CRITICAL9.8CVE-2022-28357NATS nats-server allows directory traversal via unintended path to a management action in github.com/nats-io/nats-server >= 2.2.0, < 2.7.4
CRITICAL9.8CVE-2020-26892Incorrect handling of credential expiry in github.com/nats-io/jwt from 0, < 2.1.9
CRITICAL9.6CVE-2025-30215NATS-Server Fails to Authorize Certain Jetstream Admin APIs >= 2.11.0-RC.1, < 2.11.1
CRITICAL9.6NATS-Server Fails to Authorize Certain Jetstream Admin APIs
>= 2.2.0, < 2.10.27, >= 2.11.0, < 2.11.1
HIGH8.8Incorrect Authorization in NATS nats-server in github.com/nats-io/nats-server
>= 2.0.0, < 2.7.2
HIGH8.8Incorrect Authorization in NATS nats-server in github.com/nats-io/nats-server
>= 2.0.0, < 2.7.2
HIGH8.6NATS has MQTT plaintext password disclosure
from 0, < 2.11.15
HIGH8.6NATS has MQTT plaintext password disclosure
from 0, < 2.11.15, >= 2.12.0-RC.1, < 2.12.6
HIGH7.5NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead
>= 2.2.0, < 2.11.14, >= 2.12.0, < 2.12.5
HIGH7.5NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead
>= 2.2.0, < 2.11.14
HIGH7.5NATS has pre-auth server panic via leafnode handling
from 0, < 2.11.15, >= 2.12.0-RC.1, < 2.12.6
HIGH7.5NATS has pre-auth server panic via leafnode handling
from 0, < 2.11.15
HIGH7.5NATS Server panic via malicious compression on leafnode port
from 0, < 2.11.14
HIGH7.5NATS Server panic via malicious compression on leafnode port
from 0, < 2.11.14, >= 2.12.0-RC.1, < 2.12.5
HIGH7.5xkeys Seal encryption used fixed key for all encryption
>= 2.10.0, < 2.10.4
HIGH7.5Denial of Service (DoS)
from 0, < 2.2.0
HIGH7.5Denial of Service (DoS)
from 0, < 2.2.0
HIGH7.5Import token permissions checking not enforced in github.com/nats-io/jwt
from 0, < 2.2.0
HIGH7.5Import token permissions checking not enforced in github.com/nats-io/jwt
from 0, < 2.2.0
HIGH7.5Panic in NATS JWT decoding in github.com/nats-io/jwt
from 0, < 2.1.9
HIGH7.5Integer Overflow or Wraparound in NATS Server in github.com/nats-io/nats-server
from 0, < 2.2.0
HIGH7.5Integer Overflow or Wraparound in NATS Server in github.com/nats-io/nats-server
from 0, < 2.2.0
HIGH7.4NATS credentials are exposed in monitoring port via command-line argv
from 0, < 2.11.15
HIGH7.4NATS credentials are exposed in monitoring port via command-line argv
from 0, < 2.11.15, >= 2.12.0-RC.1, < 2.12.6
HIGH7.1NATS allows MQTT clients to bypass ACL checks
from 0, < 2.11.15
HIGH7.1NATS allows MQTT clients to bypass ACL checks
from 0, < 2.11.15, >= 2.12.0-RC.1, < 2.12.6
MEDIUM6.5NATS is vulnerable to MQTT hijacking via Client ID
from 0, < 2.11.15, >= 2.12.0-RC.1, < 2.12.6
MEDIUM6.5NATS is vulnerable to MQTT hijacking via Client ID
from 0, < 2.11.15
MEDIUM6.5NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects in github.com/nats-io/nats-server
from 0, < 2.8.2
MEDIUM6.5NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects in github.com/nats-io/nats-server
from 0, < 2.8.2
MEDIUM6.5Authorization bypass in github.com/nats-io/nats-server/v2
>= 2.2.0, < 2.9.23
MEDIUM6.5Authorization bypass in github.com/nats-io/nats-server/v2
>= 2.2.0, < 2.9.23, >= 2.10.0, < 2.10.2
MEDIUM6.5Arbitrary file write in nats-server in github.com/nats-io/nats-server
>= 2.2.0, < 2.7.4
MEDIUM6.5Arbitrary file write in nats-server in github.com/nats-io/nats-server
>= 2.2.0, < 2.7.4
MEDIUM6.4NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
from 0, < 2.11.15, >= 2.12.0-RC.1, < 2.12.6
MEDIUM6.4NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
from 0, < 2.11.15
MEDIUM6.4NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
from 0, < 2.11.15, >= 2.12.0-RC.1, < 2.12.6
MEDIUM6.4NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
from 0, < 2.11.15
MEDIUM5.9nats-server websockets are vulnerable to pre-auth memory DoS
from 0, < 2.11.12
MEDIUM5.9nats-server websockets are vulnerable to pre-auth memory DoS
from 0, < 2.11.12, >= 2.12.0-RC.1, < 2.12.3
MEDIUM5.3NATS is vulnerable to pre-auth DoS through WebSockets client service
from 0, < 2.11.15
MEDIUM5.3NATS is vulnerable to pre-auth DoS through WebSockets client service
from 0, < 2.11.15, >= 2.12.0-RC.1, < 2.12.6
MEDIUM4.9NATS JetStream has an authorization bypass through its Management API
from 0, < 2.11.15, >= 2.12.0-RC.1, < 2.12.6
MEDIUM4.9NATS JetStream has an authorization bypass through its Management API
from 0, < 2.11.15
MEDIUM4.3NATS: Message tracing can be redirected to arbitrary subject
>= 2.11.0, < 2.11.15
MEDIUM4.3NATS: Message tracing can be redirected to arbitrary subject
>= 2.11.0, < 2.11.15, >= 2.12.0-preview.1, < 2.12.6
MEDIUM4.2NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
from 0, < 2.11.15, >= 2.12.0-RC.1, < 2.12.6
MEDIUM4.2NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
from 0, < 2.11.15
—NATS server TLS missing ciphersuite settings when CLI flags used in github.com/nats-io/nats-server
from 0, < 2.2.3
—NATS server TLS missing ciphersuite settings when CLI flags used in github.com/nats-io/nats-server
from 0, < 2.2.3