Package impact

Go / github.com/coder/coder

CVE	Severity	CVSS	Risk	Published	Description
CVE-2026-46354	critical	—	9.5	10d ago	Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft
CVE-2026-45796	medium	—	5.5	10d ago	Coder: Unauthenticated SSRF via Azure Instance Identity Endpoint
CVE-2025-66411	unknown	—	—	6mo ago	Coder logs sensitive objects unsanitized in github.com/coder/coder
CVE-2025-58437	unknown	—	—	9mo ago	Coder vulnerable to privilege escalation could lead to a cross workspace compromise in github.com/coder/coder
CVE-2024-27918	unknown	—	—	2y ago	Incorrect email domain verification in github.com/coder/coder