github.com/oxia-db/oxia

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/oxia-db/oxiapage 1 of 1

CVE-2026-40943HIGHCVSS 8.7EG 8.7✓ Fixed in 0.16.2
2026-04-21
Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat() method uses a blocking …
CVE-2026-40944MEDIUMCVSS 6.9EG 6.9✓ Fixed in 0.16.2
2026-04-21
Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates (e.g., in…
CVE-2026-40945HIGHCVSS 8.7EG 8.7✓ Fixed in 0.16.2
2026-04-21
Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in applicatio…
CVE-2026-40946CRITICALCVSS 9.2EG 9.2✓ Fixed in 0.16.2
2026-04-21
Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the standard audience (aud) claim validation …

Check whether github.com/oxia-db/oxia is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/oxia-db/oxia CVEs against the assets you own.

Start Free Scan →