IndexedVerified
Go Security
Go SAST rules aggregated across verified providers.
Fetch pack
greprules pack fetch go-security --engine opengrepcurl https://api.greprules.io/api/packs/go-security.tar.gz -o go-security.tar.gzIncluded rules
CVE-2024-21635: Grpc In Memory File Serving Dos
cve-2024-21635-grpc-in-memory-file-serving-dosCVE-2024-28122: Golang Unbounded Decompression Readallcve-2024-28122-golang-unbounded-decompression-readallCVE-2024-33522: Insecure Suid Chmodcve-2024-33522-insecure-suid-chmodCVE-2025-46599: Kubelet Readonly Port Omitempty Bypasscve-2025-46599-kubelet-readonly-port-omitempty-bypassCVE-2025-47908: Redundant Slice Compaction Doscve-2025-47908-redundant-slice-compaction-dosCVE-2025-48069: Exportfunctions Go Cwe 000 Cve 2025 48069cve-2025-48069-exportfunctions-go-cwe-000-cve-2025-48069CVE-2025-49593: Insecure Header Blocklistcve-2025-49593-insecure-header-blocklistCVE-2025-53634: Go Missing Readheadertimeoutcve-2025-53634-go-missing-readheadertimeoutCVE-2025-54376: Go Negroni Missing Auth Middlewarecve-2025-54376-go-negroni-missing-auth-middlewareCVE-2025-58157: Gnark Quorem Truncation Division And Aliasingcve-2025-58157-gnark-quorem-truncation-division-and-aliasingCVE-2025-58445: Missing Tilde Expansion In Path Validationcve-2025-58445-missing-tilde-expansion-in-path-validationCVE-2025-59530: Quic Missing Initial Key Dropcve-2025-59530-quic-missing-initial-key-dropCVE-2025-65563: Pfcp Nodeid Nil Derefcve-2025-65563-pfcp-nodeid-nil-derefCVE-2025-65564: Pfcp Silent Drop On Ie Parse Errorcve-2025-65564-pfcp-silent-drop-on-ie-parse-errorCVE-2025-65795: Grpc Gateway Httpbody Usagecve-2025-65795-grpc-gateway-httpbody-usageCVE-2025-66506: Go Jwt Unbounded Split Doscve-2025-66506-go-jwt-unbounded-split-dosCVE-2025-67499: Knftables Missing Fib Daddr Localcve-2025-67499-knftables-missing-fib-daddr-localCVE-2025-68274: Sipgo Missing Nil Check To Headercve-2025-68274-sipgo-missing-nil-check-to-headerCVE-2026-10617: Incomplete Privesc Regex Blocklistcve-2026-10617-incomplete-privesc-regex-blocklistCVE-2026-20904: Custom Csrf Middleware Flaw Skipcve-2026-20904-custom-csrf-middleware-flaw-skipCVE-2026-22689: Bypass Websocket Origin Checkcve-2026-22689-bypass-websocket-origin-checkCVE-2026-22862: Geth Unbounded Receipts Decode Doscve-2026-22862-geth-unbounded-receipts-decode-dosCVE-2026-22868: Go Ethereum Missing Buffer Pool Deriveshacve-2026-22868-go-ethereum-missing-buffer-pool-deriveshaCVE-2026-25121: Insecure Filepath Hasprefixcve-2026-25121-insecure-filepath-hasprefixCVE-2026-25542: Git Argument Injectioncve-2026-25542-git-argument-injectionCVE-2026-25760: Arbitrary File Read Via Path Joincve-2026-25760-arbitrary-file-read-via-path-joinCVE-2026-25949: Traefik Missing Encoded Character Validationcve-2026-25949-traefik-missing-encoded-character-validationCVE-2026-25992: Go Filepath Rel Case Bypasscve-2026-25992-go-filepath-rel-case-bypassCVE-2026-27145: Redundant Split In Hostname Matchingcve-2026-27145-redundant-split-in-hostname-matchingCVE-2026-27598: Path Traversal Via Unvalidated Abscve-2026-27598-path-traversal-via-unvalidated-absCVE-2026-27642: Chained Missing Ie Validationcve-2026-27642-chained-missing-ie-validationCVE-2026-28492: Afero Parent Directory