pkg:Go/github.com/gofiber/fiber/v2

20 total CVEsCRITICAL6HIGH2MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2024-38513Session Middleware Token Injection Vulnerability in github.com/gofiber/fiber
    from 0, < 2.52.5
  • CRITICAL10.0CVE-2024-38513Session Middleware Token Injection Vulnerability in github.com/gofiber/fiber
    from 0, < 2.52.5
  • CRITICAL9.6CVE-2023-45128CSRF token reuse vulnerability in github.com/gofiber/fiber/v2
    from 0, < 2.50.0
  • CRITICAL9.6CVE-2023-45128CSRF token reuse vulnerability in github.com/gofiber/fiber/v2
    from 0, < 2.50.0
  • CRITICAL9.4CVE-2024-25124Insecure CORS Configuration allowing wildcard origin with credentials in github.com/gofiber/fiber/v2
    from 0, < 2.52.1
  • CRITICAL9.4CVE-2024-25124Insecure CORS Configuration allowing wildcard origin with credentials in github.com/gofiber/fiber/v2
    from 0, < 2.52.1
  • HIGH8.8CVE-2023-45141CSRF token validation vulnerability in github.com/gofiber/fiber/v2
    from 0, < 2.50.0
  • HIGH8.8CVE-2023-45141CSRF token validation vulnerability in github.com/gofiber/fiber/v2
    from 0, < 2.50.0
  • MEDIUM5.9CVE-2018-20744github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error
    >= 2.0.0, < 2.43.0
  • MEDIUM5.3CVE-2023-41338IsFromLocal local address check can be circumvented in github.com/gofiber/fiber/v2
    from 0, < 2.49.2
  • MEDIUM5.3CVE-2023-41338IsFromLocal local address check can be circumvented in github.com/gofiber/fiber/v2
    from 0, < 2.49.2-0.20230906112033-b8c9ede6efa2
  • CVE-2026-42554Fiber vulnerable to XSS in AutoFormat Content Negotiation
    from 0, < 2.52.13
  • CVE-2026-25882Fiber has a Denial of Service Vulnerability via Route Parameter Overflow
    from 0, < 2.52.12
  • CVE-2026-25882Fiber has a Denial of Service Vulnerability via Route Parameter Overflow
    from 0, < 2.52.12
  • CVE-2025-66630Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() on crypto/rand failure in github.com/gofiber/fiber
    from 0, < 2.52.11
  • CVE-2025-66630Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() on crypto/rand failure in github.com/gofiber/fiber
    from 0, < 2.52.11
  • CVE-2025-54801Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder
    from 0, < 2.52.9
  • CVE-2025-54801Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder
    from 0, < 2.52.9
  • CVE-2025-48075Fiber panics when fiber.Ctx.BodyParser parses invalid range index
    >= 2.52.6, < 2.52.7
  • CVE-2025-48075Fiber panics when fiber.Ctx.BodyParser parses invalid range index
    >= 2.52.6, < 2.52.7