hashicorp
208 tracked vulnerabilities.
CVE-2025-6203
HIGH
HashiCorp Vault 1.15.0-1.16.26, 1.17.0-1.20.2 - Denial of Service via Complex JSON Payloads
Aug 28, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-8959
HIGH
HashiCorp go-getter < 1.7.9 - Unauthorized Read Access via Symlink Attack
Aug 15, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-6013
MEDIUM
Vault 1.10.0-1.15.15, 1.16.0-1.19.7, 1.20.0-1.20.1 - MFA Enforcement Bypass via LDAP Username Alias Whitespace
Aug 06, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-6037
MEDIUM
HashiCorp Vault < 1.20.1, 1.19.7, 1.18.12, 1.16.23 - Improper Certificate Validation in TLS Certificate Auth Method
Aug 01, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-6015
MEDIUM
HashiCorp Vault 1.10.0-1.16.22, 1.17.0-1.19.6, 1.20.0 - Authentication Bypass via MFA Bypass
Aug 01, 2025
CVSS 5.7
EPSS 0.00
CVE-2025-6014
MEDIUM
HashiCorp Vault < 1.20.1 - TOTP Secrets Engine Code Reuse
Aug 01, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-6011
LOW
HashiCorp Vault < 1.20.1 and 1.16.23 - Timing Side Channel in Userpass Auth Method
Aug 01, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-6004
MEDIUM
HashiCorp Vault 1.13.0-1.16.22, 1.17.0-1.19.6, 1.20.0 - User Lockout Bypass via Userpass and LDAP Authentication
Aug 01, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-6000
CRITICAL
HashiCorp Vault 0.8.0-1.16.22, 1.17.0-1.19.6, 1.20.0 - Authenticated RCE via Plugin Directory
Aug 01, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-5999
HIGH
HashiCorp Vault 0.10.4-1.19.5 Privilege Escalation via Root Namespace Identity Endpoint
Aug 01, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-4656
LOW
HashiCorp Vault DoS via Recovery Key Cancellation
Jun 25, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-4922
HIGH
Nomad 1.4.0-1.10.1 - Incorrect Privilege Assignment via Prefix-Based ACL Policy Lookup
Jun 11, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-3744
HIGH
Nomad Enterprise < 1.8.13 - Policy Override Bypass in Job Submissions
May 13, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-3879
MEDIUM
HashiCorp Vault - Incorrect Authorization via Azure Auth Method Bound Location Bypass
May 02, 2025
CVSS 6.6
EPSS 0.00
CVE-2025-4166
MEDIUM
HashiCorp Vault 0.3.0-1.19.2 and OpenBAO < 2.2.2 - Sensitive Information Exposure in KV v2 Plugin Error Logs
May 02, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-1296
MEDIUM
Nomad 1.0.0-1.7.18, 1.8.0-1.9.6 - Sensitive Token Exposure in Audit Logs
Mar 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1293
HIGH
Hermes < 0.5.0 - Authentication Bypass via Improper AWS ALB JWT Validation
Feb 20, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-0937
HIGH
Nomad 1.0.0-1.7.17 and 1.8.0-1.9.5 - Incorrect Authorization via Wildcard Namespace Event Stream
Feb 12, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-0377
HIGH
HashiCorp's go-slug - Path Traversal
Jan 21, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12678
MEDIUM
Nomad 1.4.0-1.7.15, 1.8.0-1.9.3 - Privilege Escalation via Unredacted Workload Identity Token
Dec 20, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-12289
MEDIUM
Boundary 0.8.0-0.16.3 and 0.17.0-0.18.1 - Denial of Service via Controller Initialization HTTP Request Handling
Dec 12, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-10975
HIGH
Nomad 1.3.0-1.7.14, 1.8.0-1.9.1 - Unauthorized Cross-Namespace Volume Creation via CSI Write Permission
Nov 07, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-8185
HIGH
HashiCorp Vault 1.2.0-1.18.0 and OpenBAO < 2.0.3 - Denial of Service via Raft Cluster Join API Endpoint
Oct 31, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-10086
MEDIUM
Consul 1.4.1-1.15.14, 1.16.0-1.19.9 - Reflected Cross-Site Scripting via Content-Type Header Manipulation
Oct 30, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-10006
HIGH
Consul 1.4.1-1.20.0 and 1.9.0-1.15.14 - HTTP Header Bypass via L7 Traffic Intentions
Oct 30, 2024
CVSS 8.3
EPSS 0.00
Products
vault 72
nomad 38
consul 36
go-getter 10
vagrant_vmware_fusion 7
boundary 6
Nomad 5
Nomad Enterprise 5
Vault 5
Vault Enterprise 5
terraform 5
terraform_enterprise 5
Tooling 4
vagrant 4
Shared library 3
Consul 2
Consul Enterprise 2
go-slug 2
sentinel 2
terraform_provider 2
Boundary 1
Boundary Enterprise 1
Terraform Enterprise 1
consul-template 1
consul_docker_image 1
consul_template 1
go-retryablehttp 1
hermes 1
nomad-driver-exec2 1
packer 1
Quick Filters