pkg:Go/github.com/1Panel-dev/1Panel

All known vulnerabilities

• CRITICAL9.8CVE-2024-399071Panel has an SQL injection issue related to the orderBy clause
  from 0, < 1.10.12-tls
• CRITICAL9.8CVE-2024-399071Panel has an SQL injection issue related to the orderBy clause
  from 0
• HIGH8.8CVE-2023-374771Panel command injection vulnerability in Firewall ip functionality in github.com/1Panel-dev/1Panel
  from 0, < 1.4.3
• HIGH8.8CVE-2023-374771Panel command injection vulnerability in Firewall ip functionality in github.com/1Panel-dev/1Panel
  from 0, < 1.4.3
• HIGH7.5CVE-2025-665071Panel – CAPTCHA Bypass via Client-Controlled Flag in github.com/1Panel-dev/1Panel
  from 0, < 2.0.14
• HIGH7.5CVE-2025-665071Panel – CAPTCHA Bypass via Client-Controlled Flag in github.com/1Panel-dev/1Panel
  from 0, < 2.0.14+incompatible
• HIGH7.5CVE-2023-399661Panel arbitrary file write vulnerability in github.com/1Panel-dev/1Panel
  >= 1.4.3, < 1.5.0
• HIGH7.5CVE-2023-399661Panel arbitrary file write vulnerability in github.com/1Panel-dev/1Panel
  >= 1.4.3, < 1.5.0
• HIGH7.5CVE-2023-399641Panel O&M management panel has a background arbitrary file reading vulnerability in github.com/1Panel-dev/1Panel
  >= 1.4.3, < 1.5.0
• HIGH7.5CVE-2023-399641Panel O&M management panel has a background arbitrary file reading vulnerability in github.com/1Panel-dev/1Panel
  >= 1.4.3, < 1.5.0
• HIGH7.1CVE-2025-344291Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality
  >= 1.10.33, <= 2.0.15
• HIGH7.1CVE-2025-344291Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality
  from 0
• HIGH7.1CVE-2025-344101Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality
  from 0
• HIGH7.1CVE-2025-344101Panel contains a cross-site request forgery (CSRF) vulnerability in the Change Username functionality
  >= 1.10.33, <= 2.0.15
• MEDIUM6.5CVE-2025-665081Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers in github.com/1Panel-dev/1Panel
  from 0, < 2.0.14
• MEDIUM6.5CVE-2025-665081Panel IP Access Control Bypass via Untrusted X-Forwarded-For Headers in github.com/1Panel-dev/1Panel
  from 0, < 2.0.14+incompatible
• MEDIUM6.5CVE-2024-343521Panel arbitrary file write vulnerability
  from 0, < 1.10.3-lts
• MEDIUM6.5CVE-2024-343521Panel arbitrary file write vulnerability
  from 0, < 1.10.3-lts
• MEDIUM6.5CVE-2023-399651Panel Arbitrary File Download vulnerability in github.com/1Panel-dev/1Panel
  >= 1.4.3, < 1.5.0
• MEDIUM6.5CVE-2023-399651Panel Arbitrary File Download vulnerability in github.com/1Panel-dev/1Panel
  >= 1.4.3, < 1.5.0
• MEDIUM6.3CVE-2024-23521Panel is vulnerable to command injection in github.com/1Panel-dev/1Panel
  from 0, < 1.10.1-lts
• MEDIUM6.3CVE-2024-23521Panel is vulnerable to command injection in github.com/1Panel-dev/1Panel
  from 0, < 1.10.1-lts
• MEDIUM6.3CVE-2024-27288Unauthorized Console access in github.com/1Panel-dev/1Panel
  from 0, < 1.10.1-lts
• MEDIUM6.3CVE-2024-27288Unauthorized Console access in github.com/1Panel-dev/1Panel
  from 0, < 1.10.1-lts
• MEDIUM6.3CVE-2023-364581Panel vulnerable to command injection when entering the container terminal in github.com/1Panel-dev/1Panel
  from 0, < 1.3.6
• MEDIUM6.3CVE-2023-364581Panel vulnerable to command injection when entering the container terminal in github.com/1Panel-dev/1Panel
  from 0, < 1.3.6
• MEDIUM6.3CVE-2023-364571Panel vulnerable to command injection when adding container repositories in github.com/1Panel-dev/1Panel
  from 0, < 1.3.6
• MEDIUM6.3CVE-2023-364571Panel vulnerable to command injection when adding container repositories in github.com/1Panel-dev/1Panel
  from 0, < 1.3.6
• MEDIUM5.9CVE-2024-302571Panel's password verification is suspected to have a timing attack vulnerability
  from 0
• MEDIUM5.9CVE-2024-302571Panel's password verification is suspected to have a timing attack vulnerability
  from 0, < 1.10.3
• MEDIUM4.3CVE-2025-344301Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality
  from 0
• MEDIUM4.3CVE-2025-344301Panel contains a cross-site request forgery (CSRF) vulnerability in the panel name management functionality
  >= 1.10.33, <= 2.0.15
• LOW3.5CVE-2024-247681Panel set-cookie is missing the Secure keyword in github.com/1Panel-dev/1Panel
  from 0, < 1.9.6
• LOW3.5CVE-2024-247681Panel set-cookie is missing the Secure keyword in github.com/1Panel-dev/1Panel
  from 0, < 1.9.6
• —CVE-2024-399111Panel SQL injection in github.com/1Panel-dev/1Panel
  from 0, < 1.10.12-lts