nacos | Snyk

Direct Vulnerabilities

Known vulnerabilities in the nacos package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-h6fc-48rj-7qqh	<3.2.1-r3
L Authentication Bypass	<3.2.1-r3
L GHSA-gx5v-xp9w-j4cg	<3.2.1-r3
L Improper Input Validation	<3.2.1-r3
L GHSA-fv25-8xcx-gqjc	<3.2.1-r3
L GHSA-5mp6-jrq3-r938	<3.2.1-r3
L Information Exposure	<3.2.1-r3
L GHSA-r29c-68gh-xp6x	<3.2.1-r3
L Allocation of Resources Without Limits or Throttling	<3.2.1-r3
L Improper Handling of Case Sensitivity	<3.2.1-r3
L GHSA-6p4f-wcwh-5vvm	<3.2.1-r2
L GHSA-wwpq-f5c3-7hvx	<3.2.1-r2
L GHSA-vxf7-qj7q-83fh	<3.2.1-r2
L CVE-2026-22741	<3.2.1-r2
L CVE-2026-40973	<3.2.1-r2
L CVE-2026-22745	<3.2.1-r2
L CVE-2026-22751	<3.2.1-r2
L GHSA-wg35-8jpf-2xv3	<3.2.1-r2
L CVE-2026-22746	<3.2.1-r2
L GHSA-x2wq-9x2f-fhj7	<3.2.1-r2
L GHSA-98qh-xjc8-98pq	<3.2.1-r1
L Allocation of Resources Without Limits or Throttling	<3.2.1-r1
L GHSA-wg6q-6289-32hp	<3.2.0-r7
L CVE-2026-5588	<3.2.0-r7
M Origin Validation Error	<3.2.0-r6
L GHSA-8jxr-pr72-r468	<3.2.0-r6
L Overly Permissive Cross-domain Whitelist	<3.2.0-r6
C CVE-2024-46983	<3.2.0-r6
L GHSA-hv2w-8mjj-jw22	<3.2.0-r6
L GHSA-c459-2m73-67hj	<3.2.0-r6
L Improper Encoding or Escaping of Output	<3.2.0-r6
L CVE-2026-34500	<3.2.0-r6
L GHSA-69r9-qgr7-g2wj	<3.2.0-r6
L GHSA-x4m4-345f-5h5g	<3.2.0-r6
L GHSA-24j9-x2wg-9qv6	<3.2.0-r6
L GHSA-rv64-5gf8-9qq8	<3.2.0-r6
L Missing Encryption of Sensitive Data	<3.2.0-r6
L Information Exposure Through Log Files	<3.2.0-r6
L CVE-2026-29146	<3.2.0-r6
L GHSA-8mc5-53m5-3qj2	<3.2.0-r6
L CVE-2026-29145	<3.2.0-r6
L Open Redirect	<3.2.0-r6
L GHSA-69cc-cv78-qc8g	<3.2.0-r6
L GHSA-9m3c-qcxr-9x87	<3.2.0-r6
L GHSA-95jq-rwvf-vjx4	<3.2.0-r6
L Improper Input Validation	<3.2.0-r6
L CVE-2026-29129	<3.2.0-r6
L GHSA-h468-7pvh-8vr8	<3.2.0-r6
L GHSA-xwmg-2g98-w7v9	<3.2.0-r2
L Uncontrolled Recursion	<3.2.0-r2
L GHSA-mf92-479x-3373	<3.2.0-r1
L CVE-2026-22737	<3.2.0-r1
L GHSA-6hcq-hmm3-jj3c	<3.2.0-r1
L CVE-2026-22735	<3.2.0-r1
L GHSA-4773-3jfm-qmx3	<3.2.0-r1
L CVE-2026-22732	<3.2.0-r1
L GHSA-mgp5-rv84-w37q	<3.1.1-r5
H CVE-2026-24734	<3.1.1-r5
L GHSA-72hv-8253-57qq	<3.1.1-r3
L GHSA-fpj8-gq4v-p354	<3.1.1-r4
L GHSA-qq5r-98hh-rxc9	<3.1.1-r4
C Improper Certificate Validation	<3.1.1-r4
L CVE-2026-24733	<3.1.1-r4
L CVE-2026-1225	<3.1.1-r1
L GHSA-qqpg-mvqg-649v	<3.1.1-r1
L Improper Resource Shutdown or Release	<3.1.0-r2
L CVE-2025-11226	<3.1.0-r1
L CVE-2025-41248	<3.1.0-r0
L CVE-2025-41249	<3.1.0-r0

Vulnerability

Vulnerable Version

GHSA-h6fc-48rj-7qqh

<3.2.1-r3