CRITICAL10.0CVE-2026-4370Juju has Improper TLS Client/Server authentication and certificate verification on Database Cluster from 0, <= 0.0.0-20260401092550-1c1ac1922b57
CRITICAL9.9CVE-2026-5412Juju: CloudSpec method leaking cloud credentials from 0, < 0.0.0-20260408003526-d395054dc2c3
CRITICAL9.8CVE-2017-9232Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju from 0, < 0.0.0-20170524231039-0417178a3c28
CRITICAL9.8Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju
from 0, < 0.0.0-20170524231039-0417178a3c28
HIGH8.8Juju has unauthorized access to out-of-scope Kubernetes secrets in github.com/juju/juju
>= 0.0.0-20221021155847-35c560704ee2, < 0.0.0-20260319091847-d06919eb03ec
HIGH8.8Juju has unauthorized access to out-of-scope Kubernetes secrets in github.com/juju/juju
>= 0.0.0-20221021155847-35c560704ee2, < 0.0.0-20260319091847-d06919eb03ec
HIGH8.8Juju allows arbitrary executable uploads via authenticated endpoint without authorization in github.com/juju/juju
from 0, < 0.0.0-20250619215741-4034aa13c7cf
HIGH8.8Juju allows arbitrary executable uploads via authenticated endpoint without authorization in github.com/juju/juju
from 0
HIGH8.8Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju
from 0, < 0.0.0-20250619215741-6356e984b82a
HIGH8.8Juju zip slip vulnerability via authenticated endpoint in github.com/juju/juju
from 0, < 0.0.0-20250619215741-6356e984b82a
HIGH8.8CVE-2024-6984 in github.com/juju/juju
from 0
HIGH8.8CVE-2024-6984 in github.com/juju/juju
from 0, < 2.9.50
HIGH8.7JUJU_CONTEXT_ID is a predictable authentication secret in github.com/juju/juju
from 0, < 0.0.0-20240826044107-ecd7e2d0e986
HIGH8.7JUJU_CONTEXT_ID is a predictable authentication secret in github.com/juju/juju
from 0, < 0.0.0-20240826044107-ecd7e2d0e986
HIGH7.9Vulnerable juju introspection abstract UNIX domain socket in github.com/juju/juju
from 0
HIGH7.9Vulnerable juju introspection abstract UNIX domain socket in github.com/juju/juju
from 0, < 0.0.0-20240829052008-43f0fc59790d
HIGH7.6Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju
>= 0.0.0-20230919230135-f6a66aa91eec, < 0.0.0-20260319091847-d06919eb03ec
HIGH7.6Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju
>= 0.0.0-20230919230135-f6a66aa91eec, < 0.0.0-20260319091847-d06919eb03ec
MEDIUM6.6Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju
>= 0.0.0-20221021155847-35c560704ee2, < 0.0.0-20260319091847-d06919eb03ec
MEDIUM6.6Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju
>= 0.0.0-20221021155847-35c560704ee2, < 0.0.0-20260319091847-d06919eb03ec
MEDIUM6.5Juju has a resource poisoning vulnerability in github.com/juju/juju
from 0, < 0.0.0-20260120044552-26ff93c903d5
MEDIUM6.5Juju has a resource poisoning vulnerability in github.com/juju/juju
from 0, < 0.0.0-20260120044552-26ff93c903d5
MEDIUM6.5Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization in github.com/juju/juju
from 0, < 0.0.0-20250619024904-402ff008dcc2
MEDIUM6.5Juju vulnerable to sensitive log retrieval via authenticated endpoint without authorization in github.com/juju/juju
from 0, < 0.0.0-20250619024904-402ff008dcc2
MEDIUM6.5Vulnerable juju hook tool abstract UNIX domain socket in github.com/juju/juju
from 0, < 0.0.0-20240820065804-2f2ec128ef5a
MEDIUM6.5Vulnerable juju hook tool abstract UNIX domain socket in github.com/juju/juju
from 0, < 0.0.0-20240820065804-2f2ec128ef5a
MEDIUM6.4Juju: In-Memory Token Store for Discharge Tokens Lacks Concurrency Safety and Persistence
from 0, < 0.0.0-20260408003526-d395054dc2c3
MEDIUM5.3Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju
>= 3.0.0, < 3.6.19
MEDIUM5.3Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju
from 0
MEDIUM4.9Juju: Read All Controller Logs From Compromised Workload
from 0, < 0.0.0-20250623030540-c91a1f404695
MEDIUM4.9Juju controller - Arbitrary file reading vulnerability
>= 2.9.22, < 2.9.38
—Juju has broken CMR authorization in github.com/juju/juju
from 0, <= 0.0.0-20260127110037-9b1a0e53a4a4
—Juju has broken CMR authorization in github.com/juju/juju
from 0