pkg:Go/github.com/neuvector/neuvector

All known vulnerabilities

• CRITICAL9.9CVE-2025-54469NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector
  >= 5.3.0, < 5.3.5
• CRITICAL9.9CVE-2025-54469NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector
  >= 0.0.0-20230727023453-1c4957d53911, < 0.0.0-20251020133207-084a437033b4
• CRITICAL9.8NeuVector admin account has insecure default password in github.com/neuvector/neuvector
  >= 5.0.0, < 5.4.6
• CRITICAL9.8NeuVector admin account has insecure default password in github.com/neuvector/neuvector
  from 0
• HIGH8.8NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) in github.com/neuvector/neuvector
  from 0
• HIGH8.8NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) in github.com/neuvector/neuvector
  >= 5.3.0, < 5.4.8
• HIGH8.6NeuVector telemetry sender is vulnerable to MITM and DoS in github.com/neuvector/neuvector
  >= 5.3.0, < 5.3.5
• HIGH8.6NeuVector telemetry sender is vulnerable to MITM and DoS in github.com/neuvector/neuvector
  from 0
• MEDIUM6.5NeuVector is shipping cryptographic material into its binary in github.com/neuvector/neuvector
  >= 0.0.0-20230727023453-1c4957d53911, < 0.0.0-20251020133207-084a437033b4
• MEDIUM6.5NeuVector is shipping cryptographic material into its binary in github.com/neuvector/neuvector
  >= 5.3.0, < 5.4.7
• MEDIUM5.3NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector
  from 0
• MEDIUM5.3NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector
  >= 5.0.0, < 5.4.6
• MEDIUM5.3NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector
  >= 5.0.0, < 5.4.6
• MEDIUM5.3NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector
  from 0
• —JWT token compromise can allow malicious actions including Remote Code Execution (RCE) in github.com/neuvector/neuvector
  from 0, < 0.0.0-20231003121714-be746957ee7c
• —JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
  from 0, < 0.0.0-20231003121714-be746957ee7c