CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

CVE-2025-66630

Fiber is a Go web framework. Before 2.52.11 and on Go

EUVD-2025-23668

Malicious code in bioql PyPI...

Denial Of Service (DoS)

github.com/gofiber/fiber is vulnerable to Denial of Service DoS. The vulnerability is due to improper input validation when parsing form data with excessively large numeric slice indexes, leading to integer overflow or memory exhaustion and application crash...

SUSE CVE-2025-54801

Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704, the application crashes due to an out-of-bounds slice allocation in...

Fiber 安全漏洞

Fiber is an open source web framework written in the Go language by Fiber Open Source. A security vulnerability exists in Fiber 2.52.8 and earlier versions, which stems from an unvalidated slice index range that could result in an integer overflow or memory exhaustion...

CVE-2025-54801

CVE-2025-54801 affects github.com/gofiber/fiber/v2 prior to 2.52.9. The BodyParser parses form data where a very large numeric key is treated as a slice index, causing an out-of-bounds/oversized slice allocation in the decoder. Root cause: the decoder allocates a slice of length idx+1 without val...

CVE-2025-54801 Fiber Susceptible to Crash via `BodyParser` Due to Unvalidated Large Slice Index in Decoder

Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704, the application crashes due to an out-of-bounds slice allocation in...

PT-2025-32003 · Fiber · Fiber

Name of the Vulnerable Software and Affected Versions: Fiber versions 2.52.8 and below Description: Fiber is an Express inspired web framework written in Go. When using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...

CVE-2025-48075

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process t...

CVE-2025-48075

Summary: The CVE-2025-48075 entry concerns the GoFiber (fiber) web framework. Starting in versions 2.52.6 and earlier than 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using key[idx]value syntax; if idx is negative, it panics instead of returning an error, potentially causing d...

CVE-2025-48075 Fiber panics when fiber.Ctx.BodyParser parses invalid range index

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process t...

CVE-2025-48075 Fiber panics when fiber.Ctx.BodyParser parses invalid range index

Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, fiber.Ctx.BodyParser can map flat data to nested slices using keyidxvalue syntax, but when idx is negative, it causes a panic instead of returning an error stating it cannot process t...

Fiber Security Breach

Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber versions prior to 2.52.5 that stems from a problem with the session middleware, which can lead to unauthorized access and session fixation attacks...

CVE-2024-25124 Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials

Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard whil...

Fiber Security Breach

Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber versions prior to 2.52.1 that stems from allowing insecure configurations that could lead to unauthorized access to sensitive user data...

Fiber Security Breach

Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber that stems from the presence of a cross-site request forgery CSRF vulnerability. The vulnerability can be exploited by an attacker to obtain a token instead of the user and forge malicious...

Fiber Security Breach

Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber that stems from the presence of a cross-site request forgery CSRF vulnerability. The vulnerability can be exploited by an attacker to inject arbitrary values instead of the user and forge...

Fiber Security Breach

Fiber is an open source web framework written in the Go language. A security vulnerability exists in Fiber versions prior to 2.49.1 that stems from not properly restricting access to localhost, which could allow an unauthorized attacker to access resources supplied to the localhost only...