pkg:Go/github.com/hashicorp/vault

106 total CVEsCRITICAL12HIGH43MEDIUM43LOW8

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2020-25816Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault
>= 1.0.0, < 1.5.4
CRITICAL9.8CVE-2020-25816Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault
>= 1.0.0-beta1, < 1.5.4
CRITICAL9.8CVE-2021-38553HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault
>= 1.4.0, < 1.8.0
CRITICAL9.8CVE-2021-38553HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault
>= 1.4.0, < 1.8.0
CRITICAL9.1CVE-2025-6000Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration
>= 0.8.0, < 1.20.1
CRITICAL9.1CVE-2025-6000Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration
>= 0.8.0, < 1.20.1
CRITICAL9.1CVE-2020-10661HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
>= 0.11.0, < 1.3.4
CRITICAL9.1CVE-2020-10661HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
>= 0.11.0, < 1.3.4
CRITICAL9.1CVE-2022-40186HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault
>= 1.8.0, < 1.9.9, >= 1.10.0, < 1.10.6, >= 1.11.0, < 1.11.3
CRITICAL9.1CVE-2022-40186HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault
>= 1.11.0, < 1.11.3
CRITICAL9.1CVE-2021-43998HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault
>= 0.11.0, < 1.7.6, >= 1.8.0, < 1.8.5
CRITICAL9.1CVE-2021-43998HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault
>= 0.11.0, < 1.7.6
HIGH8.2CVE-2020-16251HashiCorp Vault Authentication bypass in github.com/hashicorp/vault
>= 0.8.3, < 1.2.5
HIGH8.2CVE-2020-16251HashiCorp Vault Authentication bypass in github.com/hashicorp/vault
>= 0.8.3, < 1.2.5, >= 1.3.0, < 1.3.8, >= 1.4.0, < 1.4.4, >= 1.5.0, < 1.5.1
HIGH8.2CVE-2020-16250Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault
>= 0.8.1, < 1.2.5, >= 1.3.0, < 1.3.8, >= 1.4.0, < 1.4.4, >= 1.5.0, < 1.5.1
HIGH8.2CVE-2020-16250Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault
>= 0.8.1, < 1.2.5
HIGH8.1CVE-2026-3605Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service
>= 0.10.0, <= 1.21.4
HIGH8.1CVE-2025-11621HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault
>= 0.6.0, < 1.21.0
HIGH8.1CVE-2025-11621HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault
>= 0.6.0, < 1.21.0
HIGH8.1CVE-2024-2048Authentication bypass in github.com/hashicorp/vault
from 0, < 1.14.10, >= 1.15.0, < 1.15.5
HIGH8.1CVE-2024-2048Authentication bypass in github.com/hashicorp/vault
>= 1.15.0, < 1.15.5
HIGH8.1CVE-2023-24999Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
from 0, < 1.10.11
HIGH8.1CVE-2023-24999Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
from 0, < 1.10.11, >= 1.11.0, < 1.11.8, >= 1.12.0, < 1.12.4
HIGH8.1CVE-2021-42135Incorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vault
>= 1.8.0, < 1.8.5
HIGH8.1CVE-2021-42135Incorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vault
>= 1.8.0, <= 1.8.4
HIGH7.6CVE-2023-5077Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
from 0, < 1.13.0
HIGH7.6CVE-2023-5077Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
from 0, < 1.13.0
HIGH7.5CVE-2026-5807Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations
from 0, <= 1.21.4
HIGH7.5CVE-2026-4525Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header
>= 0.11.2, <= 1.21.4
HIGH7.5CVE-2025-12044Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
>= 1.20.3, < 1.21.0
HIGH7.5CVE-2025-12044Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
>= 1.20.3, < 1.21.0
HIGH7.5CVE-2025-6203HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault
from 0, < 1.20.3
HIGH7.5CVE-2025-6203HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault
from 0, < 1.20.3
HIGH7.5CVE-2024-8185Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault
>= 1.2.0, < 1.18.1
HIGH7.5CVE-2024-8185Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault
>= 1.2.0, < 1.18.1
