pkg:Go/github.com/smallstep/certificates

7 total CVEsCRITICAL4MEDIUM2LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2026-30836step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
    from 0, < 0.30.0
  • CRITICAL10.0CVE-2026-30836step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
    from 0, < 0.30.0
  • CRITICAL10.0CVE-2025-44005Step CA Has Authorization Bypass in ACME and SCEP Provisioners
    from 0, < 0.29.0
  • CRITICAL10.0CVE-2025-44005Step CA Has Authorization Bypass in ACME and SCEP Provisioners
    from 0, < 0.29.0
  • MEDIUM5.0CVE-2025-66406step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates
    from 0, < 0.29.0
  • MEDIUM5.0CVE-2025-66406step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates
    from 0, < 0.29.0
  • LOW3.7CVE-2026-40097Step CA affected by an index out of bounds panic in TPM attestation EKU validation
    >= 0.24.0, < 0.30.0