Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SignalK — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting SignalK. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by SignalK:signalk-server
CVE IDTitleCVSSSeverityPublished
CVE-2026-39320 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths — signalk-serverCWE-400 7.5 High2026-04-21
CVE-2026-35038 signalk-server: Arbitrary Prototype Read via `from` Field Bypass — signalk-serverCWE-20 6.5AIMediumAI2026-04-02
CVE-2026-34083 signalk-server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow — signalk-serverCWE-346 6.1 Medium2026-04-02
CVE-2026-33951 signalk-server: Unauthenticated Source Priorities Manipulation — signalk-serverCWE-284 7.5AIHighAI2026-04-02
CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity — signalk-serverCWE-285 9.4 Critical2026-04-02
CVE-2026-25228 SignalK Server has Path Traversal leading to information disclosure — signalk-serverCWE-22 5.0 Medium2026-02-02
CVE-2026-23515 RCE - Command Injection in Signal K set-system-time plugin — signalk-serverCWE-78 10.0 Critical2026-02-02
CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing — signalk-serverCWE-290 6.3 Medium2026-01-01
CVE-2025-68619 Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package — signalk-serverCWE-94 9.1 -2026-01-01
CVE-2025-68620 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling — signalk-serverCWE-288 9.1 Critical2026-01-01
CVE-2025-68273 Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints — signalk-serverCWE-200 5.3 Medium2026-01-01
CVE-2025-68272 Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding — signalk-serverCWE-400 7.5 High2026-01-01
CVE-2025-66398 Signal K Server has Unauthenticated State Pollution leading to Remote Code Execution (RCE) — signalk-serverCWE-78 9.7 Critical2026-01-01

This page lists every published CVE security advisory associated with SignalK. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.