Every CVE whose affected-product data names Beego, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2021-30080 — CVSS 9.8 (critical): An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control.
CVE-2022-31836 — CVSS 9.8 (critical): The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
CVE-2022-31259 — CVSS 9.8 (critical): The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route…
CVE-2025-30223 — CVSS 9.3 (critical): Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in…
CVE-2024-40465 — CVSS 8.8 (high): An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file
CVE-2024-40464 — CVSS 8.8 (high): An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in…
CVE-2021-27117 — CVSS 7.8 (high): An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks…
CVE-2021-27116 — CVSS 7.8 (high): An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attackers to launch symlink attacks locally.
CVE-2024-55885 — CVSS 7.5 (high): beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5…
CVE-2021-39391 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated…
CVE-2019-16355 — CVSS 5.5 (medium): The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
CVE-2019-16354 — CVSS 4.7 (medium): The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation…