github.com/gofiber/fiber/v2
Go10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/gofiber/fiber/v2page 1 of 1
- CVE-2018-20744MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.43.02019-01-28
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration secur…
- CVE-2023-41338MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.49.2-0.20230906112033-b8c9ede6efa22023-09-08
Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to res…
- CVE-2023-45128CRITICALCVSS 10.0EG 10.0✓ Fixed in 2.50.02023-10-16
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf …
- CVE-2023-45141HIGHCVSS 8.6EG 8.6✓ Fixed in 2.50.02023-10-16
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user.…
- CVE-2024-25124CRITICALCVSS 9.4EG 9.4✓ Fixed in 2.52.12024-02-21
Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting…
- CVE-2024-38513CRITICALCVSS 10.0EG 10.0✓ Fixed in 2.52.52024-07-01
Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id valu…
- CVE-2025-48075HIGHCVSS 7.5EG 7.5✓ Fixed in 2.52.72025-05-22
Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a…
- CVE-2025-54801HIGHCVSS 7.5EG 7.5✓ Fixed in 2.52.92025-08-06
Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index (e.g., test.18446744073704), the appl…
- CVE-2025-66630CRITICALCVSS 9.4EG 9.4✓ Fixed in 2.52.112026-02-09
Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by …
- CVE-2026-42554MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.52.132026-05-11
Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html on any request whose handler passes att…
Check whether github.com/gofiber/fiber/v2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/gofiber/fiber/v2 CVEs against the assets you own.
Start Free Scan →