Package impact
Go / github.com/SpectoLabs/hoverfly
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54376 | high | 7.5 | 7.5 | 9mo ago | WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly | |||
| CVE-2025-54123 | unknown | — | — | 9mo ago | Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation in github.com/SpectoLabs/hoverfly | |||
| CVE-2024-45388 | unknown | — | — | 2y ago | Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) in github.com/SpectoLabs/hoverfly |