VYPR

Go modules package

github.com/slackhq/nebula

pkg:golang/github.com/slackhq/nebula

Vulnerabilities (2)

  • CVE-2026-25793Feb 6, 2026
    affected >= 1.7.0, < 1.10.3fixed 1.10.3

    Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability

  • CVE-2025-62820MedOct 23, 2025
    affected >= 1.9.4, < 1.9.7fixed 1.9.7

    Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.