Github.com/nats-io/nats-server/v2
This hub aggregates every CVE we track for Github.com/nats-io/nats-server/v2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
9
CVEs tracked
1
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM4CRITICAL1
Monthly trend
1
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
1
0
0
0
0
2024-072026-06
Latest CVEs
The 9 most recently published vulnerabilities affecting Github.com/nats-io/nats-server/v2.
- CVE-2026-27571nats-server websockets are vulnerable to pre-auth memory DoS5.9
- CVE-2025-30215NATS-Server Fails to Authorize Certain Jetstream Admin APIs9.6
- CVE-2022-29946NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one ...6.3
- CVE-2023-46129xkeys Seal encryption used fixed key for all encryption7.5
- CVE-2023-47090NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the i...6.5
- CVE-2022-26652NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.6.5
- CVE-2022-24450NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature.8.8
- CVE-2020-28466Denial of Service (DoS)7.5
- CVE-2019-13126An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first aut...7.5
Product normalization is registry-driven with AI assist and human review. How it works