CVE-2023-25812

Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a Deny policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header X-Amz-Bypass-Governance-Retention: true. However, this was...

ROS-20251113-04

The MinIO object storage server vulnerability is related to flaws in the authorization mechanism. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

EUVD-2022-38786

Malicious code in bioql PyPI...

EUVD-2024-1541

Malicious code in bioql PyPI...

CVE-2025-31489

Affected product: MinIO object storage server. Vulnerability: incomplete/signature validation for unsigned-trailer uploads allows a client with an existing bucket WRITE permission and knowledge of an access-key and bucket name to upload arbitrary objects by using any secret. Impact (as stated): p...

ROS-20250110-13

MinIO object storage server vulnerability is related to insecure privilege management. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to elevate their privileges to root...

BIT-MINIO-2022-35919 Authenticated requests for server update admin API allows path traversal in minio

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...

CVE-2024-24747

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

CVE-2024-24747 MinIO unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

Code injection

Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0...

CVE-2023-33955 Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited

Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0...

CVE-2022-35919

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for admin:ServerUpdate can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow...