Github.com/openbao/openbao
This hub aggregates every CVE we track for Github.com/openbao/openbao, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
15
CVEs tracked
1
Critical
8
High
0
In CISA KEV
Severity distribution
HIGH8MEDIUM5LOW1CRITICAL1
Monthly trend
0
0
1
2
0
0
0
0
0
0
0
1
0
7
0
3
1
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Github.com/openbao/openbao.
- CVE-2025-64761OpenBao Privileged Operator Identity Group Root Escalation7.2
- CVE-2025-62705OpenBao and Vault Leak []byte Fields in Audit Logs4.9
- CVE-2025-62513OpenBao leaks HTTPRawBody in Audit Logs7.5
- CVE-2025-59043OpenBao vulnerable to denial of service via malicious JSON request processing7.5
- CVE-2025-55003OpenBao Login MFA Bypasses Rate Limiting and TOTP Token Reuse5.7
- CVE-2025-55001OpenBao LDAP MFA Enforcement Bypass When Using Username As Alias6.5
- CVE-2025-55000OpenBao TOTP Secrets Engine Enables Code Reuse6.5
- CVE-2025-54999OpenBao: Timing Side-Channel in Userpass Auth Method3.7
- CVE-2025-54998OpenBao Userpass and LDAP User Lockout Bypass5.3
- CVE-2025-54997OpenBao: Privileged Operator May Execute Code on the Underlying Host9.1
- CVE-2025-54996OpenBao Root Namespace Operator May Elevate Token Privileges7.2
- CVE-2025-52894OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation7.5
- CVE-2024-8185Vault Vulnerable to Denial of Service When Processing Raft Join Requests7.5
- CVE-2024-9180Vault Operators in Root Namespace May Elevate Their Privileges7.2
- CVE-2024-7594Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default7.5
Product normalization is registry-driven with AI assist and human review. How it works