CVE-2026-33249

>= 2.11.0 and < 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and pri

4.3MEDIUM

CVE-2026-33248

< 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12

4.2MEDIUM

CVE-2026-33223

< 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12

6.4MEDIUM

CVE-2026-33222

< 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12

4.9MEDIUM

CVE-2026-33247

< 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12

7.4HIGH

CVE-2026-33246

< 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Req

6.4MEDIUM

CVE-2026-33219

< 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12

5.3MEDIUM

CVE-2026-33218

< 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12

7.5HIGH

CVE-2026-33217

< 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12

7.1HIGH

CVE-2026-33216

< 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12

8.6HIGH

CVE-2026-29785

< 2.11.14

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12

7.5HIGH

CVE-2026-27889

>= 2.2.0 and < 2.11.14

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prio

7.5HIGH

CVE-2026-33215

>= 2.0.0 and < 2.11.15

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT c

6.5MEDIUM

CVE-2026-27571

< 2.11.12

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS me

5.9MEDIUM

CVE-2023-46129

>= 2.10.0 and < 2.10.4

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and

7.5HIGH

CVE-2023-47090

>= 2.2.0 and < 2.9.23

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization bloc

6.5MEDIUM

CVE-2022-28357

>= 2.2.0 and <= 2.7.4

NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a manage

9.8CRITICAL

CVE-2022-26652

>= 2.2.0 and < 2.7.4

NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams

6.5MEDIUM

CVE-2022-24450

>= 2.0.0 and < 2.7.2

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account

8.8HIGH

CVE-2021-3127

>= 2.0.0 and < 2.2.0

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandl

7.5HIGH

CVE-2020-28466

>= 2.0.0 and < 2.2.0

This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using

7.5HIGH

CVE-2020-26892

< 2.1.9

The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.

9.8CRITICAL

CVE-2020-26521

< 2.1.9

The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).

7.5HIGH

CVE-2019-13126

< 2.0.2

An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If auth

7.5HIGH