github.com/gofiber/fiber
Go5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/gofiber/fiberpage 1 of 1
- CVE-2020-15111MEDIUMCVSS 4.2EG 4.2✓ Fixed in 1.12.62020-07-20
In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and…
- CVE-2023-41338MEDIUMCVSS 5.3EG 5.32023-09-08
Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to res…
- CVE-2024-38513CRITICALCVSS 10.0EG 10.02024-07-01
Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id valu…
- CVE-2025-48075HIGHCVSS 7.5EG 7.52025-05-22
Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a…
- CVE-2025-66630CRITICALCVSS 9.4EG 9.42026-02-09
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by …
Check whether github.com/gofiber/fiber is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/gofiber/fiber CVEs against the assets you own.
Start Free Scan →