Github.com/hashicorp/nomad

This hub aggregates every CVE we track for Github.com/hashicorp/nomad, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Github.com/hashicorp/nomad.

• CVE-2025-4922Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job8.1Jun 11, 2025
• CVE-2025-1296Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs6.5Mar 10, 2025
• CVE-2024-12678Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens6.5Dec 20, 2024
• CVE-2024-10975Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission7.7Nov 7, 2024
• CVE-2024-7625Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking5.8Aug 14, 2024
• CVE-2024-6717Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking7.7Jul 23, 2024
• CVE-2024-1329Nomad Vulnerable to Arbitrary Write Through Symlink Attack7.7Feb 8, 2024
• CVE-2023-3300Nomad Search API Leaks Information About CSI Plugins5.3Jul 19, 2023
• CVE-2023-3299Nomad Caller ACL Token's Secret ID is Exposed to Sentinel3.4Jul 19, 2023
• CVE-2023-3072Nomad ACL Policies without Label are Applied to Unexpected Resources4.1Jul 19, 2023
• CVE-2023-1782Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation9.9Apr 5, 2023
• CVE-2023-1299Nomad Job Submitter Privilege Escalation Using Workload Identity7.4Mar 14, 2023
• CVE-2023-1296Nomad ACLs Can Not Deny Access to Workload's Own Variables2.7Mar 14, 2023
• CVE-2023-0821Nomad Client Vulnerable to Decompression Bombs in Artifact Block6.5Feb 16, 2023
• CVE-2019-14802HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/...5.3Dec 26, 2022