HIGH7.5CVE-2024-7594Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
>= 1.7.7, < 1.17.6
HIGH7.5CVE-2024-7594Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
>= 1.7.7, < 1.17.6
HIGH7.5CVE-2024-6468Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
>= 1.10.0, < 1.15.12
HIGH7.5CVE-2024-6468Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
>= 1.10.0, < 1.16.3, >= 1.17.0-rc1, < 1.17.2
HIGH7.5CVE-2021-3282Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault
>= 1.6.0, < 1.6.2
HIGH7.5CVE-2021-3282Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault
>= 1.6.0, < 1.6.2
HIGH7.5CVE-2023-6337Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
>= 1.15.0, < 1.15.4
HIGH7.5CVE-2023-6337Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
>= 1.12.0, < 1.13.12, >= 1.14.0, < 1.14.8, >= 1.15.0, < 1.15.4
HIGH7.5CVE-2023-5954HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
from 0, < 1.13.10
HIGH7.5CVE-2023-5954HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
from 0, < 1.13.10, >= 1.14.0, < 1.14.6, >= 1.15.0, < 1.15.2
HIGH7.5CVE-2020-7220Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault
>= 0.11.0, < 1.3.2
HIGH7.5CVE-2020-7220Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault
>= 0.11.0, < 1.3.2
HIGH7.5CVE-2020-13223Information Disclosure in HashiCorp Vault in github.com/hashicorp/vault
>= 1.3.0, < 1.3.6
HIGH7.5CVE-2020-13223Information Disclosure in HashiCorp Vault in github.com/hashicorp/vault
>= 1.3.0, < 1.3.6, >= 1.4.0, < 1.4.2
HIGH7.4CVE-2021-32923Invalid session token expiration in github.com/hashicorp/vault
>= 1.7.0, < 1.7.2
HIGH7.4CVE-2021-32923Invalid session token expiration in github.com/hashicorp/vault
>= 0.10.0, < 1.5.9, >= 1.6.0, < 1.6.5, >= 1.7.0, < 1.7.2
HIGH7.2CVE-2025-5999Hashicorp Vault has Privilege Escalation Vulnerability
>= 0.10.4, < 1.20.0
HIGH7.2CVE-2025-5999Hashicorp Vault has Privilege Escalation Vulnerability
>= 0.10.4, < 1.20.0
HIGH7.2CVE-2024-9180Vault Operators in Root Namespace May Elevate Their Privileges
from 0, < 1.18.0
HIGH7.2CVE-2024-9180Vault Operators in Root Namespace May Elevate Their Privileges
from 0, < 1.18.0
MEDIUM6.8CVE-2025-6037Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault
from 0, < 1.20.1
MEDIUM6.8CVE-2025-6037Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault
from 0, < 1.20.1
MEDIUM6.8CVE-2023-4680HashiCorp Vault Improper Input Validation vulnerability
>= 1.6.0, < 1.12.11
MEDIUM6.8CVE-2023-4680HashiCorp Vault Improper Input Validation vulnerability
>= 1.6.0, < 1.12.11, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.3
MEDIUM6.7CVE-2023-0620HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
>= 0.8.0, < 1.11.9, >= 1.12.0, < 1.12.5, >= 1.13.0, < 1.13.1
MEDIUM6.7CVE-2023-0620HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
>= 0.8.0, < 1.11.9
MEDIUM6.6CVE-2025-3879Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
>= 1.10.0, < 1.19.1
MEDIUM6.6CVE-2025-3879Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
>= 1.10.0, < 1.19.1
MEDIUM6.5CVE-2025-6013HashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vault
from 0, < 1.20.2
MEDIUM6.5CVE-2025-6013HashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vault
from 0, < 1.20.2
MEDIUM6.5CVE-2025-6014Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vault
from 0, < 1.20.1
MEDIUM6.5CVE-2025-6014Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vault
from 0, < 1.20.1
MEDIUM6.5CVE-2024-8365Vault Leaks Client Token and Token Accessor in Audit Devices in github.com/hashicorp/vault
>= 1.17.3, < 1.17.5
MEDIUM6.5CVE-2024-8365Vault Leaks Client Token and Token Accessor in Audit Devices in github.com/hashicorp/vault
>= 1.17.3, < 1.17.5
MEDIUM6.5CVE-2020-35177Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault
>= 1.5.0, < 1.5.6
MEDIUM6.5CVE-2020-35177Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault
