Security context
What an agent needs to avoid regressing past fixes — and find the next bug in this project.
110
Advisories
110
CVEs
Critical
Peak severity
72
With fix diff
Distribution
By severity
Critical
6
High
23
Medium
22
Low
4
Unrated
55
By weakness class
Other
87
Auth / Access Control
8
Information Disclosure
5
Denial of Service
4
Improper Validation
2
SSRF
1
Code Injection
1
Cross-site Scripting
1
SQL Injection
1
Every fixed vulnerability (110)
Critical6 fixed
CriticalHashicorp Vault has Code Execution Vulnerability via Plugin ConfigurationCVE-2025-600011mo agoCriticalHashiCorp Vault Improper Privilege ManagementCVE-2020-106612y agoCriticalHashiCorp Vault vulnerable to incorrect metadata accessCVE-2022-401863y agoCriticalToken leases could outlive their TTL in HashiCorp VaultCVE-2020-258164y agoCriticalHashiCorp Vault Incorrect Permission Assignment for Critical ResourceCVE-2021-439984y agoCriticalHashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0CVE-2021-385534y ago
High23 fixed
HighHashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey OperationsCVE-2026-58073mo agoHighHashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header SanitizationCVE-2026-45253mo agoHighHashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-ServiceCVE-2026-36053mo agoHighHashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSONCVE-2025-120448mo agoHighHashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypassCVE-2025-116218mo agoHighHashiCorp Vault Community Edition Denial of Service Though Complex JSON PayloadsCVE-2025-620310mo agoHighHashicorp Vault has Privilege Escalation VulnerabilityCVE-2025-599911mo agoHighHashicorp Vault vulnerable to denial of service through memory exhaustionCVE-2024-81851y agoHighVault Community Edition privilege escalation vulnerabilityCVE-2024-91801y agoHighVault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By DefaultCVE-2024-75941y agoHighHashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions CVE-2024-64682y agoHighIncorrect TLS certificate auth method in VaultCVE-2024-20482y agoHighImproper Authentication in HashiCorp VaultCVE-2021-32822y agoHighHashiCorp Vault Authentication bypassCVE-2020-162512y agoHighMemory exhaustion in HashiCorp VaultCVE-2023-63372y agoHighHashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerabilityCVE-2023-59542y agoHighHashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerabilityCVE-2023-50772y agoHighHashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy OperationCVE-2023-249993y agoHighIncorrect Privilege Assignment in HashiCorp VaultCVE-2021-421354y agoHighAuthentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp VaultCVE-2020-162504y agoHighImproper Resource Shutdown or Release in HashiCorp VaultCVE-2020-72204y agoHighInvalid session token expiration CVE-2021-329235y agoHighInformation Disclosure in HashiCorp VaultCVE-2020-132235y ago
Medium22 fixed
MediumHashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNSCVE-2026-50523mo agoMediumHashiCorp Vault ldap auth method may not have correctly enforced MFACVE-2025-601311mo agoMediumHashicorp Vault has Incorrect Validation for Non-CA CertificatesCVE-2025-603711mo agoMediumHashicorp Vault has Lockout Feature Authentication BypassCVE-2025-600411mo agoMediumHashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse CVE-2025-601411mo agoMediumHashicorp Vault has Login MFA Rate Limit Bypass VulnerabilityCVE-2025-601511mo agoMediumHashicorp Vault Community vulnerable to Incorrect AuthorizationCVE-2025-38791y agoMediumHashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive InformationCVE-2025-41661y agoMediumVault Leaks Client Token and Token Accessor in Audit DevicesCVE-2024-83651y agoMediumHashiCorpVault does not correctly validate OCSP responsesCVE-2024-26602y agoMediumHashicorp Vault may expose sensitive log informationCVE-2024-08312y agoMediumEnumeration of users in HashiCorp VaultCVE-2020-351772y agoMediumHashiCorp Vault Improper Privilege ManagementCVE-2020-106602y agoMediumHashiCorp Vault Improper Input Validation vulnerabilityCVE-2023-46802y agoMediumHashiCorp Vault and Vault Enterprise vulnerable to user enumerationCVE-2023-34622y agoMediumHashiCorp Vault's revocation list not respectedCVE-2022-413163y agoMediumHashicorp Vault vulnerable to Cross-site ScriptingCVE-2023-21213y agoMediumHashiCorp Vault's PKI mount vulnerable to denial of serviceCVE-2023-06653y agoMediumHashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration FileCVE-2023-06203y agoMediumHashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacksCVE-2023-250003y agoMediumHashiCorp Vault improper configuration of multi factor authenticationCVE-2022-306894y agoMediumImproper Removal of Sensitive Information Before Storage or Transfer in HashiCorp VaultCVE-2021-385544y ago
Low4 fixed
LowHashicorp Vault has an Observable Discrepancy on Existing and Non-Existing UsersCVE-2025-601111mo agoLowVault Community Edition rekey and recovery key operations can cause denial of serviceCVE-2025-46561y agoLowHashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience ClaimsCVE-2024-57982y agoLowHashicorp Vault Privilege Escalation VulnerabilityCVE-2021-418024y ago
Unrated55 fixed
UnratedHashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service in github.com/hashicorp/vaultCVE-2026-360521d agoUnratedHashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization in github.com/hashicorp/vaultCVE-2026-452521d agoUnratedHashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations in github.com/hashicorp/vaultCVE-2026-580721d agoUnratedHashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vaultCVE-2026-505221d agoUnratedHashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vaultCVE-2025-116218mo agoUnratedHashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vaultCVE-2025-120448mo agoUnratedHashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vaultCVE-2025-620310mo agoUnratedHashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vaultCVE-2025-603711mo agoUnratedHashicorp Vault has Privilege Escalation Vulnerability in github.com/hashicorp/vaultCVE-2025-599911mo agoUnratedHashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vaultCVE-2025-600011mo agoUnratedHashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vaultCVE-2025-601111mo agoUnratedHashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vaultCVE-2025-600411mo agoUnratedHashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vaultCVE-2025-601411mo agoUnratedHashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vaultCVE-2025-601511mo agoUnratedHashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vaultCVE-2025-601311mo agoUnratedVault Community Edition rekey and recovery key operations can cause denial of service in github.com/hashicorp/vaultCVE-2025-465611mo agoUnratedHashicorp Vault Community vulnerable to Incorrect Authorization in github.com/hashicorp/vaultCVE-2025-38791y agoUnratedHashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information in github.com/hashicorp/vaultCVE-2025-41661y agoUnratedHashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vaultCVE-2024-81851y agoUnratedVault Community Edition privilege escalation vulnerability in github.com/hashicorp/vaultCVE-2024-91801y agoUnratedVault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vaultCVE-2024-75941y agoUnratedVault Leaks Client Token and Token Accessor in Audit Devices in github.com/hashicorp/vaultCVE-2024-83651y agoUnratedHashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vaultCVE-2022-401861y agoUnratedImproper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vaultCVE-2020-72201y agoUnratedAuthentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vaultCVE-2020-162501y agoUnratedInformation Disclosure in HashiCorp Vault in github.com/hashicorp/vaultCVE-2020-132231y agoUnratedHashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vaultCVE-2021-439981y agoUnratedHashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vaultCVE-2021-418021y agoUnratedHashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vaultCVE-2021-385531y agoUnratedInvalid session token expiration in github.com/hashicorp/vaultCVE-2021-329231y agoUnratedImproper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vaultCVE-2021-385541y agoUnratedIncorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vaultCVE-2021-421351y agoUnratedHashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vaultCVE-2022-306891y agoUnratedHashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vaultCVE-2023-59541y agoUnratedHashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vaultCVE-2023-46801y agoUnratedHashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vaultCVE-2023-50771y agoUnratedHashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vaultCVE-2023-34621y agoUnratedHashiCorp Vault's revocation list not respected in github.com/hashicorp/vaultCVE-2022-413161y agoUnratedHashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vaultCVE-2023-249991y agoUnratedHashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vaultCVE-2023-21211y agoUnratedHashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vaultCVE-2023-06651y agoUnratedHashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vaultCVE-2023-06201y agoUnratedHashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vaultCVE-2024-64682y agoUnratedHashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vaultCVE-2024-57982y agoUnratedHashiCorp Vault Improper Privilege Management in github.com/hashicorp/vaultCVE-2020-106612y agoUnratedHashiCorp Vault Improper Privilege Management in github.com/hashicorp/vaultCVE-2020-106602y agoUnratedHashiCorp Vault Authentication bypass in github.com/hashicorp/vaultCVE-2020-162512y agoUnratedEnumeration of users in HashiCorp Vault in github.com/hashicorp/vaultCVE-2020-351772y agoUnratedImproper Authentication in HashiCorp Vault in github.com/hashicorp/vaultCVE-2021-32822y agoUnratedHashicorp Vault may expose sensitive log information in github.com/hashicorp/vaultCVE-2024-08312y agoUnratedToken leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vaultCVE-2020-258162y agoUnratedHashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vaultCVE-2024-26602y agoUnratedAuthentication bypass in github.com/hashicorp/vaultCVE-2024-20482y agoUnratedDenial of service via memory exhaustion in github.com/hashicorp/vaultCVE-2023-63372y agoUnratedCache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vaultCVE-2023-250003y ago