d7y.io/dragonfly/v2 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-54637Mediumd7y.io/dragonfly/v2: Dragonfly scheduler v1 and v2 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFileCVE-2026-49254Lowd7y.io/dragonfly/v2: Dragonfly Manager OAuth provider client_secret disclosure via unauthenticated GET /api/v1/oauthCVE-2026-24124Highd7y.io/dragonfly/v2: Dragonfly Manager Job API Unauthenticated AccessCVE-2025-59410Mediumgithub.com/dragonflyoss/dragonfly: DragonFly's tiny file download uses hard coded HTTP protocolCVE-2025-59354Mediumgithub.com/dragonflyoss/dragonfly: DragonFly has weak integrity checks for downloaded filesCVE-2025-59353Highgithub.com/dragonflyoss/dragonfly: DragonFly's manager generates mTLS certificates for arbitrary IP addressesCVE-2025-59352Mediumgithub.com/dragonflyoss/dragonfly: DragonFly vulnerable to arbitrary file read and write on a peer machineCVE-2025-59351Mediumgithub.com/dragonflyoss/dragonfly: DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an errorCVE-2025-59350Mediumgithub.com/dragonflyoss/dragonfly: Dragonfly vulnerable to timing attacks against Proxy’s basic authenticationCVE-2025-59349Lowgithub.com/dragonflyoss/dragonfly: Dragonfly's directories created via os.MkdirAll are not checked for permissionsCVE-2025-59348Mediumgithub.com/dragonflyoss/dragonfly: Dragonfly incorrectly handles a task structure’s usedTrac fieldCVE-2025-59347Mediumgithub.com/dragonflyoss/dragonfly: Dragonfly's manager makes requests to external endpoints with disabled TLS authenticationCVE-2025-59346Highgithub.com/dragonflyoss/dragonfly: Dragonfly vulnerable to server-side request forgeryCVE-2025-59345Highgithub.com/dragonflyoss/dragonfly: Dragonfly doesn't have authentication enabled for some Manager’s endpointsCVE-2023-27584Criticald7y.io/dragonfly/v2: Dragonfly2 has hard coded cyptographic key

Stop the waste.
Protect your environment with Kodem.