Package impact
Go / github.com/gofiber/fiber/v3
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-30246 | medium | 6.5 | 6.5 | 23d ago | Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters | |
| CVE-2026-42554 | medium | 6.1 | 6.1 | 17d ago | Fiber vulnerable to XSS in AutoFormat Content Negotiation | |
| CVE-2026-25882 | unknown | — | — | 3mo ago | Fiber has a Denial of Service Vulnerability via Route Parameter Overflow in github.com/gofiber/fiber | |
| CVE-2026-25899 | unknown | — | — | 3mo ago | Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation in github.com/gofiber/fiber/v3 | |
| CVE-2026-25891 | unknown | — | — | 3mo ago | Fiber has an Arbitrary File Read in Static Middleware on Windows in github.com/gofiber/fiber/v3 |