Exposurecve-2026-28492-afero-parent-directory-exposureCVE-2026-28789: Unprotected Receiver Map Write Http Handlercve-2026-28789-unprotected-receiver-map-write-http-handlerCVE-2026-28790: Olivetin Missing Kill Permission Revocationcve-2026-28790-olivetin-missing-kill-permission-revocationCVE-2026-30852: Double Placeholder Evaluation Caddycve-2026-30852-double-placeholder-evaluation-caddyCVE-2026-30858: Weknora Missing Sandbox Validationcve-2026-30858-weknora-missing-sandbox-validationCVE-2026-31866: Unbounded Http Request Body Decodecve-2026-31866-unbounded-http-request-body-decodeCVE-2026-32245: Oauth2 Missing Client Validation Authorization Codecve-2026-32245-oauth2-missing-client-validation-authorization-codeCVE-2026-32750: Go Unvalidated Source Path Traversalcve-2026-32750-go-unvalidated-source-path-traversalCVE-2026-32758: Path Validation Before Cleancve-2026-32758-path-validation-before-cleanCVE-2026-32761: Files Filelisting Vue Cwe 000 Cve 2026 32761cve-2026-32761-files-filelisting-vue-cwe-000-cve-2026-32761CVE-2026-32937: Insecure Gin Param Splitcve-2026-32937-insecure-gin-param-splitCVE-2026-33353: Soft Serve Local Git Clone Ssrfcve-2026-33353-soft-serve-local-git-clone-ssrfCVE-2026-33495: Blind Trust Forwarded Protocve-2026-33495-blind-trust-forwarded-protoCVE-2026-33677: Goldmark Double Escapecve-2026-33677-goldmark-double-escapeCVE-2026-33997: Slice Equality Off By Onecve-2026-33997-slice-equality-off-by-oneCVE-2026-34984: Sprig Template Dns Exfiltrationcve-2026-34984-sprig-template-dns-exfiltrationCVE-2026-35454: Go Zip Slip Arbitrary File Writecve-2026-35454-go-zip-slip-arbitrary-file-writeCVE-2026-37462: Go Missing Bounds Check Uint Underflowcve-2026-37462-go-missing-bounds-check-uint-underflowCVE-2026-40293: Premature Loop Return In Channel Aggregationcve-2026-40293-premature-loop-return-in-channel-aggregationCVE-2026-42091: Go Http Missing File Csrf Checkcve-2026-42091-go-http-missing-file-csrf-checkCVE-2026-42504: Go Mime Short Cursor Advance Doscve-2026-42504-go-mime-short-cursor-advance-dosCVE-2026-42576: Unchecked Crypto Key Type Assertioncve-2026-42576-unchecked-crypto-key-type-assertionCVE-2026-44317: Skipped Domain Logic Nil Dereferencecve-2026-44317-skipped-domain-logic-nil-dereferenceCVE-2026-47124: Nezha Missing Csrf Or Scope Validationcve-2026-47124-nezha-missing-csrf-or-scope-validationCVE-2026-6863: Go Path Traversal Via Strings Hasprefixcve-2026-6863-go-path-traversal-via-strings-hasprefixCVE-2020-28483: Go Ip Spoofing Forwarded Header No Proxy Checkcve-2020-28483-go-ip-spoofing-forwarded-header-no-proxy-checkCVE-2020-36567: Go Log Injection Http Path Formatcve-2020-36567-go-log-injection-http-path-formatCVE-2023-29401: Go Content Disposition Filename Injectioncve-2023-29401-go-content-disposition-filename-injectionCVE-2023-32191: Rke Full Cluster State In Configmapcve-2023-32191-rke-full-cluster-state-in-configmapCVE-2023-32192: Insecure Url Construction Sprintfcve-2023-32192-insecure-url-construction-sprintfCVE-2023-47105: Chaosblade Unauth Command Injectioncve-2023-47105-chaosblade-unauth-command-injectionCVE-2024-0793: K8s Hpa Nil Behavior Derefcve-2024-0793-k8s-hpa-nil-behavior-derefCVE-2024-21527: Regex Url Allow Deny List Bypasscve-2024-21527-regex-url-allow-deny-list-bypassCVE-2024-27102: