github.com/zalando/skipper

Go4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/zalando/skipperpage 1 of 1

CVE-2022-34296HIGHCVSS 7.5EG 7.5✓ Fixed in 0.13.218
2022-06-23
In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.
CVE-2022-38580CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.13.237
2022-10-25
Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).
CVE-2026-23742HIGHCVSS 8.8EG 8.8✓ Fixed in 0.23.0
2026-01-16
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline…
CVE-2026-24470HIGHCVSS 8.1EG 8.1✓ Fixed in 0.24.0
2026-01-26
Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes t…

Check whether github.com/zalando/skipper is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/zalando/skipper CVEs against the assets you own.

Start Free Scan →