github.com/0xJacky/nginx-ui

Go3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/0xJacky/nginx-uipage 1 of 1

CVE-2026-42222HIGHCVSS 8.1EG 8.1
2026-05-04
vulnerable: 2.3.5
Nginx UI is a web user interface for the Nginx web server. In version 2.3.5, an unauthenticated bootstrap takeover exists in nginx-ui during the initial installation window exposed by POST /api/install. At time of publication no public pat…
CVE-2026-42223MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.3.8
2026-05-04
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, the GetSettings API handler (api/settings/settings.go:24-65) serializes all settings structs to JSON and returns them to authenticated users. Many sensitive…
CVE-2026-42238CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.3.8
2026-05-04
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint (POST /api/restore) that is completely unauthenticated during the first 10 minutes after process startup on any f…

Check whether github.com/0xJacky/nginx-ui is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/0xJacky/nginx-ui CVEs against the assets you own.

Start Free Scan →