Github.com/traefik/traefik
This hub aggregates every CVE we track for Github.com/traefik/traefik, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
3
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM4CRITICAL3
Monthly trend
0
0
1
0
0
0
0
0
0
1
1
0
0
0
0
0
0
1
0
0
1
0
0
0
2024-072026-06
Latest CVEs
The 11 most recently published vulnerabilities affecting Github.com/traefik/traefik.
- CVE-2026-29777Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values6.5
- CVE-2025-66490Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules6.5
- CVE-2025-47952Traefik allows path traversal using url encoding9.1
- CVE-2025-32431Traefik has a possible vulnerability with the path matchers9.1
- CVE-2024-45410HTTP client can remove the X-Forwarded headers in Traefik9.8
- CVE-2024-28869Possible denial of service vulnerability with Content-length header in Traefik7.5
- CVE-2021-32813Drop Headers via Malicious Connection Header4.8
- CVE-2020-15129Open redirect in Traefik6.1
- CVE-2020-9321configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.7.5
- CVE-2019-12452types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API ...7.5
- CVE-2018-15598Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.7.5
Product normalization is registry-driven with AI assist and human review. How it works