pkg:Go/github.com/minio/minio

All known vulnerabilities

• HIGH8.8CVE-2023-28434⚠ KEVPrivilege Escalation on Linux/MacOS
  from 0, < 0.0.0-202303200415
• HIGH8.8CVE-2024-24747Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation in github.com/minio/minio
  from 0, < 0.0.0-20240131185645-0ae4915a9391
• HIGH8.8CVE-2024-24747Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation in github.com/minio/minio
  from 0, < 0.0.0-20240131185645-0ae4915a9391
• HIGH8.8CVE-2023-28433Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
  from 0, < 0.0.0-202303200735
• HIGH8.2CVE-2026-41145MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads
  >= 0.0.0-20230506025312-76913a9fd5c6, <= 0.0.0-20260212201848-7aac2a2c5b7c
• HIGH8.2CVE-2026-40344MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads
  >= 0.0.0-20230506025312-76913a9fd5c6, <= 0.0.0-20260212201848-7aac2a2c5b7c
• HIGH8.1CVE-2025-62506MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS
  from 0, < 0.0.0-20251015170045-c1a49490c78e
• HIGH8.1CVE-2025-62506MinIO is Vulnerable to Privilege Escalation via Session Policy Bypass in Service Accounts and STS
  from 0, < 0.0.0-20251015170045-c1a49490c78e
• HIGH7.1CVE-2026-34204MinIO is Vulnerable to SSE Metadata Injection via Replication Headers in github.com/minio/minio
  >= 0.0.0-20240328174456-468a9fae83e9
• HIGH7.1CVE-2026-34204MinIO is Vulnerable to SSE Metadata Injection via Replication Headers in github.com/minio/minio
  >= 0.0.0-20240328174456-468a9fae83e9, <= 0.0.0-20260212201848-7aac2a2c5b7c
• MEDIUM5.3CVE-2024-36107MinIO information disclosure vulnerability in github.com/minio/minio
  from 0, < 0.0.0-20240527191746-e0fe7cc39172
• MEDIUM5.3CVE-2024-36107MinIO information disclosure vulnerability in github.com/minio/minio
  from 0, < 0.0.0-20240527191746-e0fe7cc39172
• —CVE-2026-42600MinIO vulnerable to Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint
  >= 0.0.0-20220724015452, < 0.0.0-20260414213245
• —CVE-2026-39414MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing
  >= 0.0.0-20180815103019-7c14cdb60e53, <= 0.0.0-20251203081239-27742d469462
• —CVE-2026-33419MinIO LDAP login brute-force via user enumeration and missing rate limit
  from 0
• —CVE-2026-33419MinIO LDAP login brute-force via user enumeration and missing rate limit
  from 0, <= 0.0.0-20260212201848-7aac2a2c5b7c
• —CVE-2026-33322MinIO has JWT Algorithm Confusion in OIDC Authentication
  from 0
• —CVE-2026-33322MinIO has JWT Algorithm Confusion in OIDC Authentication
  from 0, <= 0.0.0-20260212201848-7aac2a2c5b7c
• —CVE-2025-31489MinIO performs incomplete signature validation for unsigned-trailer uploads
  from 0, < 0.0.0-20250403145552-8c70975283f9
• —CVE-2025-31489MinIO performs incomplete signature validation for unsigned-trailer uploads
  from 0, < 0.0.0-20250403145552-8c70975283f9
• —CVE-2025-27414MinIO SFTP authentication bypass due to improperly trusted SSH key
  from 0
• —CVE-2025-27414MinIO SFTP authentication bypass due to improperly trusted SSH key
  >= 0.0.0-20240605075113-91e1487de457, < 0.0.0-20250227184332-4c71f1b4ec0f
• —CVE-2024-55949MinIO vulnerable to privilege escalation in IAM import API in github.com/minio/minio
  >= 0.0.0-20220623162515-580d9db85e04, < 0.0.0-20241213221912-68b004a48f41
• —CVE-2024-55949MinIO vulnerable to privilege escalation in IAM import API in github.com/minio/minio
  >= 0.0.0-20220623162515-580d9db85e04, < 0.0.0-20241213221912-68b004a48f41