VYPR

npm package

dagu

pkg:npm/dagu

Vulnerabilities (1)

  • CVE-2026-31882Mar 13, 2026
    affected < 2.2.4fixed 2.2.4

    Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, when Dagu is configured with HTTP Basic authentication (DAGU_AUTH_MODE=basic), all Server-Sent Events (SSE) endpoints are accessible without any credentials. This allows unauthenticated attackers to acc