EUVD-2026-28553

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for...

CVE-2026-41491

CVE-2026‑41491 affects Dapr. An ACL bypass vulnerability in service invocation lets an attacker exploit reserved URL characters and path traversal sequences in method paths, causing the access control policy to be evaluated against a different path than what the target application receives. The m...

CVE-2025-10543 vulnerabilities

Vulnerabilities for packages: minio, falcosidekick, telegraf, bento, dapr...

EUVD-2024-1350

Malicious code in bioql PyPI...

EUVD-2023-1966

Malicious code in bioql PyPI...

CVE-2024-35223

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. Dapr sends the app token of the invoker app instead of the app token of the invoked app. This causes of a leak of the application token of the invoker app to the invoked app when using Dapr as a...

PT-2024-26387 · Dapr · Dapr

Name of the Vulnerable Software and Affected Versions: Dapr versions prior to 1.13.3 Description: Dapr sends the app token of the invoker app instead of the app token of the invoked app when using Dapr as a gRPC proxy for remote service invocation, causing a leak of the application token of the...

Dapr 授权问题漏洞

Dapr is a portable, serverless, event-driven runtime from the Dapr open source. Dapr suffers from an authorization issue vulnerability that stems from allowing bypassing API token authentication, where an attacker can authenticate calls from the application via a carefully crafted HTTP request...