Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All Vulnerabilities
APPLICATION
Cargo
cocoapods
Composer
Conan
Go
hex
Maven
npm
NuGet
pip
pub
RubyGems
Swift
Unmanaged (C/C++)
OPERATING SYSTEM
All OS vulnerabilities
AlmaLinux
Alpine Linux
Amazon Linux
CentOS
Chainguard
Debian
MinimOS
Oracle Linux
Red Hat Enterprise Linux
Rocky Linux
SUSE Linux Enterprise Server
Ubuntu
Wolfi
Report a new vulnerability
VULNERABILITY
AFFECTS
TYPE
PUBLISHED
H
Open Redirect
github.com/zitadel/zitadel/internal/notification/handlers
>=2.0.0 <2.71.18
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
H
Open Redirect
github.com/zitadel/zitadel/internal/api/http
>=2.0.0 <2.71.18
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
H
Open Redirect
github.com/zitadel/zitadel/internal/api/http/middleware
>=2.0.0 <2.71.18
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
H
Open Redirect
github.com/zitadel/zitadel/internal/api/grpc/server/middleware
>=2.0.0 <2.71.18
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
H
Open Redirect
github.com/zitadel/zitadel/internal/api/grpc/server/connect_middleware
>=2.0.0 <2.71.18
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
H
Open Redirect
github.com/zitadel/zitadel/internal/api/authz
>=2.0.0 <2.71.18
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
H
Use of Single-factor Authentication
github.com/zitadel/zitadel/internal/query
>=2.53.6 <2.71.8
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
H
Use of Single-factor Authentication
github.com/zitadel/zitadel/internal/domain
>=2.53.6 <2.71.8
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
H
Use of Single-factor Authentication
github.com/zitadel/zitadel/internal/authz/repository/eventsourcing/eventstore
>=2.53.6 <2.71.8
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
H
Allocation of Resources Without Limits or Throttling
github.com/hashicorp/consul/agent
<1.22.0
Go
30 Oct 2025
H
Allocation of Resources Without Limits or Throttling
github.com/hashicorp/consul/agent
<1.22.0
Go
30 Oct 2025
H
Brute Force
github.com/zitadel/zitadel/internal/config/systemdefaults
<2.71.18
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
H
Brute Force
github.com/zitadel/zitadel/internal/command
<2.71.18
>=3.0.0-rc.1 <3.4.3
>=4.0.0-rc.1 <4.6.0
Go
30 Oct 2025
M
Use After Free
PixarAnimationStudios/OpenUSD
[,25.11)
Unmanaged (C/C++)
30 Oct 2025
H
Cross-site Scripting (XSS)
ckan
[,2.10.9)
[2.11.0,2.11.4)
pip
30 Oct 2025
H
Session Fixation
ckan
[2.10.0,2.10.9)
[2.11.0,2.11.4)
pip
30 Oct 2025
C
Malicious Package
esm-package
*
npm
30 Oct 2025
C
Malicious Package
near-abi-client-js
*
npm
30 Oct 2025
C
Malicious Package
faltest
*
npm
30 Oct 2025
C
Malicious Package
xo-styles
*
npm
30 Oct 2025
C
Malicious Package
jsx-a11y
*
npm
30 Oct 2025
C
Malicious Package
ing-web-es
*
npm
30 Oct 2025
C
Malicious Package
elemefe
*
npm
30 Oct 2025
C
Malicious Package
airbnb-bev
*
npm
30 Oct 2025
C
Malicious Package
fq-ui
*
npm
30 Oct 2025
C
Malicious Package
chai-friendly
*
npm
30 Oct 2025
C
Malicious Package
pmcrypto
*
npm
30 Oct 2025
C
Malicious Package
twilio-ts
*
npm
30 Oct 2025
C
Malicious Package
inline-react-svg
*
npm
30 Oct 2025
C
Malicious Package
mourner
*
npm
30 Oct 2025
