Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Browse Security Advisories

Security Advisories for github.com/hashicorp/vault Clear Filters

High
20 days ago

HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads GSA_kwCzR0hTQS04ZjgyLTUzaDgtMnAzNM4ABLiI

go github.com/hashicorp/vault
Moderate
about 1 month ago

HashiCorp Vault ldap auth method may not have correctly enforced MFA GSA_kwCzR0hTQS03cngyLTc2OXYtaHJ3Zs4ABK1B

go github.com/hashicorp/vault
Moderate
about 2 months ago

Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability GSA_kwCzR0hTQS12NnI0LTM1ZjktOXJwd84ABKuQ

go github.com/hashicorp/vault
Moderate
about 2 months ago

Hashicorp Vault has Incorrect Validation for Non-CA Certificates GSA_kwCzR0hTQS02YzVyLTR3ZmMtM21jeM4ABKuL

go github.com/hashicorp/vault
Moderate
about 2 months ago

Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse GSA_kwCzR0hTQS1xdjNwLWZtdjMtOWh3d84ABKuC

go github.com/hashicorp/vault
Low
about 2 months ago

Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users GSA_kwCzR0hTQS1td2dyLTg0ZnYtM2poOc4ABKuN

go github.com/hashicorp/vault
Moderate
about 2 months ago

Hashicorp Vault has Lockout Feature Authentication Bypass GSA_kwCzR0hTQS1xZ2o3LWZtcTItNmNjNM4ABKuK

go github.com/hashicorp/vault
High
about 2 months ago

Hashicorp Vault has Privilege Escalation Vulnerability GSA_kwCzR0hTQS02aDRwLW04NmgtaGhnaM4ABKuI

go github.com/hashicorp/vault
Critical
about 2 months ago

Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration GSA_kwCzR0hTQS1tcjRoLXFmOWotZjY2Nc4ABKuD

go github.com/hashicorp/vault
Low
3 months ago

Vault Community Edition rekey and recovery key operations can cause denial of service GSA_kwCzR0hTQS1maGMyLThxeDgtNnZqN84ABJbX

go github.com/hashicorp/vault
Moderate
5 months ago

Hashicorp Vault Community vulnerable to Incorrect Authorization GSA_kwCzR0hTQS1mOWNoLWg4ajctOGp3Z84ABHci

go github.com/hashicorp/vault
Moderate
5 months ago

Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information GSA_kwCzR0hTQS1nY3FmLWY4OWMtNjhods4ABHay

go github.com/hashicorp/vault
High
11 months ago

Hashicorp Vault vulnerable to denial of service through memory exhaustion GSA_kwCzR0hTQS1nMjMzLTJwNHItM3E3ds4ABA2E

go github.com/openbao/openbao, github.com/hashicorp/vault
High
11 months ago

Vault Community Edition privilege escalation vulnerability GSA_kwCzR0hTQS1ycjhqLTd3MzQteHA1as4ABALz

go github.com/openbao/openbao, github.com/hashicorp/vault
High
12 months ago

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default GSA_kwCzR0hTQS1qZzc0LW13Z3ctdjZ4M84AA_zy

go github.com/openbao/openbao, github.com/hashicorp/vault
Moderate
about 1 year ago

Vault Leaks Client Token and Token Accessor in Audit Devices GSA_kwCzR0hTQS1qanhmLTI2YzktNzdnbc4AA_Oa

go github.com/hashicorp/vault
High
about 1 year ago

Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions GSA_kwCzR0hTQS0ycW13LXB2ZjctNG13Ns4AA90R

go github.com/hashicorp/vault
Low
over 1 year ago

HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims GSA_kwCzR0hTQS0zMmNqLTV3eDQtZ3E4cM4AA8_N

go github.com/hashicorp/vault
Moderate
over 1 year ago

HashiCorpVault does not correctly validate OCSP responses GSA_kwCzR0hTQS1qMnJwLWdtcXYtZnJods4AA6pX

