github.com/0xJacky/nginx-ui vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-42238Criticalgithub.com/0xJacky/nginx-ui: Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup RestoreCVE-2026-42223Mediumgithub.com/0xJacky/nginx-ui: Nginx-UI Settings API Exposes Protected SecretsCVE-2026-42222Highgithub.com/0xJacky/nginx-ui: Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap…CVE-2026-42221Highgithub.com/0xJacky/Nginx-UI: Nginx-UI: Unauthenticated First-Run Installer Allows Remote Initial Admin ClaimCVE-2026-42220Mediumgithub.com/0xJacky/Nginx-UI: Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node…CVE-2026-44015Highgithub.com/0xJacky/Nginx-UI: Nginx-UI has Server-Side Request Forgery (SSRF) via Cluster Proxy Middleware that Allows Access to…CVE-2026-34403Highgithub.com/0xJacky/Nginx-UI: Nginx-UI: Cross-Site WebSocket Hijacking (CSWSH) via missing origin validation on all WebSocket…CVE-2026-33031Highgithub.com/0xJacky/Nginx-UI: Nginx-UI: Disabled users retain full API access through previously issued bearer tokensCVE-2026-33032Criticalgithub.com/0xJacky/Nginx-UI: nginx-ui's Unauthenticated MCP Endpoint Allows Remote Nginx TakeoverCVE-2026-33030Highgithub.com/0xJacky/nginx-ui: nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private KeysCVE-2026-33029Mediumgithub.com/0xJacky/Nginx-UI: nginx-ui Vulnerable to DoS via Negative Integer Input in Logrotate IntervalCVE-2026-33028Highgithub.com/0xJacky/Nginx-UI: nginx-ui has Race Condition that Leads to Persistent Data Corruption and Service CollapseCVE-2026-33027Mediumgithub.com/0xJacky/Nginx-UI: Nginx Configuration Directory Vulnerable to Recursive Deletion via Improper Path ValidationCVE-2026-33026Criticalgithub.com/0xJacky/Nginx-UI: nginx-ui Backup Restore Allows Tampering with Encrypted BackupsCVE-2026-27944Criticalgithub.com/0xJacky/Nginx-UI: Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key DisclosureCVE-2024-23828Highgithub.com/0xJacky/Nginx-UI: Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLFCVE-2024-23827Criticalgithub.com/0xJacky/Nginx-UI: Nginx-UI vulnerable to arbitrary file write through the Import Certificate featureCVE-2024-22198Highgithub.com/0xJacky/Nginx-UI: Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting…CVE-2024-22197Highgithub.com/0xJacky/Nginx-UI: Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)CVE-2024-22196Highgithub.com/0xJacky/Nginx-UI: Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)

Stop the waste.
Protect your environment with Kodem.