>= 1.5.0, < 1.5.6, >= 1.6.0, < 1.6.1
MEDIUM6.5CVE-2023-0665HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault
from 0, < 1.11.9
MEDIUM6.5CVE-2023-0665HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault
from 0, < 1.11.9, >= 1.12.0, < 1.12.5, >= 1.13.0, < 1.13.1
MEDIUM6.4CVE-2024-2660HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault
from 0, < 1.16.0
MEDIUM6.4CVE-2024-2660HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault
from 0, < 1.16.0
MEDIUM5.7CVE-2025-6015Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault
>= 1.10.0, < 1.20.1
MEDIUM5.7CVE-2025-6015Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault
>= 1.10.0, < 1.20.1
MEDIUM5.3CVE-2026-5052Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
>= 1.14.0, <= 1.21.4
MEDIUM5.3CVE-2025-6004Hashicorp Vault has Lockout Feature Authentication Bypass
>= 1.13.0, < 1.20.1
MEDIUM5.3CVE-2025-6004Hashicorp Vault has Lockout Feature Authentication Bypass
>= 1.13.0, < 1.20.1
MEDIUM5.3CVE-2020-10660HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
>= 0.9.0, < 1.3.4
MEDIUM5.3CVE-2020-10660HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
>= 0.9.0, < 1.3.4
MEDIUM5.3CVE-2023-3462HashiCorp Vault and Vault Enterprise vulnerable to user enumeration
from 0, < 1.13.5, >= 1.14.0, < 1.14.1
MEDIUM5.3CVE-2023-3462HashiCorp Vault and Vault Enterprise vulnerable to user enumeration
from 0, < 1.13.5
MEDIUM5.3CVE-2022-41316HashiCorp Vault's revocation list not respected
from 0, < 1.9.10, >= 1.10.0, < 1.10.7, >= 1.11.0, < 1.11.4
MEDIUM5.3CVE-2022-41316HashiCorp Vault's revocation list not respected
>= 1.11.0, < 1.11.4
MEDIUM5.3CVE-2022-30689HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault
>= 1.10.0, < 1.10.3
MEDIUM5.3CVE-2022-30689HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault
>= 1.10.0, < 1.10.3
MEDIUM5.3CVE-2021-38554Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
from 0, < 1.6.6
MEDIUM5.3CVE-2021-38554Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
from 0, < 1.6.6, >= 1.7.0, < 1.7.4
MEDIUM4.7CVE-2023-25000Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault
from 0, < 1.11.9
MEDIUM4.7CVE-2023-25000Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault
from 0, < 1.11.9, >= 1.12.0, < 1.12.5, >= 1.13.0, < 1.13.1
MEDIUM4.5CVE-2025-4166Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information
>= 0.3.0, < 1.19.3
MEDIUM4.5CVE-2025-4166Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information
>= 0.3.0, < 1.19.3
MEDIUM4.5CVE-2024-0831Hashicorp Vault may expose sensitive log information in github.com/hashicorp/vault
>= 1.15.0, < 1.15.5
MEDIUM4.5CVE-2024-0831Hashicorp Vault may expose sensitive log information in github.com/hashicorp/vault
>= 1.15.0, < 1.15.5
MEDIUM4.3CVE-2023-2121Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
from 0, < 1.11.11
MEDIUM4.3CVE-2023-2121Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
from 0, < 1.11.11, >= 1.12.0, < 1.12.7, >= 1.13.0, < 1.13.3
LOW3.7CVE-2025-6011Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users
from 0, < 1.20.1
LOW3.7CVE-2025-6011Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users
from 0, < 1.20.1
LOW3.1CVE-2025-4656Vault Community Edition rekey and recovery key operations can cause denial of service
>= 1.14.8, < 1.20.0
LOW3.1CVE-2025-4656Vault Community Edition rekey and recovery key operations can cause denial of service
>= 1.14.8, < 1.20.0
LOW2.9CVE-2021-41802Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault
from 0, < 1.7.5, >= 1.8.0, < 1.8.4
LOW2.9CVE-2021-41802Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault
from 0, < 1.7.5
LOW2.6CVE-2024-5798HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
>= 1.17.0-rc1, < 1.17.0
LOW2.6CVE-2024-5798HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
>= 0.11.0, < 1.16.3, >= 1.17.0-rc1, < 1.17.0