HIGH

Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-36562
https://github.com/shiyanhui/dht/issues/57
https://pkg.go.dev/…

go-resolver’s DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self…

go-codec-dagpb is an implementation of the DAG-PB spec for Go. The dag-pb codec can panic when decoding invalid blocks. This issue has been patched in version 1.5.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-2584
https://github.com/ipld/go-…

Noise is a Go implementation of the Noise Protocol Framework. The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messag…

Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.
Referen…

The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.
References

https://nvd.nist.gov/vuln/detail/CVE-2013-10005
https://github.com/btcsuite…

A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the local…

Gin is a HTTP web framework written in Go (Golang). Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-36567
htt…

In rdiffweb prior to 2.5.5, the username field is not unique to users. This allows exploitation of primary key logic by creating the same name with different combinations & may allow unauthorized access.
References

https://nvd.nist.gov/vuln/detail…

Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4720
https://github.com/ikus060/rdiffweb/commit/6afaae56a29536f0118b3380d296c416aa6d078d
https://huntr.dev/bounties/339687af-6e25-…