Package impact
Go / github.com/0xJacky/nginx-ui
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42238 | critical | 9.8 | 9.8 | 1mo ago | Nginx-UI is Vulnerable to Unauthenticated Remote Code Execution via Backup Restore | |||
| CVE-2026-42222 | critical | 9.8 | 9.8 | 1mo ago | Nginx-UI: Unauthenticated first-boot instance claim via POST /api/install allows remote bootstrap takeover | |||
| CVE-2026-42223 | medium | 6.5 | 6.5 | 1mo ago | Nginx-UI Settings API Exposes Protected Secrets | |||
| CVE-2026-33030 | unknown | — | — | 2mo ago | nginx-UI has Unencrypted Storage of DNS API Tokens and ACME Private Keys in github.com/0xJacky/nginx-ui |