Go modules package
github.com/go-vela/server
pkg:golang/github.com/go-vela/server
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-27616 | Hig | 8.5 | < 0.25.3 | 0.25.3 | Mar 10, 2025 | Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its rep | |
| CVE-2022-39395 | — | < 0.16.0 | 0.16.0 | Nov 10, 2022 | Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. User | ||
| CVE-2021-21432 | — | >= 0.7.0, < 0.7.5 | 0.7.5 | Apr 9, 2021 | Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc` file. Refer to the refe |
- affected < 0.25.3fixed 0.25.3
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its rep
- CVE-2022-39395Nov 10, 2022affected < 0.16.0fixed 0.16.0
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. User
- CVE-2021-21432Apr 9, 2021affected >= 0.7.0, < 0.7.5fixed 0.7.5
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc` file. Refer to the refe