pkg:Go/github.com/pterodactyl/wings

All known vulnerabilities

• CRITICAL9.9CVE-2024-27102Pterodactyl Wings vulnerable to improper isolation of server file access in github.com/pterodactyl/wings
  from 0, < 1.11.9
• CRITICAL9.9CVE-2024-27102Pterodactyl Wings vulnerable to improper isolation of server file access in github.com/pterodactyl/wings
  from 0, < 1.11.9
• CRITICAL9.6CVE-2023-25168Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system in github.com/pterodactyl/wings
  from 0, < 1.7.4, >= 1.11.0, < 1.11.4
• CRITICAL9.6CVE-2023-25168Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system in github.com/pterodactyl/wings
  from 0, < 1.7.4
• CRITICAL9.0CVE-2023-32080Wings vulnerable to escape to host from installation container in github.com/pterodactyl/wings
  from 0, < 1.7.5
• CRITICAL9.0CVE-2023-32080Wings vulnerable to escape to host from installation container in github.com/pterodactyl/wings
  from 0, < 1.7.5, >= 1.11.0, < 1.11.6
• HIGH8.4CVE-2024-34066Pterodactyl Wings vulnerable to Arbitrary File Write/Read in github.com/pterodactyl/wings
  from 0, < 1.11.12
• HIGH8.4CVE-2024-34066Pterodactyl Wings vulnerable to Arbitrary File Write/Read in github.com/pterodactyl/wings
  from 0, < 1.11.12
• HIGH8.4CVE-2023-25152Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following in github.com/pterodactyl/wings
  from 0, < 1.7.3, >= 1.11.0, < 1.11.3
• HIGH8.4CVE-2023-25152Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following in github.com/pterodactyl/wings
  from 0, < 1.7.3
• MEDIUM6.5CVE-2026-21696Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings
  >= 1.7.0, < 1.12.0
• MEDIUM6.5CVE-2026-21696Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings
  >= 1.7.0, < 1.12.0
• MEDIUM6.5CVE-2025-69199Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks in github.com/pterodactyl/wings
  from 0, < 1.12.0
• MEDIUM6.5CVE-2025-69199Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks in github.com/pterodactyl/wings
  from 0, < 1.12.0
• MEDIUM6.5CVE-2021-32699Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
  from 0, < 1.4.4
• MEDIUM6.5CVE-2021-32699Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
  from 0, < 1.4.4
• MEDIUM6.4CVE-2024-34068Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings
  from 0, < 1.11.12
• MEDIUM6.4CVE-2024-34068Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings
  >= 1.2.0, < 1.2.1
• MEDIUM6.4CVE-2024-34068Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings
  from 0, < 1.11.12
• —CVE-2025-68954Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced in github.com/pterodactyl/wings
  from 0, < 1.12.0
• —CVE-2025-68954Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced in github.com/pterodactyl/wings
  from 0, < 1.12.0