Go Safepath Toctou Symlink Escapecve-2024-27102-go-safepath-toctou-symlink-escapeCVE-2024-27289: Float Negative Zero Bypass String Manipulationcve-2024-27289-float-negative-zero-bypass-string-manipulationCVE-2024-28236: Vela Secret Substitution Bypasscve-2024-28236-vela-secret-substitution-bypassCVE-2024-28860: Slice Parameter Concurrent Mutation Appendcve-2024-28860-slice-parameter-concurrent-mutation-appendCVE-2024-31452: Ignored Error In Reduction Loopcve-2024-31452-ignored-error-in-reduction-loopCVE-2024-34360: Spacemesh Missing Prev Atx Malfeasancecve-2024-34360-spacemesh-missing-prev-atx-malfeasanceCVE-2024-36129: Bypassed Negative Configuration Limitcve-2024-36129-bypassed-negative-configuration-limitCVE-2024-38513: Gofiber Session Fixation Cve 2024 38513cve-2024-38513-gofiber-session-fixation-cve-2024-38513CVE-2024-39690: K8s Webhook Unmanaged Object Bypasscve-2024-39690-k8s-webhook-unmanaged-object-bypassCVE-2024-41110: Go Http Content Length Gate Without Chunked Checkcve-2024-41110-go-http-content-length-gate-without-chunked-checkCVE-2024-41956: Soft Serve Unfiltered Ssh Envcve-2024-41956-soft-serve-unfiltered-ssh-envCVE-2024-42480: Etcd Insecure Open Range Endcve-2024-42480-etcd-insecure-open-range-endCVE-2024-5138: Blind Args Help Checkcve-2024-5138-blind-args-help-checkCVE-2024-52009: Go Credential Embedded In Url Format Stringcve-2024-52009-go-credential-embedded-in-url-format-stringCVE-2024-54148: Gogs Tree Entry Result Discarded Symlink Bypasscve-2024-54148-gogs-tree-entry-result-discarded-symlink-bypassCVE-2025-15558: Insecure Programdata Search Pathcve-2025-15558-insecure-programdata-search-pathCVE-2025-24786: Go Sqlite Open Path Traversal Filepath Joincve-2025-24786-go-sqlite-open-path-traversal-filepath-joinCVE-2025-27088: Context Request Template Exposurecve-2025-27088-context-request-template-exposureCVE-2025-30206: Go Request Slice Field To Os Opencve-2025-30206-go-request-slice-field-to-os-openCVE-2025-31133: Insecure Dev Null Bind Mountcve-2025-31133-insecure-dev-null-bind-mountCVE-2025-32445: Go Mergo Merge Container With Overridecve-2025-32445-go-mergo-merge-container-with-overrideCVE-2025-44005: Cve 2025 44005 Gettokenid Silent Error Bypasscve-2025-44005-cve-2025-44005-gettokenid-silent-error-bypassCVE-2025-46331: Openfga Cache Check Response Without Cycle Checkcve-2025-46331-openfga-cache-check-response-without-cycle-checkCVE-2025-50738: Go Httpbody Unsanitized Content Type Xsscve-2025-50738-go-httpbody-unsanitized-content-type-xssCVE-2025-52890: Nftables Arp Spoofing Bypassed Filterscve-2025-52890-nftables-arp-spoofing-bypassed-filtersCVE-2025-53547: Insecure Plugin Version Validationcve-2025-53547-insecure-plugin-version-validationCVE-2025-53633: Go Archive Zip Unbounded Io Copycve-2025-53633-go-archive-zip-unbounded-io-copyCVE-2025-54379: Go Sql Identifier Injection Sprintf Preparecve-2025-54379-go-sql-identifier-injection-sprintf-prepareCVE-2025-5689: Unconditional Temporary Id Overwritecve-2025-5689-unconditional-temporary-id-overwriteCVE-2025-59823: Gardener Aws Insufficient Template Input Validationcve-2025-59823-gardener-aws-insufficient-template-input-validationCVE-2025-61679: Mcp Tool Unauthenticatedcve-2025-61679-mcp-tool-unauthenticatedCVE-2025-62156: