github.com/forgekeep/nebula-mesh vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-7RX3-5WX3-5V76Highgithub.com/forgekeep/nebula-mesh: Nebula-mesh allows non-admin operators to disable webhook SSRF protection via `allow_private`CVE-2026-61699Highgithub.com/forgekeep/nebula-mesh: nebula-mesh: Certificate revocation is never enforced at the meshCVE-2026-55513Mediumgithub.com/forgekeep/nebula-mesh: nebula-mesh: Web UI host creation ignores configured enrollment token TTL and mints 24-hour bearer enrollment tokensCVE-2026-55512Mediumgithub.com/forgekeep/nebula-mesh: nebula-mesh: Unauthenticated OIDC login endpoint allocates unbounded in-memory state entries without rate limitingCVE-2026-53603Highgithub.com/forgekeep/nebula-mesh: nebula-mesh: Operator session tokens stored in plaintext in the databaseCVE-2026-53604Highgithub.com/forgekeep/nebula-mesh: nebula-mesh: CA private key not zeroized on web mobile-bundle error pathsCVE-2026-53602Mediumgithub.com/forgekeep/nebula-mesh: nebula-mesh: Host revocation is not durable - blocked/offboarded hosts can regain a valid certificateCVE-2026-48025Mediumgithub.com/juev/nebula-mesh: nebula-mesh: Decrypted CA private key persists in heap after signing

Stop the waste.
Protect your environment with Kodem.