www.velocidex.com/golang/velociraptor

Go6 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting www.velocidex.com/golang/velociraptorpage 1 of 1

CVE-2023-0242HIGHCVSS 8.8EG 8.8✓ Fixed in 0.6.7-5
2023-01-18
Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally f…
CVE-2023-0290MEDIUMCVSS 4.3EG 4.3✓ Fixed in 0.6.7-5
2023-01-18
Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to provide a client id of "../clients/server" …
CVE-2026-6290HIGHCVSS 8.0EG 9.1
2026-04-15
Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin,…
CVE-2026-6863MEDIUMCVSS 6.8EG 6.8✓ Fixed in 0.76.4
2026-05-06
Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can i…
CVE-2026-7572MEDIUMCVSS 4.4EG 4.4✓ Fixed in 0.76.5
2026-05-06
An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by…
CVE-2026-7573MEDIUMCVSS 5.0EG 5.0✓ Fixed in 0.76.5
2026-05-06
An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user acr…

Check whether www.velocidex.com/golang/velociraptor is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for www.velocidex.com/golang/velociraptor CVEs against the assets you own.

Start Free Scan →