Security: BishopFox/sliver
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
One-Click Remote Access: Insecure CORS & Unauthenticated MCP InterfaceGHSA-6fpf-248c-m7wm published
Mar 30, 2026 by moloch--Moderate -
Nil Pointer Dereference in tunnelCloseHandler breaks rportfwd teardown and allows DoSGHSA-c279-989m-238f published
Mar 27, 2026 by moloch--Low -
Authenticated OOM via Memory Exhaustion in mTLS/WireGuard TransportsGHSA-97vp-pwqj-46qc published
Mar 16, 2026 by moloch--Low -
CWE-476: Authenticated Nil-Pointer Dereference in HandlersGHSA-hx52-cv84-jr5v published
Mar 4, 2026 by moloch--Low -
Zip Bomb Denial of Service in GzipEncoderGHSA-2phg-qgmm-r638 published
Feb 23, 2026 by moloch--Low -
DNS C2 OTP Bypass Allows Unauthenticated Session Flooding and Denial of ServiceGHSA-wxrw-gvg8-fqjp published
Feb 6, 2026 by moloch--Low -
Website Path Traversal / Arbitrary File Read (Authenticated) in SliverGHSA-2286-hxv5-cmp2 published
Feb 5, 2026 by moloch--Moderate -
Pre-Auth Memory Exhaustion via NoEncoder BypassGHSA-hjr9-wj7v-7hv8 published
Jan 4, 2026 by moloch--Low -
SSRF in sliver teamserver v1.5.42/85b0e870d05ec47184958dbcb871ddee2eb9e3dfGHSA-fh4v-v779-4g2w published
Feb 19, 2025 by rkervellaModerate -
Unrestricted traffic between Wireguard clients.GHSA-q8j9-34qf-7vq7 published
Oct 27, 2025 by moloch--Moderate