go github.com/hashicorp/vault
High
over 1 year ago

Incorrect TLS certificate auth method in Vault GSA_kwCzR0hTQS1yM3c3LW1mcG0tYzJ2d84AA5wI

go github.com/hashicorp/vault
Moderate
over 1 year ago

Hashicorp Vault may expose sensitive log information GSA_kwCzR0hTQS12Z2gzLW13eHEtcmNwOM4AA4--

go github.com/hashicorp/vault
High
over 1 year ago

Improper Authentication in HashiCorp Vault GSA_kwCzR0hTQS1ycTk1LXhmNjYtajY4Oc4AA4-1

go github.com/hashicorp/vault
Moderate
over 1 year ago

Enumeration of users in HashiCorp Vault GSA_kwCzR0hTQS1ycGdwLTlobWctajI1eM4AA4-x

go github.com/hashicorp/vault
High
over 1 year ago

HashiCorp Vault Authentication bypass GSA_kwCzR0hTQS00bXA3LTJtMjktZ3F4Zs4AA49E

go github.com/hashicorp/vault
Moderate
over 1 year ago

HashiCorp Vault Improper Privilege Management GSA_kwCzR0hTQS1tOTc5LXc5d2otcWZqOc4AA489

go github.com/hashicorp/vault
Critical
over 1 year ago

HashiCorp Vault Improper Privilege Management GSA_kwCzR0hTQS1qNnZ2LXZ2MjYtcmg3Y84AA488

go github.com/hashicorp/vault
High
almost 2 years ago

Memory exhaustion in HashiCorp Vault GSA_kwCzR0hTQS02cDYyLTZjZzktZjVmNc4AA3ph

go github.com/hashicorp/vault
High
almost 2 years ago

HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability GSA_kwCzR0hTQS00cWhjLXY4cjYtOHZ3bc4AA3B2

go github.com/hashicorp/vault
High
almost 2 years ago

Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability GSA_kwCzR0hTQS04NmM2LTNnNjMtNXc2NM4AA2Id

go github.com/hashicorp/vault
Moderate
about 2 years ago

HashiCorp Vault Improper Input Validation vulnerability GSA_kwCzR0hTQS12ODRmLTZyMzktY3BmY84AA14s

go github.com/hashicorp/vault
Moderate
about 2 years ago

HashiCorp Vault and Vault Enterprise vulnerable to user enumeration GSA_kwCzR0hTQS05djN3LXcyamgtNGhmZs4AA0-S

go github.com/hashicorp/vault
High
about 2 years ago

Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation GSA_kwCzR0hTQS13bWc1LWc5NTMtcXFmd84AA0UP

go github.com/hashicorp/vault
Moderate
about 2 years ago

HashiCorp Vault's revocation list not respected GSA_kwCzR0hTQS05bWg4LTlqNjQtNDQzZs4AA0RO

go github.com/hashicorp/vault
Moderate
over 2 years ago

Hashicorp Vault vulnerable to Cross-site Scripting GSA_kwCzR0hTQS1ncTk4LTUzcnEtcXI1aM4AAzw5

go github.com/hashicorp/vault
Moderate
over 2 years ago

HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks GSA_kwCzR0hTQS12cTRoLTlnaG0tcW1ycs4AAydP

go github.com/hashicorp/vault
Moderate
over 2 years ago

HashiCorp Vault's PKI mount vulnerable to denial of service GSA_kwCzR0hTQS1od2MzLTNxaDYtcjRnZ84AAydO

go github.com/hashicorp/vault
Moderate
over 2 years ago

HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File GSA_kwCzR0hTQS12M2hwLW1jajUtcGczOc4AAydQ

go github.com/hashicorp/vault
Critical
almost 3 years ago

HashiCorp Vault vulnerable to incorrect metadata access GSA_kwCzR0hTQS03Y2d2LXY4M3YtcnI4N84AAvAP

go github.com/hashicorp/vault
Critical
over 3 years ago

Token leases could outlive their TTL in HashiCorp Vault GSA_kwCzR0hTQS01N2dnLWNqNTUtcTVnMs4AArAN

