pkg:Go/github.com/coredns/coredns

All known vulnerabilities

• HIGH7.7CVE-2026-26017CoreDNS ACL Bypass in github.com/coredns/coredns
  from 0, < 1.14.2
• HIGH7.7CVE-2026-26017CoreDNS ACL Bypass in github.com/coredns/coredns
  from 0, < 1.14.2
• HIGH7.5CVE-2026-35579CoreDNS has TSIG authentication bypass on gRPC and QUIC transports
  from 0, < 1.14.3
• HIGH7.5CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC
  from 0, < 1.14.3
• HIGH7.5CoreDNS' transfer stanza selection uses lexicographic compare (subzone ACL bypass)
  from 0, < 1.14.3
• HIGH7.5CoreDNS DoH GET oversized dns= query parameter causes pre-validation CPU and memory amplification
  from 0, < 1.14.3
• HIGH7.5CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns
  from 0, < 1.14.3
• HIGH7.5CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns
  from 0, < 1.14.3
• HIGH7.5CoreDNS Loop Detection Denial of Service Vulnerability in github.com/coredns/coredns
  from 0, < 1.14.2
• HIGH7.5CoreDNS Loop Detection Denial of Service Vulnerability in github.com/coredns/coredns
  from 0, < 1.14.2
• HIGH7.5CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification in github.com/coredns/coredns
  from 0, < 1.12.2
• HIGH7.5CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification in github.com/coredns/coredns
  from 0, < 1.12.2
• HIGH7.1CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion in github.com/coredns/coredns
  >= 1.2.0, < 1.12.4
• HIGH7.1CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion in github.com/coredns/coredns
  >= 1.2.0, < 1.12.4
• MEDIUM6.1coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
  from 0, <= 1.9.3
• MEDIUM5.9CoreDNS vulnerable to TuDoor Attacks in github.com/coredns/coredns
  from 0, < 1.11.0
• MEDIUM5.9CoreDNS vulnerable to TuDoor Attacks in github.com/coredns/coredns
  from 0, < 1.11.0
• MEDIUM5.3CoreDNS may return invalid cache entries in github.com/coredns/coredns
  from 0, < 1.11.2
• MEDIUM5.3CoreDNS may return invalid cache entries in github.com/coredns/coredns
  from 0, < 1.11.2
• MEDIUM4.4coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
  from 0, <= 1.9.3
• LOW3.7CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns
  from 0, <= 1.10.1
• LOW3.7CoreDNS Cache Poisoning via a birthday attack in github.com/coredns/coredns
  from 0, < 1.11.0
• —CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages in github.com/coredns/coredns
  from 0, < 1.14.0
• —CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages in github.com/coredns/coredns
  from 0, < 1.14.0