Zip Slip Path Traversal Gocve-2025-62156-zip-slip-path-traversal-goCVE-2025-62506: Minio Iam Session Policy Bypasscve-2025-62506-minio-iam-session-policy-bypassCVE-2025-66565: Go Crypto Rand Silent Failure Fallbackcve-2025-66565-go-crypto-rand-silent-failure-fallbackCVE-2025-9556: Gonja Default Env Ssti Arbitrary File Readcve-2025-9556-gonja-default-env-ssti-arbitrary-file-readCVE-2026-21697: Go Shared Httpclient Racecve-2026-21697-go-shared-httpclient-raceCVE-2026-22039: Kyverno Apicall Missing Policy Namespacecve-2026-22039-kyverno-apicall-missing-policy-namespaceCVE-2026-22688: Go Mcp Stdio Unvalidated Command Injectioncve-2026-22688-go-mcp-stdio-unvalidated-command-injectionCVE-2026-23517: Insufficient Role Check In Middlewarecve-2026-23517-insufficient-role-check-in-middlewareCVE-2026-23881: Missing Context Size Limit Amplificationcve-2026-23881-missing-context-size-limit-amplificationCVE-2026-23944: Arcane Env Proxy Middleware Without Auth Validatorcve-2026-23944-arcane-env-proxy-middleware-without-auth-validatorCVE-2026-24470: Unconditional K8s External Namecve-2026-24470-unconditional-k8s-external-nameCVE-2026-24740: Dozzle Findcontainer Labels Authz Bypasscve-2026-24740-dozzle-findcontainer-labels-authz-bypassCVE-2026-24895: Go Tolower Index Applied To Original Stringcve-2026-24895-go-tolower-index-applied-to-original-stringCVE-2026-25060: Custom Insecure Skip Verifycve-2026-25060-custom-insecure-skip-verifyCVE-2026-25793: Nebula Ecdsa Fingerprint Malleability Bypasscve-2026-25793-nebula-ecdsa-fingerprint-malleability-bypassCVE-2026-25890: Gorilla Mux Skipclean Path Bypasscve-2026-25890-gorilla-mux-skipclean-path-bypassCVE-2026-25996: Inspektor Gadget Textcolumns Unescaped Terminal Stringcve-2026-25996-inspektor-gadget-textcolumns-unescaped-terminal-stringCVE-2026-26187: Path Traversal Prefix Bypasscve-2026-26187-path-traversal-prefix-bypassCVE-2026-26190: Milvus Rest Api Group Missing Authenticate Middlewarecve-2026-26190-milvus-rest-api-group-missing-authenticate-middlewareCVE-2026-27018: Gotenberg Filter Go Cwe 000 Cve 2026 27018cve-2026-27018-gotenberg-filter-go-cwe-000-cve-2026-27018CVE-2026-27112: Kargo Createdprojects Tracked Without Err Nil Checkcve-2026-27112-kargo-createdprojects-tracked-without-err-nil-checkCVE-2026-27626: Olivetin Webhook Execution Request Unfiltered Argumentscve-2026-27626-olivetin-webhook-execution-request-unfiltered-argumentsCVE-2026-27965: Vitess Cve 2026 27965 Manifest External Decompressor Command Injectioncve-2026-27965-vitess-cve-2026-27965-manifest-external-decompressor-command-injectionCVE-2026-28229: Argo Workflow Template Get Missing Authzcve-2026-28229-argo-workflow-template-get-missing-authzCVE-2026-30405: Gobgp Unconditional Validate Update Msgcve-2026-30405-gobgp-unconditional-validate-update-msgCVE-2026-30836: Scep Updatereq Grouped With Csr Handlerscve-2026-30836-scep-updatereq-grouped-with-csr-handlersCVE-2026-30860: Weknora Sandbox Manager Execute Without Validationcve-2026-30860-weknora-sandbox-manager-execute-without-validationCVE-2026-31817: Weak Fallback Id Validationcve-2026-31817-weak-fallback-id-validationCVE-2026-32136: Go H2c Newhandler Outside Auth Middlewarecve-2026-32136-go-h2c-newhandler-outside-auth-middlewareCVE-2026-32241: