pkg:Go/go.temporal.io/server

All known vulnerabilities

• MEDIUM4.4CVE-2024-2689Temporal Server Denial of Service in go.temporal.io/server
  from 0, < 1.20.5, >= 1.21.0, < 1.21.6, >= 1.22.0-rc1, < 1.22.7
• LOW3.0CVE-2023-3485Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
  from 0, < 1.20.0
• LOW3.0CVE-2023-3485Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
  from 0, < 1.20.0
• —CVE-2026-5724Temporal does not enforce authentication and authorization for the streaming AdminService/StreamWorkflowReplicationMessages endpoint
  from 0, < 1.28.4
• —CVE-2026-5199Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster
  >= 1.30.0-143.0, < 1.30.3
• —CVE-2025-14986Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts
  >= 1.24.0, < 1.27.4
• —CVE-2025-14987Temporal has an Incorrect Authorization vulnerability
  from 0, < 1.27.4
• —CVE-2025-14987Temporal has an Incorrect Authorization vulnerability
  from 0, < 1.27.4, >= 1.28.0, < 1.28.2, >= 1.29.0, < 1.29.2
• —CVE-2025-14986Temporal has a namespace policy bypass allowing requests to be authorized for incorrect contexts
  >= 1.24.0, < 1.27.4, >= 1.28.0, < 1.28.2, >= 1.29.0, < 1.29.2
• —CVE-2025-8396Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling
  from 0, < 1.26.3
• —CVE-2025-8396Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling
  from 0, < 1.26.3, >= 1.27.0-126.0, < 1.27.3, >= 1.28.0-129.0, < 1.28.1