Browse all 5 CVE security advisories affecting NagVis. AI-powered Chinese analysis, POCs, and references for each vulnerability.
NagVis serves as a visualization addon for Nagios, enabling network administrators to create dynamic network maps and status dashboards. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, primarily stemming from insufficient input validation and insecure session handling. The five recorded CVEs highlight recurring themes in web application security, including improper access controls and unsafe deserialization. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities in versions prior to 1.9.x underscores the importance of timely updates and hardening for production deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-39665 | Livestatus Injection in dynmaps — NagvisCWE-203 | 5.3AI | MediumAI | 2025-12-03 |
| CVE-2024-47090 | XSS via WYSIWYG editor — NagvisCWE-79 | 6.1AI | MediumAI | 2025-05-27 |
| CVE-2024-38866 | Livestatus Injection in dynmaps — NagvisCWE-140 | 8.8AI | HighAI | 2025-05-27 |
| CVE-2024-47093 | Fix various XSS issues and potential RCE — NagvisCWE-79 | 8.8 | High | 2024-12-19 |
| CVE-2021-33178 | Nagios 路径遍历漏洞 — NagVisCWE-22 | 8.1 | - | 2021-10-14 |
This page lists every published CVE security advisory associated with NagVis. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.