github.com/getarcaneapp/arcane/backend
Go8 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/getarcaneapp/arcane/backendpage 1 of 1
- CVE-2026-23520CRITICALCVSS 9.0EG 9.0✓ Fixed in 0.0.0-20260114065515-5a9c2f92e11f2026-01-15
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcan…
- CVE-2026-40242HIGHCVSS 7.2EG 7.2✓ Fixed in 1.17.32026-04-10
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL withou…
- CVE-2026-42461HIGHCVSS 7.5EG 7.5✓ Fixed in 1.18.02026-05-09
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without any Security requirement, allowing any …
- CVE-2026-45625CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.19.02026-05-18
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing Gi…
- CVE-2026-45626MEDIUMCVSS 6.3EG 6.32026-05-18
Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is passed to a shell command (sh -c "find �…
- CVE-2026-45627HIGHCVSS 8.2EG 8.2✓ Fixed in 1.19.02026-05-18
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document vi…
- CVE-2026-47125HIGHCVSS 8.8EG 8.8✓ Fixed in 1.19.22026-05-23
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/{id}/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitutio…
- CVE-2026-47179HIGHCVSS 7.7EG 7.7✓ Fixed in 1.19.42026-05-28
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file b…
Check whether github.com/getarcaneapp/arcane/backend is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/getarcaneapp/arcane/backend CVEs against the assets you own.
Start Free Scan →