github.com/justinas/nosurf (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/justinas/nosurf, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2020-36564 — CVSS 7.5 (high): Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user…
CVE-2025-46721 — CVSS 6.1 (medium): nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who…