go github.com/hashicorp/vault
Moderate
over 3 years ago

HashiCorp Vault improper configuration of multi factor authentication GSA_kwCzR0hTQS1jNXdjLXYyODctODJwY84AAgYl

go github.com/hashicorp/vault
Critical
almost 4 years ago

HashiCorp Vault Incorrect Permission Assignment for Critical Resource GSA_kwCzR0hTQS1wZm13LXZqNzQtcGg4Z80YjQ

go github.com/hashicorp/vault
High
almost 4 years ago

Incorrect Privilege Assignment in HashiCorp Vault GSA_kwCzR0hTQS0zNjJ2LXdnNXAtNjR3Ms0Wgw

go github.com/hashicorp/vault
Low
almost 4 years ago

Hashicorp Vault Privilege Escalation Vulnerability GSA_kwCzR0hTQS1xdjk1LWczZ20teDU0Ms0Wfg

go github.com/hashicorp/vault
Critical
about 4 years ago

HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzZnEtcTdoYy05OTNy

go github.com/hashicorp/vault
Moderate
about 4 years ago

Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyMzktMjhjMi05bXJt

go github.com/hashicorp/vault
High
about 4 years ago

Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwNTItcXczMy1tZm13

go github.com/hashicorp/vault
High
about 4 years ago

Improper Resource Shutdown or Release in HashiCorp Vault MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2aDUtcjRxdy12M3Z2

go github.com/hashicorp/vault
High
over 4 years ago

Invalid session token expiration MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4ajktN3BwOS0yaGp3

go github.com/hashicorp/vault
High
over 4 years ago

Information Disclosure in HashiCorp Vault MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1eGotODlnNS1mbTZo

go github.com/hashicorp/vault

Filter by Severity

Moderate 10,382 High 8,201 Critical 3,363 Low 1,510

Filter by Ecosystem

maven 6,902 packagist 5,423 pypi 4,948 npm 4,323 go 2,948 nuget 1,881 cargo 1,091 rubygems 928 hex 38 actions 37 swift 36 pub 10