Dynamic Shell Command Executioncve-2026-32241-dynamic-shell-command-executionCVE-2026-32695: Traefik Missing Encoded Chars Middlewarecve-2026-32695-traefik-missing-encoded-chars-middlewareCVE-2026-32767: Siyuan Fulltextsearchblock Missing Admin Checkcve-2026-32767-siyuan-fulltextsearchblock-missing-admin-checkCVE-2026-32768: Pulumi K8s Networkpolicy Inverted Deny Egresscve-2026-32768-pulumi-k8s-networkpolicy-inverted-deny-egressCVE-2026-32769: Pulumi K8s Networkpolicy Egress Namespaceselector Notin Metadata Namecve-2026-32769-pulumi-k8s-networkpolicy-egress-namespaceselector-notin-metadata-nameCVE-2026-32805: Go Zip Slip Prefix Bypasscve-2026-32805-go-zip-slip-prefix-bypassCVE-2026-32811: Ignored Url Parse Errorcve-2026-32811-ignored-url-parse-errorCVE-2026-32815: Unsegregated Websocket Session Storagecve-2026-32815-unsegregated-websocket-session-storageCVE-2026-32938: Siyuan Html2blockdom Missing Admin Readonly Guardscve-2026-32938-siyuan-html2blockdom-missing-admin-readonly-guardsCVE-2026-33216: Improper Password To Jwt Assignmentcve-2026-33216-improper-password-to-jwt-assignmentCVE-2026-33335: Double Escape Before Goldmarkcve-2026-33335-double-escape-before-goldmarkCVE-2026-33494: Oathkeeper Rule Matching Without Path Cleancve-2026-33494-oathkeeper-rule-matching-without-path-cleanCVE-2026-33496: Go Auth Cache Key Confusioncve-2026-33496-go-auth-cache-key-confusionCVE-2026-33544: Stateful Singleton Interface Oauthcve-2026-33544-stateful-singleton-interface-oauthCVE-2026-33669: Siyuan Asset Handler Missing Publish Access Checkcve-2026-33669-siyuan-asset-handler-missing-publish-access-checkCVE-2026-33678: Double Escape Before Markdowncve-2026-33678-double-escape-before-markdownCVE-2026-33680: Vikunja Missing Linksharing Auth Checkcve-2026-33680-vikunja-missing-linksharing-auth-checkCVE-2026-33711: Insecure Tmp File Creationcve-2026-33711-insecure-tmp-file-creationCVE-2026-33729: Openfga Cache Key Injective Serializationcve-2026-33729-openfga-cache-key-injective-serializationCVE-2026-33945: Go Filepath Join Untrusted Key Writefile Traversalcve-2026-33945-go-filepath-join-untrusted-key-writefile-traversalCVE-2026-34041: Act Set Env Add Path Without Unsecure Commands Guardcve-2026-34041-act-set-env-add-path-without-unsecure-commands-guardCVE-2026-34581: Goshs Unvalidated Path Traversalcve-2026-34581-goshs-unvalidated-path-traversalCVE-2026-34976: Missing Restore Tenant Middleware Registrationcve-2026-34976-missing-restore-tenant-middleware-registrationCVE-2026-35051: Forwardauth Missing X Forwarded Stripcve-2026-35051-forwardauth-missing-x-forwarded-stripCVE-2026-35205: Fail Open Verification Bypasscve-2026-35205-fail-open-verification-bypassCVE-2026-35392: Go Http Request Path To File Write Without Containment Checkcve-2026-35392-go-http-request-path-to-file-write-without-containment-checkCVE-2026-35393: Go Net Http Url Path To Filesystem Traversalcve-2026-35393-go-net-http-url-path-to-filesystem-traversalCVE-2026-35458: Go Dlclark Regexp2 Compile Without Match Timeoutcve-2026-35458-go-dlclark-regexp2-compile-without-match-timeoutCVE-2026-35471: Go Path Traversal Guard Missing Returncve-2026-35471-go-path-traversal-guard-missing-returnCVE-2026-35604: Missing