gofiber — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting gofiber. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Go-Fiber is a lightweight Go web framework built on FastHTTP, designed for rapid development of high-performance web applications and APIs. Historically, it has been susceptible to common web vulnerabilities including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation, often stemming from improper input validation and insecure default configurations. The framework's 15 recorded CVEs highlight recurring issues in parameter handling, authentication mechanisms, and middleware security. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests developers should implement strict input sanitization, use secure middleware configurations, and stay current with security patches when building applications with this framework.

Top products by gofiber: fiber template utils

CVE ID	Title	CVSS	Severity	Published
CVE-2026-30246	github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters — fiberCWE-436	6.5	Medium	2026-05-05
CVE-2026-25899	Fiber is Vulnerable to Denial of Service via Flash Cookie Unbounded Allocation — fiberCWE-789	7.5	High	2026-02-24
CVE-2026-25891	Fiber has an Arbitrary File Read in Static Middleware on Windows — fiberCWE-22	7.5^AI	High^AI	2026-02-24
CVE-2026-25882	Fiber has a Denial of Service Vulnerability via Route Parameter Overflow — fiberCWE-129	7.5^AI	High^AI	2026-02-24
CVE-2025-66630	Fiber insecurely fallsback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure — fiberCWE-338	9.1^AI	Critical^AI	2026-02-09
CVE-2025-54801	Fiber Susceptible to Crash via `BodyParser` Due to Unvalidated Large Slice Index in Decoder — fiberCWE-789	7.5^AI	High^AI	2025-08-05
CVE-2025-48075	Fiber panics when fiber.Ctx.BodyParser parses invalid range index — fiberCWE-129	7.5^AI	High^AI	2025-05-22
CVE-2024-38513	Fiber Session Middleware Token Injection Vulnerability — fiberCWE-384	10.0	Critical	2024-07-01
CVE-2024-25124	Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials — fiberCWE-346	9.4	Critical	2024-02-21
CVE-2023-45141	CSRF Token Validation Vulnerability in fiber — fiberCWE-352	8.6	High	2023-10-16
CVE-2023-45128	CSRF Token Reuse Vulnerability in fiber — fiberCWE-20	10.0	Critical	2023-10-16
CVE-2023-41338	Vulnerability in Ctx.IsFromLocal() in gofiber — fiberCWE-670	5.3	Medium	2023-09-08
CVE-2020-15111	CRLF vulnerability in Fiber — fiberCWE-74	4.2	Medium	2020-07-20

This page lists every published CVE security advisory associated with gofiber. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

gofiber — Vulnerabilities & Security Advisories 15