Security

Report a vulnerability

SECURITY.md

Security Policy

Please refer to the community security policy.

Possible panics due to nil pointer dereference when using variables created alongside an error
GHSA-4mhv-8rh3-4ghw published Sep 17, 2025 by gaius-qi

Moderate
Timing attacks against Proxy’s basic authentication are possible
GHSA-c2fc-9q9c-5486 published Sep 17, 2025 by gaius-qi

Low
Files are closed without error check
GHSA-x3vj-c8hw-4g7f published Sep 17, 2025 by gaius-qi

Low
Slicing operations with hard-coded indexes and without explicit length validation
GHSA-6mwx-ch8x-496q published Sep 17, 2025 by gaius-qi

Low
Directories created via os.MkdirAll are not checked for permissions
GHSA-8425-8r2f-mrv6 published Sep 17, 2025 by gaius-qi

Low
Incorrect handling of a task structure’s usedTra�c field
GHSA-2qgr-gfvj-qpcr published Sep 17, 2025 by gaius-qi

Low
Manager makes requests to external endpoints with disabled TLS authentication
GHSA-98x5-jw98-6c97 published Sep 17, 2025 by gaius-qi

Low
Server-side request forgery vulnerabilities
GHSA-g2rq-jv54-wcpr published Sep 17, 2025 by gaius-qi

Moderate
Authentication is not enabled for some Manager’s endpoints
GHSA-89vc-vf32-ch59 published Sep 17, 2025 by gaius-qi

Low
Critical vulnerability as part of Alpine 3.20 base image
GHSA-2g78-chqr-h5wr published Sep 10, 2025 by gaius-qi

Critical

Learn more about advisories related to dragonflyoss/dragonfly in the GitHub Advisory Database