Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Browse Security Advisories

Security Advisories for github.com/hashicorp/vault Clear Filters

Low
about 1 month ago

Vault Community Edition rekey and recovery key operations can cause denial of service GSA_kwCzR0hTQS1maGMyLThxeDgtNnZqN84ABJbX

go github.com/hashicorp/vault
Moderate
3 months ago

Hashicorp Vault Community vulnerable to Incorrect Authorization GSA_kwCzR0hTQS1mOWNoLWg4ajctOGp3Z84ABHci

go github.com/hashicorp/vault
Moderate
3 months ago

Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information GSA_kwCzR0hTQS1nY3FmLWY4OWMtNjhods4ABHay

go github.com/hashicorp/vault
High
9 months ago

Hashicorp Vault vulnerable to denial of service through memory exhaustion GSA_kwCzR0hTQS1nMjMzLTJwNHItM3E3ds4ABA2E

go github.com/hashicorp/vault
High
10 months ago

Vault Community Edition privilege escalation vulnerability GSA_kwCzR0hTQS1ycjhqLTd3MzQteHA1as4ABALz

go github.com/hashicorp/vault
High
10 months ago

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default GSA_kwCzR0hTQS1qZzc0LW13Z3ctdjZ4M84AA_zy

go github.com/hashicorp/vault
Moderate
11 months ago

Vault Leaks Client Token and Token Accessor in Audit Devices GSA_kwCzR0hTQS1qanhmLTI2YzktNzdnbc4AA_Oa

go github.com/hashicorp/vault
High
about 1 year ago

Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions GSA_kwCzR0hTQS0ycW13LXB2ZjctNG13Ns4AA90R

go github.com/hashicorp/vault
Low
about 1 year ago

HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims GSA_kwCzR0hTQS0zMmNqLTV3eDQtZ3E4cM4AA8_N

go github.com/hashicorp/vault
Moderate
over 1 year ago

HashiCorpVault does not correctly validate OCSP responses GSA_kwCzR0hTQS1qMnJwLWdtcXYtZnJods4AA6pX

go github.com/hashicorp/vault
High
over 1 year ago

Incorrect TLS certificate auth method in Vault GSA_kwCzR0hTQS1yM3c3LW1mcG0tYzJ2d84AA5wI

go github.com/hashicorp/vault
Moderate
over 1 year ago

Hashicorp Vault may expose sensitive log information GSA_kwCzR0hTQS12Z2gzLW13eHEtcmNwOM4AA4--

go github.com/hashicorp/vault
High
over 1 year ago

Improper Authentication in HashiCorp Vault GSA_kwCzR0hTQS1ycTk1LXhmNjYtajY4Oc4AA4-1

go github.com/hashicorp/vault
Moderate
over 1 year ago

Enumeration of users in HashiCorp Vault GSA_kwCzR0hTQS1ycGdwLTlobWctajI1eM4AA4-x

go github.com/hashicorp/vault
High
over 1 year ago

HashiCorp Vault Authentication bypass GSA_kwCzR0hTQS00bXA3LTJtMjktZ3F4Zs4AA49E

go github.com/hashicorp/vault
Moderate
over 1 year ago

HashiCorp Vault Improper Privilege Management GSA_kwCzR0hTQS1tOTc5LXc5d2otcWZqOc4AA489

go github.com/hashicorp/vault
Critical
over 1 year ago

HashiCorp Vault Improper Privilege Management GSA_kwCzR0hTQS1qNnZ2LXZ2MjYtcmg3Y84AA488

go github.com/hashicorp/vault
High
over 1 year ago

Memory exhaustion in HashiCorp Vault GSA_kwCzR0hTQS02cDYyLTZjZzktZjVmNc4AA3ph

go github.com/hashicorp/vault
High
over 1 year ago

HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability GSA_kwCzR0hTQS00cWhjLXY4cjYtOHZ3bc4AA3B2

go github.com/hashicorp/vault
High
almost 2 years ago

Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability GSA_kwCzR0hTQS04NmM2LTNnNjMtNXc2NM4AA2Id

go github.com/hashicorp/vault
Moderate
almost 2 years ago

HashiCorp Vault Improper Input Validation vulnerability GSA_kwCzR0hTQS12ODRmLTZyMzktY3BmY84AA14s

go github.com/hashicorp/vault
Moderate
almost 2 years ago

HashiCorp Vault and Vault Enterprise vulnerable to user enumeration GSA_kwCzR0hTQS05djN3LXcyamgtNGhmZs4AA0-S

go github.com/hashicorp/vault
High
about 2 years ago

Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation GSA_kwCzR0hTQS13bWc1LWc5NTMtcXFmd84AA0UP

