Please refer to the community security policy.
Security: dragonflyoss/dragonfly
Security
SECURITY.md
-
Dragonfly scheduler v1 gRPC unauthenticated SSRF via attacker-controlled PeerHost in DownloadTinyFileGHSA-chwm-m7g7-685g published
Jun 8, 2026 by gaius-qiModerate -
Dragonfly Manager Job API Unauthenticated AccessGHSA-j8hf-cp34-g4j7 published
Jan 22, 2026 by gaius-qiCritical -
Usage of architecture-dependent int typeGHSA-3px9-73g5-x825 published
Sep 17, 2025 by gaius-qiLow -
Incorrect log messageGHSA-698m-ch68-9c9p published
Sep 17, 2025 by gaius-qiLow -
Tiny file download uses hard coded HTTP protocolGHSA-mcvp-rpgg-9273 published
Sep 17, 2025 by gaius-qiHigh -
Invalid error handling, missing return statementGHSA-4jm8-5wcq-v6h6 published
Sep 17, 2025 by gaius-qiLow -
Weak integrity checks for downloaded filesGHSA-hx2h-vjw2-8r54 published
Sep 17, 2025 by gaius-qiHigh -
gRPC requests are weakly validatedGHSA-9c53-m9f9-fr93 published
Sep 17, 2025 by gaius-qiLow -
Manager generates mTLS certificates for arbitrary IP addressesGHSA-255v-qv84-29p5 published
Sep 17, 2025 by gaius-qiHigh -
Arbitrary file read and write on a peer machineGHSA-79hx-3fp8-hj66 published
Sep 17, 2025 by gaius-qiHigh
Learn more about advisories related to dragonflyoss/dragonfly in the GitHub Advisory Database