Description
sanitize-url: XSS due to improper sanitization in sanitizeUrl function.
golang: net/http: improper sanitization of Transfer-Encoding header.
golang: go/parser: stack exhaustion in all Parse* functions.
grafana: Forward OAuth Identity Token can allow users to access some data sources.
prometheus/client_golang: Denial of service using InstrumentHandlerCounter.
grafana: XSS vulnerability in data source handling.
grafana: CSRF vulnerability can lead to privilege escalation.
grafana: IDOR vulnerability can lead to information disclosure.
golang: encoding/xml: stack exhaustion in Decoder.Skip.
golang: io/fs: stack exhaustion in Glob.
golang: compress/gzip: stack exhaustion in Reader.Read.
golang: path/filepath: stack exhaustion in Glob.
golang: encoding/xml: stack exhaustion in Unmarshal.
golang: encoding/gob: stack exhaustion in Decoder.Decode.
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working.