VYPR

Go modules package

github.com/centrifugal/centrifugo/v5

pkg:golang/github.com/centrifugal/centrifugo/v5

Vulnerabilities (1)

  • CVE-2026-32301Mar 12, 2026
    affected <= 5.4.9

    Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery (SSRF) when configured with a dynamic JWKS endpoint URL using template variables (e.g. {{tenant}}). An unauthenticated attacker can craft a JW