CRITICAL9.6CVE-2025-30215NATS-Server Fails to Authorize Certain Jetstream Admin APIs from 0
from 0
HIGH7.5CVE-2026-27889NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead from 0
HIGH7.5NATS has pre-auth server panic via leafnode handling
from 0
HIGH7.5NATS Server panic via malicious compression on leafnode port
from 0
HIGH7.5xkeys Seal encryption used fixed key for all encryption
from 0, < 2.10.4-1
HIGH7.4NATS credentials are exposed in monitoring port via command-line argv
from 0
HIGH7.1NATS allows MQTT clients to bypass ACL checks
from 0
MEDIUM6.5NATS is vulnerable to MQTT hijacking via Client ID
from 0
MEDIUM6.5NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects in github.com/nats-io/nats-server
from 0, < 2.9.8-1
MEDIUM6.5Authorization bypass in github.com/nats-io/nats-server/v2
from 0
MEDIUM6.4NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
from 0
MEDIUM6.4NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
from 0
MEDIUM5.9nats-server websockets are vulnerable to pre-auth memory DoS
from 0
MEDIUM5.3NATS is vulnerable to pre-auth DoS through WebSockets client service
from 0
MEDIUM4.9NATS JetStream has an authorization bypass through its Management API
from 0
MEDIUM4.3NATS: Message tracing can be redirected to arbitrary subject
from 0, < 2.12.6-1
MEDIUM4.2NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
from 0