github.com/tilt-dev/tilt
Go3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/tilt-dev/tiltpage 1 of 1
- CVE-2026-55882HIGHCVSS 0.0EG 0.0✓ Fixed in 0.37.42026-06-19
Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server ## Summary The Tilt HUD server mounts Go's `net/http/pprof` handlers under `/debug` with no access control. When the HUD is network-exposed, an attacker can read process m…
- CVE-2026-55883HIGHCVSS 0.0EG 0.0✓ Fixed in 0.37.42026-06-19
Tilt: Cross-site WebSocket hijacking of the Tilt HUD stream ## Summary The Tilt HUD WebSocket (`/ws/view`) is gated by a CSRF token, but the token is served by an unauthenticated endpoint and the upgrader accepts any client that omits an …
- CVE-2026-55884CRITICALCVSS 0.0EG 0.0✓ Fixed in 0.37.42026-06-19
Tilt: Missing authentication on the network-exposed Tilt HUD server ## Summary The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network…
Check whether github.com/tilt-dev/tilt is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/tilt-dev/tilt CVEs against the assets you own.
Start Free Scan →