github.com/hahwul/dalfox/v2
Go4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/hahwul/dalfox/v2page 1 of 1
- CVE-2026-45087CRITICALCVSS 10.0EG 10.0✓ Fixed in 2.13.02026-05-27
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by default and requires no API key unless the…
- CVE-2026-45088HIGHCVSS 7.5EG 7.5✓ Fixed in 2.13.02026-05-27
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the a…
- CVE-2026-45089HIGHCVSS 8.2EG 8.2✓ Fixed in 2.13.02026-05-27
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directl…
- CVE-2026-45090HIGHCVSS 7.5EG 7.5✓ Fixed in 2.13.02026-05-27
Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The chan…
Check whether github.com/hahwul/dalfox/v2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/hahwul/dalfox/v2 CVEs against the assets you own.
Start Free Scan →