github.com/nezhahq/nezha
Go10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/nezhahq/nezhapage 1 of 1
- CVE-2026-46716CRITICALCVSS 9.9EG 9.9✓ Fixed in 1.14.15-0.20260517022419-d7526351cf972026-05-23
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers=[] and an arbit…
- CVE-2026-46717HIGHCVSS 7.7EG 7.7✓ Fixed in 1.14.15-0.20260517022419-d06d539d34c12026-05-23
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin (Role==0) and RoleMember (Role==1). The notifi…
- CVE-2026-47120HIGHCVSS 7.1EG 7.1✓ Fixed in 1.14.15-0.20260517022419-d7526351cf972026-05-23
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check). …
- CVE-2026-47124MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.14.15-0.20260517034128-05e5da2535192026-05-23
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry…
- CVE-2026-47268MEDIUMCVSS 6.4EG 6.4✓ Fixed in 2.0.102026-05-29
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook a…
- CVE-2026-48119HIGHCVSS 7.1EG 7.1✓ Fixed in 2.0.122026-06-01
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has …
- CVE-2026-49396HIGHCVSS 7.1EG 7.1✓ Fixed in 2.0.142026-06-10
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been …
- CVE-2026-49397MEDIUMCVSS 5.3EG 5.3✓ Fixed in 2.0.142026-06-10
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking n…
- CVE-2026-53520MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.1.02026-06-12
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. Th…
- CVE-2026-53523MEDIUMCVSS 6.8EG 6.8✓ Fixed in 2.2.02026-06-12
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating …
Check whether github.com/nezhahq/nezha is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/nezhahq/nezha CVEs against the assets you own.
Start Free Scan →