GO-2026-4861 Hydra has Reflected XSS via error_hint parameter in github.com/ory/hydra

Hydra has Reflected XSS via errorhint parameter in github.com/ory/hydra. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

Ory Hydra SQL注入漏洞

Ory Hydra is an OpenID connection tool developed by Ory. Versions of Ory Hydra prior to 26.2.0 had a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which could lead to SQL injections...

PT-2025-32681 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to commit dea1e16 Description: Hydra, a continuous integration service for Nix based projects, is susceptible to arbitrary JavaScript code injection into its database. A malicious package can introduce this code, which is...

PT-2025-26219 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to 0.22.0 Description: Hydra is a layer-two scalability solution for Cardano. The issue arises from the assumption of L1 event finality, where the system does not consider failed transactions on the Cardano L1. This makes...

CVE-2023-42806

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying $\mathsfcid$ allows an attacker which must be a participant of this head to use a snapshot from an old head instance with the same participants to close the head or contest the state with i...

CVE-2023-42448

Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed Close transaction, but no such check appears to be...

Hydra Input Validation Error Vulnerability

Hydra is a penetration testing tool. An input validation error vulnerability exists in versions of Hydra prior to 0.12.0, which stems from the commit validator containing a flawed check when using the ViaAbort converter, which allows any user to arbitrarily spend any UTxO on the validator, meanin...

PT-2023-28592 · Cardano · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to 0.13.0 Description: Hydra is the layer-two scalability solution for Cardano. Not signing and verifying cid allows an attacker, who must be a participant of this head, to use a snapshot from an old head instance with th...

Unspecified Vulnerability in Hydra

Hydra is a penetration testing tool. A security vulnerability exists in Hydra versions prior to 1.4.0 that stems from the program not checking the uniqueness of the 'jti' value. An attacker can exploit the vulnerability to replay a token...

CVE-2019-17502

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The processheaderend function calls boaatoi, which ultimately calls atoi on a NULL pointer...