VYPR
Vendor

Treeverse

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2025-27100MedFeb 21, 2025
    risk 0.35cvss 6.5epss 0.00

    lakeFS is an open-source tool that transforms your object storage into a Git-like repository. In affected versions an authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. This problem has been patched in version…

  • CVE-2024-43784MedNov 26, 2024
    risk 0.30cvss 5.7epss 0.00

    lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that…

  • CVE-2025-64179MedNov 6, 2025
    risk 0.27cvss 5.3epss 0.00

    lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is…

  • CVE-2026-26187Feb 13, 2026
    risk 0.00cvss epss 0.00

    lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter (pkg/block/local/adapter.go) allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath…

  • CVE-2025-68671Jan 15, 2026
    risk 0.00cvss epss 0.00

    lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request (e.g., through network…