Browse all 5 CVE security advisories affecting PandaXGO. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PandaXGO operates as a cybersecurity platform focusing on vulnerability management and threat intelligence, primarily serving organizations seeking to identify and remediate security weaknesses in their systems. Historically, the platform has been associated with common vulnerability classes including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation flaws, with five CVEs currently documented. While no major security incidents have been publicly reported, the presence of multiple CVEs indicates potential areas for improvement in the platform's own security posture. The organization maintains a focus on automated vulnerability scanning and compliance monitoring to help clients address security gaps efficiently.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-15108 | PandaXGO PandaX JWT Secret config.yml hard-coded key — PandaXCWE-321 | 3.7 | Low | 2025-12-27 |
| CVE-2024-2565 | PandaXGO PandaX File Extension upload.go unrestricted upload — PandaXCWE-434 | 6.3 | Medium | 2024-03-17 |
| CVE-2024-2564 | PandaXGO PandaX user.go ExportUser path traversal — PandaXCWE-24 | 6.3 | Medium | 2024-03-17 |
| CVE-2024-2563 | PandaXGO PandaX upload.go DeleteImage path traversal — PandaXCWE-24 | 5.4 | Medium | 2024-03-17 |
| CVE-2024-2562 | PandaXGO PandaX role_menu.go InsertRole sql injection — PandaXCWE-89 | 6.3 | Medium | 2024-03-17 |
This page lists every published CVE security advisory associated with PandaXGO. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.