Github.com/hashicorp/consul
This hub aggregates every CVE we track for Github.com/hashicorp/consul, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
31
CVEs tracked
0
Critical
17
High
0
In CISA KEV
Severity distribution
HIGH17MEDIUM14
Monthly trend
0
0
0
3
0
0
0
0
0
0
0
0
0
0
0
2
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Github.com/hashicorp/consul.
- CVE-2025-11374Consul's KV endpoint is vulnerable to denial of service6.5
- CVE-2025-11375Consul's event endpoint is vulnerable to denial of service6.5
- CVE-2024-10086Consul Vulnerable To Reflected XSS On Content-Type Error Manipulation6.1
- CVE-2024-10006Consul L7 Intentions Vulnerable To Headers Bypass8.3
- CVE-2024-10005Consul L7 Intentions Vulnerable To URL Path Bypass8.1
- CVE-2023-3518JWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access7.4
- CVE-2023-1297 Consul Cluster Peering can Result in Denial of Service4.9
- CVE-2023-2816Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner8.7
- CVE-2023-0845Consul Server Panic when Ingress and API Gateways Configured with Peering4.9
- CVE-2022-3920Consul Peering Imported Nodes/Services Leak5.3
- CVE-2022-40716HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to byp...6.5
- CVE-2021-41803HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed i...7.1
- CVE-2022-29153HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints....7.5
- CVE-2022-24687HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service...6.5
- CVE-2021-38698HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.6.5
Product normalization is registry-driven with AI assist and human review. How it works