Where
-Infinity
0

Trending

Last week
Last month
Last year

go/github.com/nats-io/nats-server/v2NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead

Risk 43
Severity
7.5
First published (updated )
CVE-2026-27889

go/github.com/nats-io/nats-server/v2NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

Risk 29
Severity
4.2
First published (updated )
CVE-2026-33248

go/github.com/nats-io/nats-server/v2NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

Risk 39
Severity
6.4
First published (updated )
CVE-2026-33246

go/github.com/nats-io/nats-server/v2NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing

Risk 39
Severity
6.4
First published (updated )
CVE-2026-33223

go/github.com/nats-io/nats-server/v2NATS JetStream has an authorization bypass through its Management API

Risk 30
Severity
4.9
First published (updated )
CVE-2026-33222
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

go/github.com/nats-io/nats-server/v2NATS is vulnerable to pre-auth DoS through WebSockets client service

Risk 27
Severity
5.3
First published (updated )
CVE-2026-33219

go/github.com/nats-io/nats-server/v2NATS has pre-auth server panic via leafnode handling

Risk 43
Severity
7.5
First published (updated )
CVE-2026-33218

go/github.com/nats-io/nats-server/v2NATS allows MQTT clients to bypass ACL checks

Risk 48
Severity
7.1
First published (updated )
CVE-2026-33217

go/github.com/nats-io/nats-server/v2NATS has MQTT plaintext password disclosure

Risk 49
Severity
8.6
First published (updated )
CVE-2026-33216

go/github.com/nats-io/nats-server/v2NATS Server panic via malicious compression on leafnode port

Risk 43
Severity
7.5
First published (updated )
CVE-2026-29785
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

go/github.com/nats-io/nats-server/v2NATS is vulnerable to MQTT hijacking via Client ID

Risk 33
Severity
6.5
EPSS
0.01%
First published (updated )
CVE-2026-33215

go/github.com/nats-io/nats-server/v2NATS credentials are exposed in monitoring port via command-line argv

Risk 56
Severity
7.4
First published (updated )
CVE-2026-33247

go/github.com/nats-io/nats-server/v2NATS: Message tracing can be redirected to arbitrary subject

Risk 22
Severity
4.3
First published (updated )
CVE-2026-33249

go/github.com/nats-io/nats-server/v2nats-server websockets are vulnerable to pre-auth memory DoS

Risk 31
Severity
7.5
EPSS
0.07%
First published (updated )
CVE-2026-27571

go/github.com/nats-io/nats-server/v2xkeys Seal encryption used fixed key for all encryption

Risk 46
Severity
7.5
First published (updated )
CVE-2023-46129
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

go/github.com/nats-io/nats-server/v2NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G…

Risk 40
Severity
6.5
First published (updated )
CVE-2023-47090

NATS NATS ServerPath Traversal

Risk 38
Severity
6.5
First published (updated )
CVE-2022-26652

go/github.com/nats-io/nats-server/v2NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the pr…

Risk 80
Severity
8.8
First published (updated )
CVE-2022-24450

go/github.com/nats-io/jwtNATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Impo…

Risk 45
Severity
7.5
First published (updated )
CVE-2021-3127

go/github.com/nats-io/nats-server/v2Denial of Service (DoS)

Risk 44
Severity
7.5
First published (updated )
CVE-2020-28466
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

go/github.com/nats-io/nats-server/v2Integer Overflow

Risk 44
Severity
7.5
First published (updated )
CVE-2019-13126

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203