Every CVE whose affected-product data names Nosurf Project Nosurf, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-36564 — CVSS 7.5 (high): Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user…
CVE-2025-46721 — CVSS 6.1 (medium): nosurf is cross-site request forgery (CSRF) protection middleware for Go. A vulnerability in versions prior to 1.2.0 allows an attacker who…