github.com/smallstep/certificates (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/smallstep/certificates, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2025-44005 — CVSS 10.0 (critical): An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain…
CVE-2026-30836 — CVSS 10.0 (critical): Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not…
CVE-2025-66406 — CVSS 5.0 (medium): Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper…
CVE-2026-40097 — CVSS 3.7 (low): Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an…