pkg:Go/github.com/treeverse/lakefs
10 total CVEsHIGH2MEDIUM8
✅ Check your installed version
All known vulnerabilities
- HIGH8.1CVE-2026-26187lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefsfrom 0, < 1.77.0
- HIGH8.1CVE-2026-26187lakeFS vulnerable to path traversal in local block adapter allow cross-namespace and sibling directory access in github.com/treeverse/lakefsfrom 0, < 1.77.0
- MEDIUM6.5CVE-2025-68671lakeFS is Missing Timestamp Validation in S3 Gateway Authentication in github.com/treeverse/lakefsfrom 0, < 1.75.0
- MEDIUM6.5CVE-2025-68671lakeFS is Missing Timestamp Validation in S3 Gateway Authentication in github.com/treeverse/lakefsfrom 0, < 1.75.0
- MEDIUM6.5CVE-2025-27100lakeFS allows an authenticated user to cause a crash by exhausting server memory in github.com/treeverse/lakefsfrom 0, < 1.50.0
- MEDIUM6.5CVE-2025-27100lakeFS allows an authenticated user to cause a crash by exhausting server memory in github.com/treeverse/lakefsfrom 0, < 1.50.0
- MEDIUM5.7CVE-2024-43784Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion in github.com/treeverse/lakefsfrom 0, < 1.33.0
- MEDIUM5.7CVE-2024-43784Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion in github.com/treeverse/lakefsfrom 0, < 1.33.0
- MEDIUM5.3CVE-2025-64179lakeFS affected by unauthenticated access to API usage metrics in github.com/treeverse/lakefsfrom 0, < 1.71.0
- MEDIUM5.3CVE-2025-64179lakeFS affected by unauthenticated access to API usage metrics in github.com/treeverse/lakefsfrom 0, < 1.71.0