VYPR

Go modules package

github.com/foxcpp/maddy

pkg:golang/github.com/foxcpp/maddy

Vulnerabilities (4)

  • CVE-2026-40193HigApr 16, 2026
    affected < 0.9.3fixed 0.9.3

    maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll() without any LDAP filter escaping,

  • CVE-2023-27582Mar 13, 2023
    affected >= 0.2.0, < 0.6.3fixed 0.6.3

    maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified usernam

  • CVE-2022-24732Mar 9, 2022
    affected < 0.5.4fixed 0.5.4

    Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accou

  • CVE-2021-42583Dec 28, 2021
    affected < 0.5.2fixed 0.5.2

    A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.