icinga Cyber Security Vulnerability Stats and Metrics

Access Control Issue in Icinga DB Web by Icinga

CVE-2025-53840

IcingaIcingadb-web2.4LOW

Certificate Validation Bypass in Icinga 2 Monitoring System

CVE-2025-48057

IcingaIcinga29.3CRITICAL

URL Manipulation Vulnerability in Icinga Web 2 by Icinga

CVE-2025-30164

IcingaIcingaweb24.1MEDIUM

JavaScript Injection Vulnerability in Icinga Web 2 by Icinga

CVE-2025-27609

IcingaIcingaweb21.1LOW

JavaScript Injection Vulnerability in Icinga Reporting by Icinga

CVE-2025-27406

IcingaIcingaweb2-module-repo...7.7HIGH

Cross-Site Scripting Vulnerability in Icinga Web 2 by Icinga

CVE-2025-27405

IcingaIcingaweb27.7HIGH

Arbitrary JavaScript Injection Vulnerability in Icinga Web 2 by Icinga

CVE-2025-27404

IcingaIcingaweb27.7HIGH

Information Disclosure Vulnerability in Icinga Director by Icinga

CVE-2025-23203

IcingaIcingaweb2-module-dire...5.5MEDIUM

Flawed TLS Certificate Validation in Icinga V2 Allowing Impersonation

CVE-2024-49369

IcingaEPSS 17%

Icinga Addresses CSRF Vulnerability in ipl/web

CVE-2024-41811

IcingaIpl-web3.9LOW

Icinga Director Vulnerable to Cross-Site Request Forgery (CSRF) Attacks

CVE-2024-24820

IcingaIcingaweb2-module-dire...8.3HIGH

Cross-Site Request Forgery Vulnerability Affects Icinga Web 2 Versions

CVE-2024-24819

IcingaIcingaweb2-module-incu...5.3MEDIUM

icingaweb2-module-jira template and field configuration are susceptible to CSRF

CVE-2023-30607

IcingaIcingaweb2-module-jira5MEDIUM

Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2

CVE-2022-24714

IcingaIcingaweb25.3MEDIUM

Arbitrary code execution for authenticated users in Icinga Web 2

CVE-2022-24715

IcingaIcingaweb2👾🟡EPSS 72%8.5HIGH

Path traversal in Icinga Web 2

CVE-2022-24716

IcingaIcingaweb2👾🟡EPSS 93%7.5HIGH

Missing TLS service certificate validation in GelfWriter, ElasticsearchWriter, InfluxdbWriter and Influxdb2Writer

CVE-2021-37698

IcingaIcinga27.5HIGH

Passwords used to access external services inadvertently exposed through API

CVE-2021-32743

IcingaIcinga28.8HIGH

Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities

CVE-2021-32739

IcingaIcinga28.8HIGH

Possible path traversal by use of the `doc` module

CVE-2021-32746

IcingaIcingaweb25.3MEDIUM

Custom variable protection and blacklists can be circumvented

CVE-2021-32747

IcingaIcingaweb25.3MEDIUM

Certificate Renewal Bypass in Icinga 2 by Icinga

CVE-2020-29663

IcingaIcinga9.1CRITICAL

Directory Traversal Vulnerability in Icinga Web2 by Icinga

CVE-2020-24368

IcingaIcinga Web 27.5HIGH

Unauthorized File Permission Changes in Icinga2 by Icinga

CVE-2020-14004

IcingaIcinga7.8HIGH

Cross-Site Request Forgery in Icinga Web 2 Affects Monitoring Module

CVE-2018-18246

IcingaIcinga Web 26.5MEDIUM

Vulnerability Published:

Sort By:

16 July 2025

Access Control Issue in Icinga DB Web by Icinga

27 May 2025

Certificate Validation Bypass in Icinga 2 Monitoring System

26 March 2025

URL Manipulation Vulnerability in Icinga Web 2 by Icinga

JavaScript Injection Vulnerability in Icinga Web 2 by Icinga

JavaScript Injection Vulnerability in Icinga Reporting by Icinga

Cross-Site Scripting Vulnerability in Icinga Web 2 by Icinga

Arbitrary JavaScript Injection Vulnerability in Icinga Web 2 by Icinga

Information Disclosure Vulnerability in Icinga Director by Icinga

12 November 2024

Flawed TLS Certificate Validation in Icinga V2 Allowing Impersonation

5 August 2024

Icinga Addresses CSRF Vulnerability in ipl/web

9 February 2024

Icinga Director Vulnerable to Cross-Site Request Forgery (CSRF) Attacks

Cross-Site Request Forgery Vulnerability Affects Icinga Web 2 Versions

5 July 2023

icingaweb2-module-jira template and field configuration are susceptible to CSRF

8 March 2022

Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2

Arbitrary code execution for authenticated users in Icinga Web 2

Path traversal in Icinga Web 2

19 August 2021

Missing TLS service certificate validation in GelfWriter, ElasticsearchWriter, InfluxdbWriter and Influxdb2Writer

15 July 2021

Passwords used to access external services inadvertently exposed through API

Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities

12 July 2021

Possible path traversal by use of the `doc` module

Custom variable protection and blacklists can be circumvented

15 December 2020

Certificate Renewal Bypass in Icinga 2 by Icinga

19 August 2020

Directory Traversal Vulnerability in Icinga Web2 by Icinga

12 June 2020

Unauthorized File Permission Changes in Icinga2 by Icinga

17 December 2018

Cross-Site Request Forgery in Icinga Web 2 Affects Monitoring Module