Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dragonflyoss — Vulnerabilities & Security Advisories 13

Browse all 13 CVE security advisories affecting dragonflyoss. AI-powered Chinese analysis, POCs, and references for each vulnerability.

DragonflyOSS is an open-source distributed computing framework primarily used for large-scale data processing and task scheduling. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting vulnerabilities, and privilege escalation issues, accounting for its 13 recorded CVEs. The framework's complex architecture and extensive inter-process communication have created attack surfaces for unauthorized access. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests potential risks in production environments, particularly those handling sensitive data or operating with elevated privileges.

Top products by dragonflyoss: dragonfly Dragonfly2
CVE IDTitleCVSSSeverityPublished
CVE-2026-24124 Dragonfly Manager Job API Allows Unauthenticated Access — dragonflyCWE-306 9.8 -2026-01-22
CVE-2025-59410 Dragonfly tiny file download uses hard coded HTTP protocol — dragonflyCWE-311 5.9AIMediumAI2025-09-17
CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files — dragonflyCWE-328 6.5AIMediumAI2025-09-17
CVE-2025-59353 Manager generates mTLS certificates for arbitrary IP addresses — dragonflyCWE-295 6.5AIMediumAI2025-09-17
CVE-2025-59352 Dragonfly allows arbitrary file read and write on a peer machine — dragonflyCWE-202 8.8AIHighAI2025-09-17
CVE-2025-59351 Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error — dragonflyCWE-476 7.5AIHighAI2025-09-17
CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible — dragonflyCWE-208 5.9AIMediumAI2025-09-17
CVE-2025-59349 Directories created via os.MkdirAll are not checked for permissions — dragonflyCWE-732 3.3AILowAI2025-09-17
CVE-2025-59348 Dragonfly incorrectly handles a task structure’s usedTraffic field — dragonflyCWE-457 7.5AIHighAI2025-09-17
CVE-2025-59347 Dragonfly Manager makes requests to external endpoints with disabled TLS authentication — dragonflyCWE-295 7.4AIHighAI2025-09-17
CVE-2025-59346 Dragonfly server-side request forgery vulnerability — dragonflyCWE-918 4.6AIMediumAI2025-09-17
CVE-2025-59345 Dragonfly did not enable authentication for some Manager’s endpoints — dragonflyCWE-306 9.1AICriticalAI2025-09-17
CVE-2023-27584 Dragonfly2 vulnerable to hard coded cyptographic key — Dragonfly2CWE-321 9.8 Critical2024-09-19

This page lists every published CVE security advisory associated with dragonflyoss. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.