NATS Advisories
Security advisories for the NATS.io project
To report a vulnerability, please send email to security@nats.io.
NATS Advisories
- CVE-2021-32026
- TLS missing ciphersuite settings when CLI flags used (v.low severity)
- 2021-05-04
- CVE-2021-3127
- Import token permissions checking not enforced
- 2021-03-15
- CVE-2020-28466
- Account service import loop caused nats-server DoS
- NATS server upgrade required to avoid Denial-of-Service
- 2021-03-15
- CVE-2020-26521
- Nil deref in JWT library, causing Go panic
- NATS server upgrade required to avoid Denial-of-Service
- 2020-11-02
- CVE-2020-26892
- Incorrect credential expiration handling via JWT library
- API fixes needed by library users
- NATS server upgrade required for expiration to work
- 2020-11-02
- CVE-2020-26149
- Information disclosure in JS client libraries
- MITRE
- 2020-09-29