Openpolicyagent Open Policy Agent — known CVE vulnerabilities
Every CVE whose affected-product data names Openpolicyagent Open Policy Agent, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-28946 — CVSS 7.5 (high): An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression…
CVE-2022-33082 — CVSS 7.5 (high): An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-36085 — CVSS 7.4 (high): Open Policy Agent (OPA) is an open source, general-purpose policy engine. The Rego compiler provides a (deprecated) `WithUnsafeBuiltins`…
CVE-2022-23628 — CVSS 6.3 (medium): OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains…
CVE-2024-8260 — CVSS 6.1 (medium): A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0. The vulnerability exists because of…