Security: gofiber/fiber
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
XSS in AutoFormat Content NegotiationGHSA-qjv7-627w-8qjv published
Apr 25, 2026 by ReneWerner87Moderate -
Cache middleware default key generator ignores query string, causing response mix-up across distinct query parametersGHSA-35hp-hqmv-8qg8 published
Apr 25, 2026 by ReneWerner87Moderate -
Denial of Service via Flash Cookie Unbounded AllocationGHSA-2mr3-m5q5-wgp6 published
Feb 24, 2026 by ReneWerner87High -
Arbitrary File Read in Static Middleware on WindowsGHSA-m3c2-496v-cw3v published
Feb 24, 2026 by ReneWerner87High -
Denial of Service via Route Parameter OverflowGHSA-mrq8-rjmw-wpq3 published
Feb 24, 2026 by ReneWerner87Low -
Utils generate a predictable / zero-UUID on crypto/rand failureGHSA-68rr-p4fp-j59v published
Feb 7, 2026 by ReneWerner87Critical -
Crash in `BodyParser` Due to Unvalidated Large Slice Index in DecoderGHSA-qx2q-88mx-vhg7 published
Aug 5, 2025 by ReneWerner87High -
Panic when fiber.Ctx.BodyParser parses invalid range indexGHSA-hg3g-gphw-5hhm published
May 22, 2025 by ReneWerner87High -
Session Middleware Token Injection VulnerabilityGHSA-98j2-3j3p-fw2v published
Jun 30, 2024 by ReneWerner87Critical -
Insecure CORS Configuration Allowing Wildcard Origin with CredentialsGHSA-fmg4-x8pw-hjhg published
Feb 21, 2024 by ReneWerner87Critical