Github.com/hashicorp/vault

This hub aggregates every CVE we track for Github.com/hashicorp/vault, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Github.com/hashicorp/vault.

• CVE-2025-12044Vault Vulnerable to Denial of Service Due to Rate Limit Regression7.5Oct 23, 2025
• CVE-2025-11621Vault AWS auth method bypass due to AWS client cache8.1Oct 23, 2025
• CVE-2025-6203Vault unauthenticated denial of service through complex json payload7.5Aug 28, 2025
• CVE-2025-6013Vault LDAP MFA Enforcement Bypass When Using Username As Alias6.5Aug 6, 2025
• CVE-2025-6015Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse5.7Aug 1, 2025
• CVE-2025-6011Timing Side-Channel in Vault’s Userpass Auth Method3.7Aug 1, 2025
• CVE-2025-6004Vault Userpass and LDAP User Lockout Bypass5.3Aug 1, 2025
• CVE-2025-6037Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates6.8Aug 1, 2025
• CVE-2025-6014Vault TOTP Secrets Engine Code Reuse6.5Aug 1, 2025
• CVE-2025-6000Arbitrary Remote Code Execution via Plugin Catalog Abuse9.1Aug 1, 2025
• CVE-2025-5999Vault Root Namespace Operator May Elevate Token Privileges7.2Aug 1, 2025
• CVE-2025-4656Vault Vulnerable to Recovery Key Cancellation Denial of Service3.1Jun 25, 2025
• CVE-2025-3879Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login6.6May 2, 2025
• CVE-2025-4166Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin4.5May 2, 2025
• CVE-2024-8185Vault Vulnerable to Denial of Service When Processing Raft Join Requests7.5Oct 31, 2024