github.com/dragonflyoss/dragonfly vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-59410Mediumgithub.com/dragonflyoss/dragonfly: DragonFly's tiny file download uses hard coded HTTP protocolCVE-2025-59354Mediumgithub.com/dragonflyoss/dragonfly: DragonFly has weak integrity checks for downloaded filesCVE-2025-59353Highgithub.com/dragonflyoss/dragonfly: DragonFly's manager generates mTLS certificates for arbitrary IP addressesCVE-2025-59352Mediumgithub.com/dragonflyoss/dragonfly: DragonFly vulnerable to arbitrary file read and write on a peer machineCVE-2025-59351Mediumgithub.com/dragonflyoss/dragonfly: DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an errorCVE-2025-59350Mediumgithub.com/dragonflyoss/dragonfly: Dragonfly vulnerable to timing attacks against Proxy’s basic authenticationCVE-2025-59349Lowgithub.com/dragonflyoss/dragonfly: Dragonfly's directories created via os.MkdirAll are not checked for permissionsCVE-2025-59348Mediumgithub.com/dragonflyoss/dragonfly: Dragonfly incorrectly handles a task structure’s usedTrac fieldCVE-2025-59347Mediumgithub.com/dragonflyoss/dragonfly: Dragonfly's manager makes requests to external endpoints with disabled TLS authenticationCVE-2025-59346Highgithub.com/dragonflyoss/dragonfly: Dragonfly vulnerable to server-side request forgeryCVE-2025-59345Highgithub.com/dragonflyoss/dragonfly: Dragonfly doesn't have authentication enabled for some Manager’s endpoints

Stop the waste.
Protect your environment with Kodem.