VYPR

Go modules package

github.com/getarcaneapp/arcane/backend

pkg:golang/github.com/getarcaneapp/arcane/backend

Vulnerabilities (3)

  • CVE-2026-42461HigMay 9, 2026
    affected < 1.18.0fixed 1.18.0

    Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list an

  • CVE-2026-40242HigApr 10, 2026
    affected < 1.17.3fixed 1.17.3

    Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET request to that URL without authentication and without URL scheme o

  • CVE-2026-23520Jan 15, 2026
    affected < 0.0.0-20260114065515-5a9c2f92e11ffixed 0.0.0-20260114065515-5a9c2f92e11f

    Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defini