Hashicorp Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by hashicorp
Vulnerability Published:
๐๏ธ Published
- Anytime
Sort By:
๐๏ธ Published Date
- Descending
Symlink Attack Vulnerability in HashiCorp's go-getter Library
CVE-2025-8959HashicorpShared Library7.5HIGHPrivileged Code Execution Vulnerability in HashiCorp Vault
CVE-2025-6000HashicorpVault9.1CRITICALPrivilege Escalation Vulnerability in HashiCorp Vault by HashiCorp
CVE-2025-5999HashicorpVault7.2HIGHACL Policy Lookup Issue in Nomad Community and Nomad Enterprise
CVE-2025-4922HashicorpNomad8.1HIGHBypassing Sentinel Policies in Nomad Enterprise by HashiCorp
CVE-2025-3744HashicorpNomad Enterprise7.6HIGHAuthentication Method Flaw in Vault by HashiCorp
CVE-2025-3879HashicorpVault8.8HIGHAuthentication Bypass in Hermes by HashiCorp Affecting AWS ALB Integration
CVE-2025-1293HashicorpTooling8.2HIGHEvent Stream Namespace ACL Policy Bypass in Nomad by HashiCorp
CVE-2025-0937HashicorpNomad7.1HIGHZip-Slip Vulnerability in HashiCorp's go-slug Library
CVE-2025-0377HashicorpShared Library7.5HIGHArbitrary Cross-Namespace Volume Creation Vulnerability
CVE-2024-10975HashicorpNomad7.7HIGHRoot Privileges Escalation Vulnerability in Vault
CVE-2024-9180HashicorpVault7.2HIGHVault SSH secrets engine vulnerability: unauthorized access via SSH certificates
CVE-2024-7594HashicorpVault8.8HIGHNomad Platform Vulnerable to Path Escape During Migration
CVE-2024-6717HashicorpNomad7.7HIGHMalicious Git Configuration Execution via go-getter Library
CVE-2024-6257HashicorpShared Library8.4HIGHVault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
CVE-2024-5798HashicorpVault7.5HIGHGit Injection Vulnerability Affects HashiCorp's go-getter Library
CVE-2024-3817HashicorpShared Library9.8CRITICALCertificate Validation Bypass Vulnerability
CVE-2024-2048HashicorpVault๐๐ฐ9.8CRITICALNomad Client User Arbitrary File Write Vulnerability
CVE-2024-1329HashicorpNomad7.5HIGHTLS Certificate Tampering Vulnerability in Boundary Enterprise
CVE-2024-1052HashicorpBoundary8HIGHVault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
CVE-2023-6337HashicorpVault7.5HIGHVault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
CVE-2023-5077HashicorpVault7.5HIGHJWT Auth in L7 Intentions Allow For Mismatched Service Identity and JWT Providers for Access
CVE-2023-3518HashicorpConsul7.4HIGHConsul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner
CVE-2023-2816HashicorpConsul8.7HIGHNomad Unauthenticated Client Agent HTTP Request Privilege Escalation
CVE-2023-1782HashicorpNomad10CRITICALNomad Job Submitter Privilege Escalation Using Workload Identity
CVE-2023-1299HashicorpNomad7.4HIGH