github.com/1Panel-dev/1Panel (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/1Panel-dev/1Panel, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (18)
CVE-2024-39911 — CVSS 10.0 (critical): 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This…
CVE-2024-39907 — CVSS 9.8 (critical): 1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well…
CVE-2025-66507 — CVSS 7.5 (high): 1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker…
CVE-2023-39964 — CVSS 7.5 (high): 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker…
CVE-2023-39966 — CVSS 7.5 (high): 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability…
CVE-2023-37477 — CVSS 7.2 (high): 1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel…
CVE-2025-34429 — CVSS 7.1 (high): 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The…
CVE-2025-34410 — CVSS 7.1 (high): 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available…
CVE-2023-39965 — CVSS 6.5 (medium): 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download…
CVE-2025-66508 — CVSS 6.5 (medium): 1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.14 and below use Gin's default configuration…
CVE-2024-34352 — CVSS 6.5 (medium): 1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections…
CVE-2024-24768 — CVSS 6.5 (medium): 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have…
CVE-2023-36457 — CVSS 6.3 (medium): 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can…
CVE-2023-36458 — CVSS 6.3 (medium): 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can…
CVE-2024-2352 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function…
CVE-2024-27288 — CVSS 6.3 (medium): 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain…
CVE-2025-34430 — CVSS 4.3 (medium): 1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management…
CVE-2024-30257 — CVSS 3.9 (low): 1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the !=…