Share Owner Permission Checkcve-2026-35604-missing-share-owner-permission-checkCVE-2026-38651: Go Jwt Missing Validity Checkcve-2026-38651-go-jwt-missing-validity-checkCVE-2026-39858: Traefik Http Chain Missing Deny Encoded Characterscve-2026-39858-traefik-http-chain-missing-deny-encoded-charactersCVE-2026-40189: Goshs State Changing Handler Missing Acl Checkcve-2026-40189-goshs-state-changing-handler-missing-acl-checkCVE-2026-40259: Siyuan Av Api Missing Admin Role Checkcve-2026-40259-siyuan-av-api-missing-admin-role-checkCVE-2026-40318: Go Path Traversal Arbitrary File Delete Via Filepath Joincve-2026-40318-go-path-traversal-arbitrary-file-delete-via-filepath-joinCVE-2026-40344: Skipped Architectural Feature Omissioncve-2026-40344-skipped-architectural-feature-omissionCVE-2026-40884: Goshs Sftp Empty Username Auth Bypasscve-2026-40884-goshs-sftp-empty-username-auth-bypassCVE-2026-40890: Go Missing Bounds Check After Loopcve-2026-40890-go-missing-bounds-check-after-loopCVE-2026-41068: Kyverno Cross Namespace Rbac Bypasscve-2026-41068-kyverno-cross-namespace-rbac-bypassCVE-2026-41070: Cve 2026 41070 Openvpn Plugin Auth Deny Returns Successcve-2026-41070-cve-2026-41070-openvpn-plugin-auth-deny-returns-successCVE-2026-41145: Unsanitized Http Trailer In Custom Chunk Readercve-2026-41145-unsanitized-http-trailer-in-custom-chunk-readerCVE-2026-41246: Contour Envoy Lua Injectioncve-2026-41246-contour-envoy-lua-injectionCVE-2026-41323: Kyverno Default Sa Token Readcve-2026-41323-kyverno-default-sa-token-readCVE-2026-41327: Dgraph Cve 2026 41327 Dql Cond Injectioncve-2026-41327-dgraph-cve-2026-41327-dql-cond-injectionCVE-2026-41328: Go Dgraph Dql Injection Via Fmt Sprintfcve-2026-41328-go-dgraph-dql-injection-via-fmt-sprintfCVE-2026-41491: Path Traversal Method Path Without Cleancve-2026-41491-path-traversal-method-path-without-cleanCVE-2026-41492: Go Incomplete Debug Cmdline Filter Leaks Expvar Varscve-2026-41492-go-incomplete-debug-cmdline-filter-leaks-expvar-varsCVE-2026-41571: Go Bcrypt Empty Password Placeholder Auth Bypasscve-2026-41571-go-bcrypt-empty-password-placeholder-auth-bypassCVE-2026-42072: Go Net Listen Port Only Wildcard Bindcve-2026-42072-go-net-listen-port-only-wildcard-bindCVE-2026-42083: Gin Route Group Missing Auth Middlewarecve-2026-42083-gin-route-group-missing-auth-middlewareCVE-2026-42221: Insecure Inline Session Cookie Generationcve-2026-42221-insecure-inline-session-cookie-generationCVE-2026-42238: Gin Conditional Auth Required Bypasscve-2026-42238-gin-conditional-auth-required-bypassCVE-2026-42296: Argo Workflows Incomplete Workflowspec Restriction Checkcve-2026-42296-argo-workflows-incomplete-workflowspec-restriction-checkCVE-2026-42300: Go Admin Token Header Identity Assertion Bypasscve-2026-42300-go-admin-token-header-identity-assertion-bypassCVE-2026-42461: Huma Auth Middleware Missing Api Security Fallbackcve-2026-42461-huma-auth-middleware-missing-api-security-fallbackCVE-2026-42560: Cve 2026 42560 Oauth User Id Self Hash Collisioncve-2026-42560-cve-2026-42560-oauth-user-id-self-hash-collisionCVE-2026-42574: Go Sanitize Path Symlink Following Traversalcve-2026-42574-go-sanitize-path-symlink-following-traversalCVE-2026-44316: Go Nil Deref Before Nil