pkg:Go/github.com/coredns/coredns

24 total CVEsHIGH14MEDIUM6LOW2

✅ Check your installed version

All known vulnerabilities

  • HIGH7.7CVE-2026-26017CoreDNS ACL Bypass
    from 0, < 1.14.2
  • HIGH7.7CVE-2026-26017CoreDNS ACL Bypass
    from 0, < 1.14.2
  • HIGH7.5CVE-2026-35579CoreDNS has TSIG authentication bypass on gRPC and QUIC transports
    from 0, < 1.14.3
  • HIGH7.5CVE-2026-33190CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC
    from 0, < 1.14.3
  • HIGH7.5CVE-2026-33489CoreDNS' transfer stanza selection uses lexicographic compare (subzone ACL bypass)
    from 0, < 1.14.3
  • HIGH7.5CVE-2026-32936CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification
    from 0, < 1.14.3
  • HIGH7.5CVE-2026-32934CoreDNS' DoQ worker pool does not bound stream backlog
    from 0, < 1.14.3
  • HIGH7.5CVE-2026-32934CoreDNS' DoQ worker pool does not bound stream backlog
    from 0, < 1.14.3
  • HIGH7.5CVE-2026-26018CoreDNS Loop Detection Denial of Service Vulnerability
    from 0, < 1.14.2
  • HIGH7.5CVE-2026-26018CoreDNS Loop Detection Denial of Service Vulnerability
    from 0, < 1.14.2
  • HIGH7.5CVE-2025-47950CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification in github.com/coredns/coredns
    from 0, < 1.12.2
  • HIGH7.5CVE-2025-47950CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification in github.com/coredns/coredns
    from 0, < 1.12.2
  • HIGH7.1CVE-2025-58063CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion
    >= 1.2.0, < 1.12.4
  • HIGH7.1CVE-2025-58063CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion
    >= 1.2.0, < 1.12.4
  • MEDIUM6.1CVE-2022-2837coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
    from 0, <= 1.9.3
  • MEDIUM5.9CVE-2023-28452CoreDNS vulnerable to TuDoor Attacks
    from 0, < 1.11.0
  • MEDIUM5.9CVE-2023-28452CoreDNS vulnerable to TuDoor Attacks
    from 0, < 1.11.0
  • MEDIUM5.3CVE-2024-0874CoreDNS may return invalid cache entries in github.com/coredns/coredns
    from 0, < 1.11.2
  • MEDIUM5.3CVE-2024-0874CoreDNS may return invalid cache entries in github.com/coredns/coredns
    from 0, < 1.11.2
  • MEDIUM4.4CVE-2022-2835coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
    from 0, <= 1.9.3
  • LOW3.7CVE-2023-30464CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns
    from 0, <= 1.10.1
  • LOW3.7CVE-2023-30464CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns
    from 0, < 1.11.0
  • CVE-2025-68151CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages
    from 0, < 1.14.0
  • CVE-2025-68151CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages
    from 0, < 1.14.0