CVE Daily
← All tags

Tag: Gorilla Toolkit

All CVEs associated with "Gorilla Toolkit". Page 1/1 • 8 CVEs.

Subscribe CVEs: RSS for “Gorilla Toolkit”  ·  RSS (High+Critical only)

About “Gorilla Toolkit”

A curated feed of “Gorilla Toolkit”-related CVEs appears below. We currently track 8 CVEs for this tag (all time). In the last 365 days, 3 were published. Average CVSS is 7.2 (all time; 8.0 over 365d), and 75% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1385 - Missing Origin Validation in WebSockets, CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-346 - Origin Validation Error.

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: gorilla

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
11.5.0- Expired

Maintained Soon (≤ 180 days) Expired

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-04-20
High

CVE-2026-34403

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true…

CVSS: 8.1 CWE: CWE-1385 - Missing Origin Validation in WebSockets View on NVD
2025-11-25
High

CVE-2025-65952

Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashe…

CVSS: 8.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-08-29
High

CVE-2025-47909

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that pla…

CVSS: 7.3 CWE: CWE-346 - Origin Validation Error View on NVD
2025-04-15
Medium

CVE-2025-24358

gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist…

CVSS: 5.4 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2024-07-01
High

CVE-2024-37298

gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2023-12-22
High

CVE-2023-48704

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server.…

CVSS: 7.0 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2022-03-14
Medium

CVE-2021-42391

Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.

CVSS: 6.5 CWE: CWE-369 - Divide By Zero View on NVD
2014-08-12
High

CVE-2014-5200

SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox