pkg:Go/go.opentelemetry.io/obi
11 total CVEsHIGH4MEDIUM6LOW1
✅ Check your installed version
All known vulnerabilities
- HIGH8.4CVE-2026-41433OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR>= 0.4.0, < 0.8.0
- HIGH7.5CVE-2026-45686OpenTelemetry eBPF Instrumentation: Memcached payload length overflow can crash OBI>= 0.7.0, < 0.9.0
- HIGH7.5CVE-2026-45685OpenTelemetry eBPF Instrumentation: MongoDB parser panics on malformed wire messagesfrom 0, < 0.9.0
- HIGH7.5CVE-2026-45678OpenTelemetry eBPF Instrumentation: Postgres BIND parsing can panic on malformed payloadsfrom 0, < 0.9.0
- MEDIUM6.5CVE-2026-45679OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messagesfrom 0, < 0.9.0
- MEDIUM5.9CVE-2026-45681OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB sizefrom 0, < 0.9.0
- MEDIUM5.9CVE-2026-45680OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPUfrom 0, < 0.9.0
- MEDIUM5.5CVE-2026-45676OpenTelemetry eBPF Instrumentation: Unsafe fastelf parsing allows malformed ELF to crash agentfrom 0, < 0.9.0
- MEDIUM5.1CVE-2026-45682OpenTelemetry eBPF Instrumentation: CappedConcurrentHashMap leaks keys after removalsfrom 0, < 0.9.0
- MEDIUM4.9CVE-2026-45684OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers>= 0.7.0, < 0.9.0
- LOW3.8CVE-2026-45683OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosurefrom 0, < 0.9.0