Package impact
GO / github.com/prometheus/prometheus
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42154 | high | 7.5 | 7.5 | 25d ago | Prometheus: Remote read endpoint allows denial of service via crafted snappy payload | |||
| CVE-2026-42151 | high | 7.5 | 7.5 | 25d ago | Prometheus Azure AD remote write OAuth client secret exposed via config API | |||
| CVE-2026-44903 | medium | — | 5.5 | 3d ago | Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line flag --enable-f… |