pkg:Go/github.com/neuvector/neuvector

16 total CVEsCRITICAL4HIGH4MEDIUM6

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2025-54469NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector
    >= 5.3.0, < 5.3.5
  • CRITICAL9.9CVE-2025-54469NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector
    >= 0.0.0-20230727023453-1c4957d53911, < 0.0.0-20251020133207-084a437033b4
  • CRITICAL9.8CVE-2025-8077NeuVector admin account has insecure default password
    >= 5.0.0, < 5.4.6
  • CRITICAL9.8CVE-2025-8077NeuVector admin account has insecure default password
    from 0
  • HIGH8.8CVE-2025-66001NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)
    from 0
  • HIGH8.8CVE-2025-66001NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM)
    >= 5.3.0, < 5.4.8
  • HIGH8.6CVE-2025-54470NeuVector telemetry sender is vulnerable to MITM and DoS
    >= 5.3.0, < 5.3.5
  • HIGH8.6CVE-2025-54470NeuVector telemetry sender is vulnerable to MITM and DoS
    from 0
  • MEDIUM6.5CVE-2025-54471NeuVector is shipping cryptographic material into its binary in github.com/neuvector/neuvector
    >= 0.0.0-20230727023453-1c4957d53911, < 0.0.0-20251020133207-084a437033b4
  • MEDIUM6.5CVE-2025-54471NeuVector is shipping cryptographic material into its binary in github.com/neuvector/neuvector
    >= 5.3.0, < 5.4.7
  • MEDIUM5.3CVE-2025-54467NeuVector process with sensitive arguments lead to leakage
    from 0
  • MEDIUM5.3CVE-2025-54467NeuVector process with sensitive arguments lead to leakage
    >= 5.0.0, < 5.4.6
  • MEDIUM5.3CVE-2025-53884NeuVector has an insecure password storage vulnerable to rainbow attack
    >= 5.0.0, < 5.4.6
  • MEDIUM5.3CVE-2025-53884NeuVector has an insecure password storage vulnerable to rainbow attack
    from 0
  • CVE-2023-22644JWT token compromise can allow malicious actions including Remote Code Execution (RCE) in github.com/neuvector/neuvector
    from 0, < 0.0.0-20231003121714-be746957ee7c
  • CVE-2023-32188JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
    from 0, < 0.0.0-20231003121714-be746957ee7c