Filter by Package

tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 418 magento/community-edition 302 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 242 typo3/cms 190 com.liferay.portal:release.portal.bom 142 org.apache.tomcat:tomcat 136 github.com/mattermost/mattermost/server/v8 128 com.liferay.portal:release.dxp.bom 125 pimcore/pimcore 120 dolibarr/dolibarr 116 typo3/cms-core 114 Django 108 phpmyadmin/phpmyadmin 107 drupal/core 103 microweber/microweber 103 magento/project-community-edition 102 silverstripe/framework 92 apache-airflow 85 drupal/drupal 83 librenms/librenms 83 thorsten/phpmyfaq 73 Plone 72 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 68 concrete5/concrete5 67 salt 65 ansible 63 actionpack 61 apache-superset 61 shopware/platform 58 org.apache.struts:struts2-core 57 github.com/grafana/grafana 56 craftcms/cms 53 mlflow 53 org.keycloak:keycloak-core 50 github.com/hashicorp/vault 49 org.apache.tomcat.embed:tomcat-embed-core 48 mautic/core 48 nova 48 baserproject/basercms 47 shopware/core 46 django 46 nokogiri 46 github.com/rancher/rancher 45 github.com/mattermost/mattermost-server/v6 45 gradio 44 vyper 44 org.xwiki.platform:xwiki-platform-oldcore 43 org.keycloak:keycloak-services 42 k8s.io/kubernetes 42 github.com/mattermost/mattermost-server 42 nilsteampassnet/teampass 42 rdiffweb 42 matrix-synapse 42 mantisbt/mantisbt 41 plone 41 org.elasticsearch:elasticsearch 41 showdoc/showdoc 41 intelliants/subrion 40 froxlor/froxlor 40 directus 39 picklescan 39 com.thoughtworks.xstream:xstream 37 snipe/snipe-it 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 36 moin 35 io.undertow:undertow-core 35 org.jenkins-ci.plugins:script-security 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 gogs.io/gogs 33 parse-server 33 keystone 32 github.com/argoproj/argo-cd/v2 32 github.com/hashicorp/nomad 31 github.com/cilium/cilium 31 opencv-python 31 github.com/argoproj/argo-cd 31 github.com/docker/docker 31 opencv-contrib-python 31 shopware/shopware 31 getgrav/grav 30 contao/core-bundle 29 electron 29 rack 29 github.com/hashicorp/consul 29 next 29 Pillow 29 mediawiki/core 28 pillow 28 org.apache.solr:solr-core 28 org.opencms:opencms-core 27 org.springframework.security:spring-security-core 27 prestashop/prestashop 27 centreon/centreon 27 openssl-src 26 rubygems-update 25 pocketmine/pocketmine-mp 25 open-webui 25 vllm 25 org.eclipse.jetty:jetty-server 25 github.com/traefik/traefik/v2 25 org.keycloak:keycloak-parent 24 surrealdb 24 flowise 24 magento/core 24 getkirby/cms 24 org.bouncycastle:bcprov-jdk15on 23 zendframework/zendframework 23 grumpydictator/firefly-iii 23 puppet 23 org.bouncycastle:bcprov-jdk14 23 remdex/livehelperchat 23 pyload-ng 23 laravel/framework 23 simplesamlphp/simplesamlphp 23 org.apache.tomcat:tomcat-catalina 23 phpoffice/phpexcel 23 tribalsystems/zenario 22 Microsoft.AspNetCore.App.Runtime.win-x64 22 ckb 22 activerecord 22 Microsoft.AspNetCore.App.Runtime.win-x86 22 contao/contao 22 DotNetNuke.Core 22 phpoffice/phpspreadsheet 22 @openzeppelin/contracts-upgradeable 22 org.apache.openmeetings:openmeetings-parent 22 Microsoft.AspNetCore.App.Runtime.win-arm 21 glance 21 github.com/goharbor/harbor 21 org.apache.nifi:nifi 21 @openzeppelin/contracts 21 github.com/ethereum/go-ethereum 21 helm.sh/helm/v3 21 ethyca-fides 20 wasmtime 20 typo3/cms-backend 20 golang.org/x/net 20 org.apache.tomcat:tomcat-coyote 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 code.gitea.io/gitea 20 funadmin/funadmin 20 org.xwiki.platform:xwiki-platform-web-templates 20 cockpit-hq/cockpit 20 langchain 20 aim 20 topthink/framework 19 github.com/zitadel/zitadel 19 Microsoft.AspNetCore.App.Runtime.osx-x64 19 neutron 19 Microsoft.AspNetCore.App.Runtime.linux-arm 19 Microsoft.AspNetCore.App.Runtime.linux-arm64 19 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 19 deno 19 Microsoft.AspNetCore.App.Runtime.linux-x64 19 Microsoft.AspNetCore.App.Runtime.win-arm64 19 org.springframework:spring-core 18 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 18 cobbler 18 genix/cms 18 transformers 18 org.apache.jspwiki:jspwiki-main 18 forkcms/forkcms 18 mercurial 18 com.vaadin:vaadin-bom 18 mindsdb 18 opencart/opencart 17 org.apache.geode:geode-core 17 symfony/security 17 openmage/magento-lts 17 OctoPrint 17 org.apache.inlong:manager-pojo 17 calibreweb 17 cakephp/cakephp 17 yetiforce/yetiforce-crm 17 francoisjacquet/rosariosis 17 github.com/traefik/traefik/v3 17 ezsystems/ezpublish-kernel 17 notebook 17 github.com/openfga/openfga 17 cryptography 17 tinymce 16 ghost 16 sequelize 16 Microsoft.NetCore.App.Runtime.win-x86 16 org.bouncycastle:bcprov-jdk15 16 paddlepaddle 16 Microsoft.NetCore.App.Runtime.win-x64 16 org.apache.dubbo:dubbo 16 october/system 16 org.apache.activemq:activemq-client 16 rusqlite 16 lollms 16

Filter by Repository

https://github.com/hashicorp/vault 19 https://github.com/openbao/openbao 1