CVE-2026-33190

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports DoT, DoH, DoH3, DoQ, and gRPC because it trusts the transport writer's TsigStatus instead of performing verification itself. The DoH and DoH3 writer's TsigStatus...

CVE-2025-11065 affecting package coredns for versions less than 1.11.4-14

CVE-2025-11065 affecting package coredns for versions less than 1.11.4-14. A patched version of the package is available...

CVE-2025-68151 affecting package coredns for versions less than 1.11.1-25

CVE-2025-68151 affecting package coredns for versions less than 1.11.1-25. A patched version of the package is available...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-58063)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-58063 advisory. - CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version...

CVE-2025-59530 affecting package coredns for versions less than 1.11.4-11

CVE-2025-59530 affecting package coredns for versions less than 1.11.4-11. A patched version of the package is available...

AZL-68781 CVE-2025-59530 affecting package coredns for versions less than 1.11.1-24

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...

EUVD-2021-0929

Malware in sbrugna...

EUVD-2024-2811

Malicious code in bioql PyPI...

EUVD-2025-17359

Malicious code in bioql PyPI...

Azure Linux 3.0 Security Update: coredns (CVE-2025-47950)

The version of coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-47950 advisory. - CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS...

CBL Mariner 2.0 Security Update: coredns (CVE-2025-47950)

The version of coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-47950 advisory. - CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS...

CVE-2025-47950 affecting package coredns for versions less than 1.11.4-7

CVE-2025-47950 affecting package coredns for versions less than 1.11.4-7. A patched version of the package is available...

TencentOS Server 4: coredns (TSSA-2024:0812)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0812 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

Summary A Denial of Service DoS vulnerability was discovered in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticate...

CVE-2025-47950 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

CVE-2025-47950 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

CVE-2025-47950 CoreDNS Vulnerable to DoQ Memory Exhaustion via Stream Amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service DoS vulnerability exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of...

PT-2025-24315

Name of the Vulnerable Software and Affected Versions CoreDNS versions prior to 1.12.2 CoreDNS versions prior to 1.21.2 Description A Denial of Service DoS issue exists in the CoreDNS DNS-over-QUIC DoQ server implementation. The server previously created a new goroutine for every incoming QUIC...

CVE-2023-30464

CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack...

CVE-2023-28452

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a...