zitadel-3 | Snyk

Direct Vulnerabilities

Known vulnerabilities in the zitadel-3 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Loop with Unreachable Exit Condition ('Infinite Loop')	<3.4.10-r2
H NULL Pointer Dereference	<3.4.10-r1
L GHSA-3v2c-x6q9-f697	<3.4.10-r1
L CVE-2026-42501	<3.4.10-r1
L Cross-site Scripting (XSS)	<3.4.10-r1
L CVE-2026-42499	<3.4.10-r1
L Improper Encoding or Escaping of Output	<3.4.10-r1
L GHSA-2283-wf8c-rw8r	<3.4.10-r1
L GHSA-qf3q-3h68-mmh2	<3.4.10-r1
M Out-of-bounds Write	<3.4.10-r1
H Allocation of Resources Without Limits or Throttling	<3.4.10-r1
L GHSA-xq5j-9r39-c3vf	<3.4.10-r1
L GHSA-p9h5-jm8x-mjm5	<3.4.10-r1
L GHSA-qc64-m6c2-v4x7	<3.4.10-r1
M Link Following	<3.4.10-r1
L GHSA-5m4p-2gjx-p2g8	<3.4.10-r1
L GHSA-8g2r-hhvj-mv99	<3.4.10-r1
H Double Free	<3.4.10-r1
L GHSA-497x-jcxf-m478	<3.4.10-r1
C SQL Injection	<3.4.9-r7
L GHSA-pjcq-xvwq-hhpj	<3.4.9-r8
H Integer Overflow or Wraparound	<3.4.9-r8
L GHSA-j88v-2chj-qfwx	<3.4.9-r7
L GHSA-7mr4-xjxg-34g6	<3.4.9-r5
L GHSA-gjvh-7jh8-7xhm	<3.4.9-r5
L CVE-2026-32280	<3.4.9-r5
L GHSA-jrg3-gfjw-hm96	<3.4.9-r5
M Cross-site Scripting (XSS)	<3.4.9-r5
H Incorrect Authorization	<3.4.9-r5
L GHSA-m4pr-4j3g-9v7v	<3.4.9-r5
H Improper Certificate Validation	<3.4.9-r5
H Allocation of Resources Without Limits or Throttling	<3.4.9-r5
L GHSA-5w89-2c2x-6x66	<3.4.9-r5
L GHSA-hfvc-g4fc-pqhx	<3.4.9-r4
H Untrusted Search Path	<3.4.9-r4
L Uncaught Exception	<3.4.9-r3
L GHSA-78h2-9frx-2jm8	<3.4.9-r3
L Improper Verification of Cryptographic Signature	<3.4.9-r2
L GHSA-479m-364c-43vc	<3.4.9-r2
L Improper Authorization	<3.4.9-r1
L GHSA-p77j-4mvh-x3m3	<3.4.9-r1
L GHSA-j4j7-vw47-rhfq	<3.4.7-r2
L GHSA-j3gx-2473-5fp8	<3.4.7-r2
L GHSA-rv83-g57w-fr8j	<3.4.7-r2
L Direct Request ('Forced Browsing')	<3.4.7-r2
L Cross-site Scripting (XSS)	<3.4.7-r2
L Directory Traversal	<3.4.7-r2
L GHSA-9h8m-3fm2-qjrq	<3.4.7-r1
L Untrusted Search Path	<3.4.7-r1
C CVE-2025-68121	<3.4.6-r1
L GHSA-8jvr-vh7g-f8gx	<3.4.6-r1
L Out-of-bounds Write	<3.4.6-r1
L GHSA-cm6p-qc7v-m3jw	<3.4.6-r1
L CVE-2025-61730	<3.4.6-r1
L Allocation of Resources Without Limits or Throttling	<3.4.6-r1
L CVE-2025-61731	<3.4.6-r1
L GHSA-gm9r-q53w-2gh4	<3.4.6-r1
L GHSA-h355-32pf-p2xm	<3.4.6-r1
L GHSA-g9q4-qjx4-2v7q	<3.4.6-r1
L GHSA-gr56-3gp6-6gmj	<3.4.6-r1
L GHSA-xvqr-69v8-f3gv	<3.4.6-r1
L CVE-2025-61732	<3.4.6-r1
L Allocation of Resources Without Limits or Throttling	<3.4.6-r1
M Information Exposure	<3.4.0-r0
L GHSA-rq77-p4h8-4crw	<3.4.5-r1
L Cross-site Request Forgery (CSRF)	<3.4.5-r1
L CVE-2025-58181	<3.4.4-r1
L GHSA-f6x5-jh6r-wrfv	<3.4.4-r1
L GHSA-j5w8-q4qc-rx2x	<3.4.4-r1
L CVE-2025-47914	<3.4.4-r1

Vulnerability

Vulnerable Version

Loop with Unreachable Exit Condition ('Infinite Loop')

<3.4.10-r2