Package impact

Go / github.com/hashicorp/vault

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2021-3282	medium	—	5.5	2y ago	Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault
CVE-2020-35177	medium	—	5.5	2y ago	Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault
CVE-2021-43998	medium	—	5.5	5y ago	HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault
CVE-2021-42135	medium	—	5.5	5y ago	Incorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vault
CVE-2021-41802	medium	—	5.5	5y ago	Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault
CVE-2021-38553	medium	—	5.5	5y ago	HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault
CVE-2021-38554	medium	—	5.5	5y ago	Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault
CVE-2021-32923	medium	—	5.5	5y ago	Invalid session token expiration in github.com/hashicorp/vault
CVE-2026-5807	unknown	—	—	1mo ago	HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations
CVE-2026-3605	unknown	—	—	1mo ago	HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service
CVE-2026-5052	unknown	—	—	1mo ago	HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
CVE-2026-4525	unknown	—	—	1mo ago	HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization
CVE-2025-12044	unknown	—	—	7mo ago	Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
CVE-2025-11621	unknown	—	—	7mo ago	HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault
CVE-2025-6203	unknown	—	—	9mo ago	HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault
CVE-2025-6013	unknown	—	—	10mo ago	HashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vault
CVE-2025-6015	unknown	—	—	10mo ago	Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault
CVE-2025-5999	unknown	—	—	10mo ago	Hashicorp Vault has Privilege Escalation Vulnerability in github.com/hashicorp/vault
CVE-2025-6000	unknown	—	—	10mo ago	Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault
CVE-2025-6004	unknown	—	—	10mo ago	Hashicorp Vault has Lockout Feature Authentication Bypass in github.com/hashicorp/vault
CVE-2025-6011	unknown	—	—	10mo ago	Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vault
CVE-2025-6014	unknown	—	—	10mo ago	Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vault
CVE-2025-6037	unknown	—	—	10mo ago	Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault
CVE-2025-4656	unknown	—	—	11mo ago	Vault Community Edition rekey and recovery key operations can cause denial of service in github.com/hashicorp/vault
CVE-2025-3879	unknown	—	—	1y ago	Hashicorp Vault Community vulnerable to Incorrect Authorization in github.com/hashicorp/vault
CVE-2025-4166	unknown	—	—	1y ago	Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information in github.com/hashicorp/vault
CVE-2024-8185	unknown	—	—	2y ago	Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault
CVE-2024-9180	unknown	—	—	2y ago	Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault
CVE-2024-7594	unknown	—	—	2y ago	Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault
CVE-2024-8365	unknown	—	—	2y ago	Vault Leaks Client Token and Token Accessor in Audit Devices in github.com/hashicorp/vault
CVE-2024-6468	unknown	—	—	2y ago	Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault
CVE-2024-5798	unknown	—	—	2y ago	HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault
CVE-2024-2660	unknown	—	—	2y ago	HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault
CVE-2024-2048	unknown	—	—	2y ago	Authentication bypass in github.com/hashicorp/vault
CVE-2024-0831	unknown	—	—	2y ago	Hashicorp Vault may expose sensitive log information in github.com/hashicorp/vault
CVE-2020-16251	unknown	—	—	2y ago	HashiCorp Vault Authentication bypass in github.com/hashicorp/vault
CVE-2020-10660	unknown	—	—	2y ago	HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
CVE-2020-10661	unknown	—	—	2y ago	HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
CVE-2023-6337	unknown	—	—	3y ago	Denial of service via memory exhaustion in github.com/hashicorp/vault
CVE-2023-5954	unknown	—	—	3y ago	HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault
CVE-2023-5077	unknown	—	—	3y ago	Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault
CVE-2023-4680	unknown	—	—	3y ago	HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault
CVE-2023-3462	unknown	—	—	3y ago	HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault
CVE-2023-24999	unknown	—	—	3y ago	Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault
CVE-2022-41316	unknown	—	—	3y ago	HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault
CVE-2023-2121	unknown	—	—	3y ago	Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
CVE-2023-25000	unknown	—	—	3y ago	Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault
CVE-2023-0620	unknown	—	—	3y ago	HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
CVE-2023-0665	unknown	—	—	3y ago	HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault
CVE-2022-40186	unknown	—	—	4y ago	HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault
CVE-2020-25816	unknown	—	—	4y ago	Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault
CVE-2022-30689	unknown	—	—	4y ago	HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault
CVE-2020-16250	unknown	—	—	5y ago	Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault
CVE-2020-7220	unknown	—	—	5y ago	Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault
CVE-2020-13223	unknown	—	—	5y ago	Information Disclosure in HashiCorp Vault in github.com/hashicorp/vault