High
Showing all detectors for the Go language with high severity.
Disabled TLS certificate validation
Use of insecure math/rand for random number generation
Disabling SSH host key validation
Use of adversary-controlled input in reflection
OS command injection from untrusted input
Log injection from untrusted input
Using http.FileServer as handler
Exposed pprof endpoints enable information leaks
XSS from untrusted input in web outputs
Security risks and quality issues from deprecated AWS APIs and clients
Insecure gRPC client and server connections in Go enable data tampering
Decompression of untrusted data without size limits
Insecure validation and lack of restrictions enable cross-site request forgery
Unsynchronized concurrent access to shared data
Plain HTTP traffic enables eavesdropping and tampering
Improper Neutralization of Special Elements used in an SQL Command
Use of weak RSA key generation function
Loop pointers exported directly can cause unintended behavior
User input used unsanitized in outbound requests
Unprotected sensitive data in network services and client alerts
Integer overflow from improper input validation in conversions
Disabled or incorrectly used protection mechanism can lead to security vulnerabilities
Dereferencing a nil pointer can lead to unexpected nil pointer exceptions.
Insecure temporary file creation
XXE vulnerability from XML
Overly permissive file permissions
Inconsistent variable assignment from multiple sources
Improper authentication from insufficient identity verification
Path traversal from untrusted input
Identified the presence of stack traces within HTTP response, posing a potential security risk if deployed in a user-facing manner in a production environment.