go github.com/hashicorp/vault
Moderate
about 2 years ago

HashiCorp Vault's revocation list not respected GSA_kwCzR0hTQS05bWg4LTlqNjQtNDQzZs4AA0RO

go github.com/hashicorp/vault
Moderate
about 2 years ago

Hashicorp Vault vulnerable to Cross-site Scripting GSA_kwCzR0hTQS1ncTk4LTUzcnEtcXI1aM4AAzw5

go github.com/hashicorp/vault
Moderate
over 2 years ago

HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File GSA_kwCzR0hTQS12M2hwLW1jajUtcGczOc4AAydQ

go github.com/hashicorp/vault
Moderate
over 2 years ago

HashiCorp Vault's PKI mount vulnerable to denial of service GSA_kwCzR0hTQS1od2MzLTNxaDYtcjRnZ84AAydO

go github.com/hashicorp/vault
Moderate
over 2 years ago

HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks GSA_kwCzR0hTQS12cTRoLTlnaG0tcW1ycs4AAydP

go github.com/hashicorp/vault
Critical
almost 3 years ago

HashiCorp Vault vulnerable to incorrect metadata access GSA_kwCzR0hTQS03Y2d2LXY4M3YtcnI4N84AAvAP

go github.com/hashicorp/vault
Critical
about 3 years ago

Token leases could outlive their TTL in HashiCorp Vault GSA_kwCzR0hTQS01N2dnLWNqNTUtcTVnMs4AArAN

go github.com/hashicorp/vault
Moderate
about 3 years ago

HashiCorp Vault improper configuration of multi factor authentication GSA_kwCzR0hTQS1jNXdjLXYyODctODJwY84AAgYl

go github.com/hashicorp/vault
Critical
over 3 years ago

HashiCorp Vault Incorrect Permission Assignment for Critical Resource GSA_kwCzR0hTQS1wZm13LXZqNzQtcGg4Z80YjQ

go github.com/hashicorp/vault
High
almost 4 years ago

Incorrect Privilege Assignment in HashiCorp Vault GSA_kwCzR0hTQS0zNjJ2LXdnNXAtNjR3Ms0Wgw

go github.com/hashicorp/vault
Low
almost 4 years ago

Hashicorp Vault Privilege Escalation Vulnerability GSA_kwCzR0hTQS1xdjk1LWczZ20teDU0Ms0Wfg

go github.com/hashicorp/vault
Critical
almost 4 years ago

HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzZnEtcTdoYy05OTNy

go github.com/hashicorp/vault
Moderate
almost 4 years ago

Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyMzktMjhjMi05bXJt

go github.com/hashicorp/vault
High
almost 4 years ago

Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwNTItcXczMy1tZm13

go github.com/hashicorp/vault
High
about 4 years ago

Improper Resource Shutdown or Release in HashiCorp Vault MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2aDUtcjRxdy12M3Z2

go github.com/hashicorp/vault
High
about 4 years ago

Invalid session token expiration MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4ajktN3BwOS0yaGp3

go github.com/hashicorp/vault
High
about 4 years ago

Information Disclosure in HashiCorp Vault MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1eGotODlnNS1mbTZo

go github.com/hashicorp/vault

Filter by Severity

Moderate 10,056 High 8,036 Critical 3,299 Low 1,442

Filter by Ecosystem

maven 6,630 packagist 5,356 pypi 4,831 npm 4,188 go 2,794 nuget 1,700 cargo 1,065 rubygems 918 hex 37 swift 35 actions 32 pub 10

