github.com/zalando/skipper (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/zalando/skipper, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2026-23742 — CVSS 8.8 (high): Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was…
CVE-2026-24470 — CVSS 8.1 (high): Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress…
CVE-2022-34296 — CVSS 7.5 (high): In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.