Security: nats-io/nats-server
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Message tracing can be redirected to arbitrary subjectGHSA-8m2x-3m6q-6w8j published
Mar 24, 2026 by philpennockModerate -
credentials via command-line argv exposed to monitoringGHSA-x6g4-f6q3-fqvv published
Mar 24, 2026 by philpennockHigh -
mTLS DN-based identity auth bypass for some DN patternsGHSA-3f24-pcvm-5jqc published
Mar 24, 2026 by philpennockModerate -
JetStream: Stream restore endpoint auth bypassGHSA-9983-vrx2-fg9c published
Mar 24, 2026 by philpennockModerate -
Internal identity header Nats-Request-Info spoofableGHSA-pwx7-fx9r-hr4h published
Mar 24, 2026 by philpennockModerate -
WebSockets pre-auth DoSGHSA-8r68-gvr4-jh7j published
Mar 24, 2026 by philpennockModerate -
Pre-auth server panic in leafnode handlingGHSA-vprv-35vv-q339 published
Mar 24, 2026 by philpennockHigh -
Leafnode spoofing of Nats-Request-Info identity informationGHSA-55h8-8g96-x4hj published
Mar 24, 2026 by philpennockModerate -
MQTT ACLs ineffectiveGHSA-jxxm-27vp-c3m5 published
Mar 24, 2026 by philpennockHigh -
MQTT plaintext password disclosureGHSA-v722-jcv5-w7mc published
Mar 24, 2026 by philpennockHigh
Learn more about advisories related to nats-io/nats-server in the GitHub Advisory Database