github.com/amir20/dozzle
Go4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/amir20/dozzlepage 1 of 1
- CVE-2024-47182MEDIUMCVSS 4.8EG 4.82024-09-27
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for p…
- CVE-2026-24740CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.29.1-0.20260125230338-620e59aa24632026-01-27
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell i…
- CVE-2026-44985CRITICALCVSS 9.6EG 9.62026-05-26
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Com…
- CVE-2026-45298HIGHCVSS 8.6EG 8.62026-05-18
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy (the documented quickstart, no DOZZLE_AUTH_PROVIDER set), POST /api/notifications/test-webhook is reachable without authentication and forwa…
Check whether github.com/amir20/dozzle is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/amir20/dozzle CVEs against the assets you own.
Start Free Scan →