SUSE CVE-2026-25899

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...

GO-2026-4543 Fiber has a Denial of Service Vulnerability via Route Parameter Overflow in github.com/gofiber/fiber

Fiber has a Denial of Service Vulnerability via Route Parameter Overflow in github.com/gofiber/fiber...

GO-2026-4534 Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation in github.com/gofiber/fiber/v3

Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation in github.com/gofiber/fiber/v3...

CVE-2026-25899

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...

Improper Validation of Array Index

Overview github.com/gofiber/fiber/v2 is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Improper Validation of Array Index via the route registration process. An attacker can cause the application to crash by sending requests to routes containi...

CVE-2026-25899

Fiber is an Express inspired web framework written in Go. In versions on the v3 branch prior to 3.1.0, the use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack...

Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation

Summary The use of the fiberflash cookie can force an unbounded allocation on any server. A crafted 10-character cookie value triggers an attempt to allocate up to 85GB of memory via unvalidated msgpack deserialization. No authentication is required. Every GoFiber v3 endpoint is affected regardle...

GO-2025-4208 Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values in github.com/gofiber/utils

Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values in github.com/gofiber/utils...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

EUVD-2023-2407

Malicious code in bioql PyPI...

EUVD-2024-2308

Malicious code in bioql PyPI...

GO-2025-3845 Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder in github.com/gofiber/fiber

Fiber Crashes in BodyParser Due to Unvalidated Large Slice Index in Decoder in github.com/gofiber/fiber...

Memory Allocation with Excessive Size Value

Overview github.com/gofiber/fiber is an Express inspired web framework written in Go. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the BodyParser function, which allocates a slice of length idx+1 without validating. An attacker can cause the...

GO-2025-3706 Fiber panics when fiber.Ctx.BodyParser parses invalid range index in github.com/gofiber/fiber

Fiber panics when fiber.Ctx.BodyParser parses invalid range index in github.com/gofiber/fiber...

CVE-2023-41338

Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the ctx.IsFromLocal method to restrict access to localhost requests. If exploited, it could...

GO-2024-2959 Session Middleware Token Injection Vulnerability in github.com/gofiber/fiber

Session Middleware Token Injection Vulnerability in github.com/gofiber/fiber...

Session Middleware Token Injection Vulnerability

A security vulnerability has been identified in the Fiber session middleware where a user can supply their own sessionid value, leading to the creation of a session with that key. Impact The identified vulnerability is a session middleware issue in GoFiber versions 2 and above. This vulnerability...

GHSA-98J2-3J3P-FW2V Session Middleware Token Injection Vulnerability

A security vulnerability has been identified in the Fiber session middleware where a user can supply their own sessionid value, leading to the creation of a session with that key. Impact The identified vulnerability is a session middleware issue in GoFiber versions 2 and above. This vulnerability...

CVE-2024-38513

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own sessionid value, resulting in the creation of a session with that key. If...

CVE-2024-38513 Fiber Session Middleware Token Injection Vulnerability

Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own sessionid value, resulting in the creation of a session with that key. If...