All projects

Security context

What an agent needs to avoid regressing past fixes — and find the next bug in this project.

Vault
hashicorp/vault

Secrets management, encryption as a service.

Go · github.com/hashicorp/vault
110
Advisories
110
CVEs
Critical
Peak severity
72
With fix diff

Distribution

By severity

Critical
6
High
23
Medium
22
Low
4
Unrated
55

By weakness class

Other
87
Auth / Access Control
8
Information Disclosure
5
Denial of Service
4
Improper Validation
2
SSRF
1
Code Injection
1
Cross-site Scripting
1
SQL Injection
1

Every fixed vulnerability (110)

High23 fixed
HighHashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations3mo agoHighHashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization3mo agoHighHashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service3mo agoHighHashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON8mo agoHighHashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass8mo agoHighHashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads10mo agoHighHashicorp Vault has Privilege Escalation Vulnerability11mo agoHighHashicorp Vault vulnerable to denial of service through memory exhaustion1y agoHighVault Community Edition privilege escalation vulnerability1y agoHighVault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default1y agoHighHashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions 2y agoHighIncorrect TLS certificate auth method in Vault2y agoHighImproper Authentication in HashiCorp Vault2y agoHighHashiCorp Vault Authentication bypass2y agoHighMemory exhaustion in HashiCorp Vault2y agoHighHashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability2y agoHighHashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability2y agoHighHashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation3y agoHighIncorrect Privilege Assignment in HashiCorp Vault4y agoHighAuthentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault4y agoHighImproper Resource Shutdown or Release in HashiCorp Vault4y agoHighInvalid session token expiration 5y agoHighInformation Disclosure in HashiCorp Vault5y ago
Medium22 fixed
MediumHashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS3mo agoMediumHashiCorp Vault ldap auth method may not have correctly enforced MFA11mo agoMediumHashicorp Vault has Incorrect Validation for Non-CA Certificates11mo agoMediumHashicorp Vault has Lockout Feature Authentication Bypass11mo agoMediumHashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse 11mo agoMediumHashicorp Vault has Login MFA Rate Limit Bypass Vulnerability11mo agoMediumHashicorp Vault Community vulnerable to Incorrect Authorization1y agoMediumHashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information1y agoMediumVault Leaks Client Token and Token Accessor in Audit Devices1y agoMediumHashiCorpVault does not correctly validate OCSP responses2y agoMediumHashicorp Vault may expose sensitive log information2y agoMediumEnumeration of users in HashiCorp Vault2y agoMediumHashiCorp Vault Improper Privilege Management2y agoMediumHashiCorp Vault Improper Input Validation vulnerability2y agoMediumHashiCorp Vault and Vault Enterprise vulnerable to user enumeration2y agoMediumHashiCorp Vault's revocation list not respected3y agoMediumHashicorp Vault vulnerable to Cross-site Scripting3y agoMediumHashiCorp Vault's PKI mount vulnerable to denial of service3y agoMediumHashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File3y agoMediumHashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks3y agoMediumHashiCorp Vault improper configuration of multi factor authentication4y agoMediumImproper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault4y ago
Unrated55 fixed
UnratedHashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service in github.com/hashicorp/vault21d agoUnratedHashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization in github.com/hashicorp/vault21d agoUnratedHashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations in github.com/hashicorp/vault21d agoUnratedHashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault21d agoUnratedHashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault8mo agoUnratedHashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault8mo agoUnratedHashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault10mo agoUnratedHashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault11mo agoUnratedHashicorp Vault has Privilege Escalation Vulnerability in github.com/hashicorp/vault11mo agoUnratedHashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault11mo agoUnratedHashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vault11mo agoUnratedHashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault11mo agoUnratedHashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vault11mo agoUnratedHashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault11mo agoUnratedHashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vault11mo agoUnratedVault Community Edition rekey and recovery key operations can cause denial of service in github.com/hashicorp/vault11mo agoUnratedHashicorp Vault Community vulnerable to Incorrect Authorization in github.com/hashicorp/vault1y agoUnratedHashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information in github.com/hashicorp/vault1y agoUnratedHashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault1y agoUnratedVault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault1y agoUnratedVault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault1y agoUnratedVault Leaks Client Token and Token Accessor in Audit Devices in github.com/hashicorp/vault1y agoUnratedHashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault1y agoUnratedImproper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault1y agoUnratedAuthentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault1y agoUnratedInformation Disclosure in HashiCorp Vault in github.com/hashicorp/vault1y agoUnratedHashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault1y agoUnratedHashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault1y agoUnratedHashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault1y agoUnratedInvalid session token expiration in github.com/hashicorp/vault1y agoUnratedImproper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault1y agoUnratedIncorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vault1y agoUnratedHashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault1y agoUnratedHashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault1y agoUnratedHashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault1y agoUnratedHashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault1y agoUnratedHashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault1y agoUnratedHashiCorp Vault's revocation list not respected in github.com/hashicorp/vault1y agoUnratedHashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault1y agoUnratedHashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault1y agoUnratedHashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault1y agoUnratedHashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault1y agoUnratedHashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault2y agoUnratedHashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault2y agoUnratedHashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault2y agoUnratedHashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault2y agoUnratedHashiCorp Vault Authentication bypass in github.com/hashicorp/vault2y agoUnratedEnumeration of users in HashiCorp Vault in github.com/hashicorp/vault2y agoUnratedImproper Authentication in HashiCorp Vault in github.com/hashicorp/vault2y agoUnratedHashicorp Vault may expose sensitive log information in github.com/hashicorp/vault2y agoUnratedToken leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault2y agoUnratedHashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault2y agoUnratedAuthentication bypass in github.com/hashicorp/vault2y agoUnratedDenial of service via memory exhaustion in github.com/hashicorp/vault2y agoUnratedCache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault3y ago