-2020-26160 │ HIGH │ 3.2.0+incompatible │ │ jwt-go: access restriction bypass vulnerability │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-26160 │ ├─────────────────────────────────────┼────────────────┤ ├───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ github.com/gogo/protobuf │ CVE-2021-3121 │ │ 1.2.1 │ 1.3.2 │ gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain │ │ │ │ │ │ │ index validation │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-3121 │ ├─────────────────────────────────────┼────────────────┼──────────┼───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ github.com/microcosm-cc/bluemonday │ CVE-2021-29272 │ MEDIUM │ 1.0.3 │ 1.0.5 │ Cross-site scripting via uppercase Cyrillic i │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-29272 │ │ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2021-42576 │ │ │ 1.0.16 │ The bluemonday sanitizer before 1.0.16 for Go, and before │ │ │ │ │ │ │ 0.0.8 for Py... │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-42576 │ ├─────────────────────────────────────┼────────────────┤ ├───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ github.com/miekg/dns │ CVE-2019-19794 │ │ 1.0.14 │ 1.1.25 │ golang-github-miekg-dns: predictable TXID can lead to │ │ │ │ │ │ │ response forgeries │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-19794 │ ├─────────────────────────────────────┼────────────────┼──────────┼───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ github.com/prometheus/client_golang │ CVE-2022-21698 │ HIGH │ 0.9.3 │ 1.11.1 │ Denial of service using InstrumentHandlerCounter │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-21698 │ ├─────────────────────────────────────┼────────────────┤ ├───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/crypto │ CVE-2020-29652 │ │ 0.0.0-20190605123033-f99c8df09eb5 │ 0.0.0-20201216223049-8b5274cf687f │ golang: crypto/ssh: crafted authentication request can lead │ │ │ │ │ │ │ to nil pointer dereference │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-29652 │ │ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2020-7919 │ │ │ 0.0.0-20200124225646-8b5121be2f68 │ golang: Integer overflow on 32bit architectures via crafted │ │ │ │ │ │ │ certificate allows for denial... │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-7919 │ │ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2020-9283 │ │ │ 0.0.0-20200220183623-bac4c82f6975 │ golang.org/x/crypto: Processing of crafted ssh-ed25519 │ │ │ │ │ │ │ public keys allows for panic │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-9283 │ │ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2021-43565 │ │ │ 0.0.0-20211202192323-5770296d904e │ empty plaintext packet causes panic │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-43565 │ │ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2022-27191 │ │ │ 0.0.0-20220314234659-1baeb1ce4c0b │ crash in a golang.org/x/crypto/ssh server │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27191 │ ├─────────────────────────────────────┼────────────────┼──────────┼───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/image │ CVE-2022-41727 │ MEDIUM │ 0.0.0-20190802002840-cff245a6509b │ 0.5.0 │ Uncontrolled Resource Consumption │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41727 │ ├─────────────────────────────────────┼────────────────┼──────────┼───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2019-9512 │ HIGH │ 0.0.0-20190620200207-3b0461eec859 │ 0.0.0-20190813141303-74dc4d7220e7 │ flood using PING frames results in unbounded memory growth │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-9512 │ │ ├────────────────┤ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2019-9514 │ │ │ │ flood using HEADERS frames results in unbounded memory │ │ │ │ │ │ │ growth │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-9514 │ │ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2021-33194 │ │ │ 0.0.0-20210520170846-37e1c6afe023 │ golang: x/net/html: infinite loop in ParseFragment │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33194 │ │ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2022-27664 │ │ │ 0.0.0-20220906165146-f3363e06e74c │ handle server errors after sending GOAWAY │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-27664 │ │ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2022-41723 │ │ │ 0.7.0 │ avoid quadratic complexity in HPACK decoding │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-41723 │ │ ├────────────────┼──────────┤ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2021-31525 │ MEDIUM │ │ 0.0.0-20210428140749-89ef3d95e781 │ golang: net/http: panic in ReadRequest and ReadResponse when │ │ │ │ │ │ │ reading a very large... │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-31525 │ ├─────────────────────────────────────┼────────────────┤ ├───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/sys │ CVE-2022-29526 │ │ 0.0.0-20190624142023-c5567b49c5d0 │ 0.0.0-20220412211240-33da011f77ad │ faccessat checks wrong group │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29526 │ ├─────────────────────────────────────┼────────────────┼──────────┼───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ golang.org/x/text │ CVE-2021-38561 │ HIGH │ 0.3.3 │ 0.3.7 │ out-of-bounds read in golang.org/x/text/language leads to │ │ │ │ │ │ │ DoS │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-38561 │ │ ├────────────────┤ │ ├───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ │ CVE-2022-32149 │ │ │ 0.3.8 │ ParseAcceptLanguage takes a long time to parse complex tags │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-32149 │ ├─────────────────────────────────────┼────────────────┼──────────┼───────────────────────────────────┼───────────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ gopkg.in/yaml.v2 │ CVE-2019-11254 │ MEDIUM │ 2.2.4 │ 2.2.8 │ kubernetes: Denial of service in API server via crafted YAML │ │ │ │ │ │ │ payloads by... │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-11254 │ └─────────────────────────────────────┴────────────────┴──────────┴───────────────────────────────────┴───────────────────────────────────┴──────────────────────────────────────────────────────────────┘
Originally posted by @nodiscc in awesome-selfhosted/awesome-selfhosted#4065
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Originally posted by @nodiscc in awesome-selfhosted/awesome-selfhosted#4065
The text was updated successfully, but these errors were encountered: