Security: nats-io/nats-server
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Adding accounts for just the system account adds auth bypassGHSA-fr2g-9hjm-wr23 published
Oct 18, 2023 by philpennockHigh -
Arbitrary file write by JetStream-enabled usersGHSA-6h3m-36w8-hv68 published
Mar 10, 2022 by philpennockHigh -
Unconstrained account assumption by authenticated clientsGHSA-g6w6-r76c-28j7 published
Feb 7, 2022 by philpennockCritical -
TLS missing ciphersuite settings when CLI flags usedGHSA-jj54-5q2m-q7pj published
May 4, 2021 by philpennockLow -
Import token permissions checking not enforcedGHSA-j756-f273-xhp4 published
Mar 24, 2021 by philpennockCritical -
Import loops in account imports, nats-server DoSGHSA-gwj5-3vfq-q992 published
Mar 24, 2021 by philpennockLow -
Nil dereference in NATS JWT, DoS of nats-serverGHSA-hmm9-r2m2-qg9w published
Mar 24, 2021 by philpennockLow -
Incorrect handling of credential expiry by NATS ServerGHSA-2c64-vj8g-vwrq published
Mar 24, 2021 by philpennockHigh
Learn more about advisories related to nats-io/nats-server in the GitHub Advisory Database