github.com/treeverse/lakefs vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-26187Highgithub.com/treeverse/lakefs: lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling…CVE-2025-68671Mediumgithub.com/treeverse/lakefs: lakeFS is Missing Timestamp Validation in S3 Gateway AuthenticationCVE-2025-64179Mediumgithub.com/treeverse/lakefs: lakeFS affected by unauthenticated access to API usage metricsCVE-2025-27100Mediumgithub.com/treeverse/lakefs: lakeFS allows an authenticated user to cause a crash by exhausting server memoryCVE-2024-43784Mediumgithub.com/treeverse/lakefs: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to…GHSA-FVV5-H29G-F6W5Mediumgithub.com/treeverse/lakefs: User with ci:ReadAction permissions and write permissions to one path in a repository may copy…GHSA-4RGC-5G6R-2RJFHighgithub.com/treeverse/lakefs: lakeFS logs S3 credentials in plain textGHSA-26HR-Q2WP-RVC5Mediumgithub.com/treeverse/lakefs: User with permission to write actions can impersonate another user when auth token is configured in…GHSA-9PHH-R37V-34WHMediumgithub.com/treeverse/lakefs: lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML FilesGHSA-28Q9-9C3G-V3F9Highgithub.com/treeverse/lakefs: lakeFS vulnerable to authenticated users deleting files they are not authorized to deleteGHSA-M836-GXWQ-J2PMMediumgithub.com/treeverse/lakefs: Improper Access Control in github.com/treeverse/lakefs

Stop the waste.
Protect your environment with Kodem.