Filter by Package

tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 418 magento/community-edition 300 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 239 typo3/cms 190 org.apache.tomcat:tomcat 138 pimcore/pimcore 120 dolibarr/dolibarr 116 github.com/mattermost/mattermost/server/v8 115 typo3/cms-core 111 phpmyadmin/phpmyadmin 107 Django 107 drupal/core 103 com.liferay.portal:release.portal.bom 100 magento/project-community-edition 100 microweber/microweber 99 silverstripe/framework 92 com.liferay.portal:release.dxp.bom 91 apache-airflow 85 drupal/drupal 83 librenms/librenms 82 thorsten/phpmyfaq 73 Plone 72 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 concrete5/concrete5 65 github.com/usememos/memos 65 salt 65 ansible 63 actionpack 61 apache-superset 57 shopware/platform 57 org.apache.struts:struts2-core 57 github.com/grafana/grafana 56 mlflow 53 craftcms/cms 51 org.keycloak:keycloak-core 50 nova 48 baserproject/basercms 47 django 46 org.apache.tomcat.embed:tomcat-embed-core 46 nokogiri 46 shopware/core 45 gradio 44 github.com/rancher/rancher 44 mautic/core 44 vyper 44 matrix-synapse 42 rdiffweb 42 nilsteampassnet/teampass 42 mantisbt/mantisbt 41 org.keycloak:keycloak-services 41 k8s.io/kubernetes 41 org.xwiki.platform:xwiki-platform-oldcore 41 plone 41 showdoc/showdoc 41 org.elasticsearch:elasticsearch 41 github.com/hashicorp/vault 40 froxlor/froxlor 40 intelliants/subrion 39 github.com/mattermost/mattermost-server/v6 39 directus 38 com.thoughtworks.xstream:xstream 37 snipe/snipe-it 36 net.mingsoft:ms-mcms 36 com.jfinal:jfinal 36 moin 35 io.undertow:undertow-core 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 34 zendframework/zendframework1 34 parse-server 33 keystone 32 gogs.io/gogs 32 github.com/cilium/cilium 31 github.com/argoproj/argo-cd/v2 31 github.com/argoproj/argo-cd 31 opencv-python 31 Pillow 31 github.com/hashicorp/nomad 31 opencv-contrib-python 31 getgrav/grav 30 shopware/shopware 30 rack 29 github.com/docker/docker 29 github.com/hashicorp/consul 29 github.com/mattermost/mattermost-server 29 org.apache.solr:solr-core 28 mediawiki/core 28 electron 28 org.opencms:opencms-core 27 centreon/centreon 27 pillow 26 openssl-src 26 org.springframework.security:spring-security-core 26 next 26 prestashop/prestashop 26 rubygems-update 25 contao/core-bundle 25 org.eclipse.jetty:jetty-server 25 open-webui 25 github.com/traefik/traefik/v2 24 surrealdb 24 getkirby/cms 24 pocketmine/pocketmine-mp 24 magento/core 24 org.keycloak:keycloak-parent 24 laravel/framework 23 simplesamlphp/simplesamlphp 23 puppet 23 vllm 23 grumpydictator/firefly-iii 23 phpoffice/phpexcel 23 remdex/livehelperchat 23 zendframework/zendframework 23 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 Microsoft.AspNetCore.App.Runtime.win-x86 22 Microsoft.AspNetCore.App.Runtime.win-x64 22 org.apache.openmeetings:openmeetings-parent 22 DotNetNuke.Core 22 @openzeppelin/contracts-upgradeable 22 ckb 22 org.apache.nifi:nifi 21 github.com/ethereum/go-ethereum 21 org.apache.tomcat:tomcat-catalina 21 @openzeppelin/contracts 21 phpoffice/phpspreadsheet 21 glance 21 github.com/goharbor/harbor 21 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-arm 21 golang.org/x/net 20 funadmin/funadmin 20 aim 20 code.gitea.io/gitea 20 wasmtime 20 cockpit-hq/cockpit 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 19 neutron 19 github.com/zitadel/zitadel 19 helm.sh/helm/v3 19 deno 19 Microsoft.AspNetCore.App.Runtime.linux-arm 19 Microsoft.AspNetCore.App.Runtime.linux-arm64 19 Microsoft.AspNetCore.App.Runtime.linux-x64 19 Microsoft.AspNetCore.App.Runtime.osx-x64 19 Microsoft.AspNetCore.App.Runtime.win-arm64 19 pyload-ng 19 org.apache.tomcat:tomcat-coyote 19 org.xwiki.platform:xwiki-platform-web-templates 19 genix/cms 18 contao/contao 18 topthink/framework 18 forkcms/forkcms 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 18 mercurial 18 mindsdb 18 com.vaadin:vaadin-bom 18 symfony/security 17 cakephp/cakephp 17 notebook 17 calibreweb 17 opencart/opencart 17 org.apache.geode:geode-core 17 openmage/magento-lts 17 OctoPrint 17 org.apache.inlong:manager-pojo 17 org.springframework:spring-core 17 cryptography 17 francoisjacquet/rosariosis 17 typo3/cms-backend 17 yetiforce/yetiforce-crm 17 ezsystems/ezpublish-kernel 17 phpbb/phpbb 16 org.apache.ranger:ranger 16 github.com/traefik/traefik/v3 16 paddlepaddle 16 PaddlePaddle 16 org.apache.activemq:activemq-client 16 lollms 16 org.apache.jspwiki:jspwiki-main 16 rusqlite 16 sequelize 16 org.apache.dubbo:dubbo 16 Microsoft.NetCore.App.Runtime.win-arm 16 github.com/openfga/openfga 16 Microsoft.NetCore.App.Runtime.win-arm64 16 Microsoft.NetCore.App.Runtime.win-x64 16 Microsoft.NetCore.App.Runtime.win-x86 16 org.bouncycastle:bcprov-jdk15 16 october/system 16 tinymce 16 ethyca-fides 16

Filter by Repository

https://github.com/hashicorp/vault 18