github.com/hashicorp/vault vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-5807Highgithub.com/hashicorp/vault: HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey…CVE-2026-5052Mediumgithub.com/hashicorp/vault: HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via…CVE-2026-3605Highgithub.com/hashicorp/vault: HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to…CVE-2026-4525Highgithub.com/hashicorp/vault: HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header SanitizationCVE-2025-12044Highgithub.com/hashicorp/vault: Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSONCVE-2025-11621Highgithub.com/hashicorp/vault: HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypassCVE-2025-6203Highgithub.com/hashicorp/vault: HashiCorp Vault Community Edition Denial of Service Though Complex JSON PayloadsCVE-2025-6013Mediumgithub.com/hashicorp/vault: HashiCorp Vault ldap auth method may not have correctly enforced MFACVE-2025-6015Mediumgithub.com/hashicorp/vault: Hashicorp Vault has Login MFA Rate Limit Bypass VulnerabilityCVE-2025-6011Lowgithub.com/hashicorp/vault: Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing UsersCVE-2025-6037Mediumgithub.com/hashicorp/vault: Hashicorp Vault has Incorrect Validation for Non-CA CertificatesCVE-2025-6004Mediumgithub.com/hashicorp/vault: Hashicorp Vault has Lockout Feature Authentication BypassCVE-2025-5999Highgithub.com/hashicorp/vault: Hashicorp Vault has Privilege Escalation VulnerabilityCVE-2025-6000Criticalgithub.com/hashicorp/vault: Hashicorp Vault has Code Execution Vulnerability via Plugin ConfigurationCVE-2025-6014Mediumgithub.com/hashicorp/vault: Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse CVE-2025-4656Lowgithub.com/hashicorp/vault: Vault Community Edition rekey and recovery key operations can cause denial of serviceCVE-2025-3879Mediumgithub.com/hashicorp/vault: Hashicorp Vault Community vulnerable to Incorrect AuthorizationCVE-2025-4166Mediumgithub.com/hashicorp/vault: Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive InformationCVE-2024-8185Highgithub.com/hashicorp/vault: Hashicorp Vault vulnerable to denial of service through memory exhaustionCVE-2024-9180Highgithub.com/hashicorp/vault: Vault Community Edition privilege escalation vulnerabilityCVE-2024-7594Highgithub.com/hashicorp/vault: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By DefaultCVE-2024-8365Mediumgithub.com/hashicorp/vault: Vault Leaks Client Token and Token Accessor in Audit DevicesCVE-2024-6468Highgithub.com/hashicorp/vault: Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions CVE-2024-5798Lowgithub.com/hashicorp/vault: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience ClaimsCVE-2024-2660Mediumgithub.com/hashicorp/vault: HashiCorpVault does not correctly validate OCSP responses

Stop the waste.
Protect your environment with Kodem.