Go Vulnerability Database

• GHSA-qr2g-p6q7-w82m
• Affects: github.com/coinbase/x402/go
• Published: Mar 10, 2026

x402 SDK Security Advisory in github.com/coinbase/x402/go. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/coinbase/x402/go before v2.5.0.

• CVE-2026-30869, GHSA-2h2p-mvfx-868w
• Affects: github.com/siyuan-note/siyuan/kernel
• Published: Mar 10, 2026

SiYuan Vulnerable to Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage in github.com/siyuan-note/siyuan/kernel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/siyuan-note/siyuan/kernel before v3.5.10.

• CVE-2026-30861, GHSA-r55h-3rwj-hcmg
• Affects: github.com/Tencent/WeKnora
• Published: Mar 10, 2026

WeKnora has Remote Code Execution (RCE) via Command Injection in MCP Stdio Configuration Validation in github.com/Tencent/WeKnora

• CVE-2026-30852, GHSA-m2w3-8f23-hxxf
• Affects: github.com/caddyserver/caddy/v2
• Published: Mar 10, 2026

Caddy's vars_regexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy

• CVE-2026-30858, GHSA-h6gw-8f77-mmmp
• Affects: github.com/Tencent/WeKnora
• Published: Mar 10, 2026

WeKnora has DNS Rebinding Vulnerability in web_fetch Tool that Allows SSRF to Internal Resources in github.com/Tencent/WeKnora