📦 Fiber

Fiber web framework versions before 2.52.11 on Go versions prior to 1.24 may generate predictable UUIDs when crypto/rand fails to obtain secure randomness. This affects security-critical pathways usin...

This vulnerability in GoFiber's session middleware allows attackers to supply their own session_id, enabling session fixation attacks and unauthorized access. All users of GoFiber versions 2 through 2...

This CVE describes a critical CSRF vulnerability in the Fiber web framework for Go that allows attackers to forge malicious requests on behalf of users. Attackers can inject arbitrary values without a...

A path traversal vulnerability in Fiber's static middleware on Windows allows remote attackers to bypass sanitization and read arbitrary files from the server filesystem. This affects Fiber v3 through...

CVE-2026-25899 is a memory exhaustion vulnerability in GoFiber v3 web framework where a specially crafted 10-character cookie value triggers unvalidated msgpack deserialization, attempting to allocate...

A denial-of-service vulnerability in Go's Fiber web framework allows attackers to crash applications by sending specially crafted requests with negative array indices. This affects all applications us...