Guardcve-2026-44316-go-nil-deref-before-nil-guardCVE-2026-44319: Go Fatal Log In Goroutinecve-2026-44319-go-fatal-log-in-goroutineCVE-2026-44322: Free5gc Nef Unset Problemdetails Causecve-2026-44322-free5gc-nef-unset-problemdetails-causeCVE-2026-44328: Nf Instance Id Ephemeral Uuid No Configcve-2026-44328-nf-instance-id-ephemeral-uuid-no-configCVE-2026-44329: Gin Router Group Missing Auth Middlewarecve-2026-44329-gin-router-group-missing-auth-middlewareCVE-2026-44523: Jwt Hmac Secret Missing Min Length Validationcve-2026-44523-jwt-hmac-secret-missing-min-length-validationCVE-2026-44850: Tar Zipslip Vulnerabilitycve-2026-44850-tar-zipslip-vulnerabilityCVE-2026-44882: Archive Targz Go Cwe 000 Cve 2026 44882cve-2026-44882-archive-targz-go-cwe-000-cve-2026-44882CVE-2026-45090: Dalfox Missing Json Aware Injectioncve-2026-45090-dalfox-missing-json-aware-injectionCVE-2026-46378: Unbounded Peek Loopcve-2026-46378-unbounded-peek-loopCVE-2026-46415: Caddy Middleware Unsafe Remoteaddrcve-2026-46415-caddy-middleware-unsafe-remoteaddrCVE-2026-47125: Go Env File Write Without Key Regex Validationcve-2026-47125-go-env-file-write-without-key-regex-validationCVE-2026-5412: Juju Cloudspec Newcloudspec Missing Authorizercve-2026-5412-juju-cloudspec-newcloudspec-missing-authorizerCVE-2026-7482: Unsafe Slice Unvalidated Count After Io Readallcve-2026-7482-unsafe-slice-unvalidated-count-after-io-readallCVE-2026-7573: Cve 2026 7573 User Context Identity Discarded No Authzcve-2026-7573-cve-2026-7573-user-context-identity-discarded-no-authzBlocklist Blocklist Desgitlab-sast-go-blocklist-rule-blocklist-desBlocklist Blocklist Md5gitlab-sast-go-blocklist-rule-blocklist-md5Blocklist Blocklist Rc4gitlab-sast-go-blocklist-rule-blocklist-rc4Blocklist Blocklist Sha1gitlab-sast-go-blocklist-rule-blocklist-sha1Crypto Badtlssettingsgitlab-sast-go-crypto-rule-badtlssettingsCrypto Insecure Ignore Host Keygitlab-sast-go-crypto-rule-insecure-ignore-host-keyCrypto Tlsversiongitlab-sast-go-crypto-rule-tlsversionCrypto Weakkeystrengthgitlab-sast-go-crypto-rule-weakkeystrengthCrypto Weakrandsourcegitlab-sast-go-crypto-rule-weakrandsourceFile Permissions Filepermgitlab-sast-go-file-permissions-rule-filepermFile Permissions Mkdirgitlab-sast-go-file-permissions-rule-mkdirFilesystem Decompression Bombgitlab-sast-go-filesystem-rule-decompression-bombFilesystem Filereadgitlab-sast-go-filesystem-rule-filereadFilesystem Httprootdirgitlab-sast-go-filesystem-rule-httprootdirFilesystem Poorwritepermissionsgitlab-sast-go-filesystem-rule-poorwritepermissionsFilesystem Tempfilesgitlab-sast-go-filesystem-rule-tempfilesFilesystem Ziparchivegitlab-sast-go-filesystem-rule-ziparchiveHttp Http Servegitlab-sast-go-http-rule-http-serveInjection Ssrfgitlab-sast-go-injection-rule-ssrfInjection Template Injectiongitlab-sast-go-injection-rule-template-injectionLeak Pprof Endpointgitlab-sast-go-leak-rule-pprof-endpointMemory Integer Overflowgitlab-sast-go-memory-rule-integer-overflowMemory Memoryaliasinggitlab-sast-go-memory-rule-memoryaliasingNetwork Bind To All Interfacesgitlab-sast-go-network-rule-bind-to-all-interfacesSql Concat Sqligitlab-sast-go-sql-rule-concat-sqliSubproc Subprocgitlab-sast-go-subproc-rule-subprocUnsafe Unsafegitlab-sast-go-unsafe-rule-unsafe