pkg:Go/github.com/OliveTin/OliveTin

22 total CVEsCRITICAL2HIGH10MEDIUM8

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2026-27626OliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks
    from 0, < 0.0.0-20260222101908-4bbd2eab1532
  • CRITICAL9.9CVE-2026-27626OliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks
    from 0
  • HIGH8.8CVE-2026-30223OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes
    from 0, < 0.0.0-20260304231339-e97d8ecbd8d6
  • HIGH8.8CVE-2026-30223OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes
    from 0, < 0.0.0-20260304231339-e97d8ecbd8d6
  • HIGH8.5CVE-2026-31817OliveTin's unsafe parsing of UniqueTrackingId can be used to write files
    from 0, < 0.0.0-20260309102040-b03af0e2eca3
  • HIGH8.5CVE-2026-31817OliveTin's unsafe parsing of UniqueTrackingId can be used to write files
    from 0, < 0.0.0-20260309102040-b03af0e2eca3
  • HIGH7.5CVE-2026-28790OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login
    from 0, < 0.0.0-20260302002902-d9804182eae4
  • HIGH7.5CVE-2026-28790OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login
    from 0, < 0.0.0-20260302002902-d9804182eae4
  • HIGH7.5CVE-2026-28789OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling
    from 0
  • HIGH7.5CVE-2026-28789OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling
    from 0, < 0.0.0-20260301235225-f044d90d5525c
  • HIGH7.5CVE-2026-28342OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint
    from 0, < 0.0.0-20260227002407-2eb5f0ba79d4
  • HIGH7.5CVE-2026-28342OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint
    from 0, < 0.0.0-20260227002407-2eb5f0ba79d4
  • MEDIUM6.5CVE-2026-30233OliveTin doesn't check view permission when returning dashboards
    from 0, < 0.0.0-20260305082002-d7962710e7c4
  • MEDIUM6.5CVE-2026-30233OliveTin doesn't check view permission when returning dashboards
    from 0, < 0.0.0-20260305082002-d7962710e7c4
  • MEDIUM6.5CVE-2025-50946OliveTin OS Command Injection vulnerability in github.com/OliveTin/OliveTin
    from 0
  • MEDIUM6.5CVE-2025-50946OliveTin OS Command Injection vulnerability in github.com/OliveTin/OliveTin
    from 0, <= 0.0.0-20250502155356-8c073bf45fca
  • MEDIUM5.4CVE-2026-30224OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session
    from 0
  • MEDIUM5.4CVE-2026-30224OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session
    from 0, < 0.0.0-20260304233115-d6a0abc3755d15
  • MEDIUM5.3CVE-2026-30225OliveTin's RestartAction always runs actions as guest
    from 0, < 0.0.0-20260305000458-cb46a597b246
  • MEDIUM5.3CVE-2026-30225OliveTin's RestartAction always runs actions as guest
    from 0, < 0.0.0-20260305000458-cb46a597b246
  • CVE-2026-32102OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream
    from 0
  • CVE-2026-32102OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream
    from 0, < 3000.10.2