Security: Icinga/icinga2
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Icinga 2 DSL Injection via Unescaped Import Template NameGHSA-jgqj-x5j9-vgcm published
Jun 29, 2026 by julianbrostHigh -
Stack overflow via deeply nested JSON objectsGHSA-wh38-wg57-5w7g published
Jun 29, 2026 by julianbrostHigh -
Improper access control for JSON-RPC update certificate messagesGHSA-vj39-ww8j-vvx5 published
Jun 29, 2026 by julianbrostCritical -
Insecure permission of %ProgramData%\icinga2\var on WindowsGHSA-vfjg-6fpv-4mmr published
Jan 29, 2026 by julianbrostModerate -
Signals sent as root to processes based on PID file written by the Icinga 2 daemon userGHSA-pg6g-g99v-mw46 published
Oct 16, 2025 by julianbrostModerate -
Denial of Service (DoS) By Dereferencing Invalid ReferenceGHSA-v9jg-xqhj-f43g published
Oct 16, 2025 by julianbrostHigh -
API users could access restricted values in filter expressionsGHSA-gg32-w9rm-vp2v published
Oct 16, 2025 by julianbrostHigh -
Certificate renewal might incorrectly renew an invalid certificateGHSA-7vcf-f5v9-3wr6 published
May 27, 2025 by yhabteabCritical -
TLS Certificate Validation Bypass for JSON-RPC and HTTP API ConnectionsGHSA-j7wq-r9mg-9wpv published
Nov 12, 2024 by julianbrostCritical -
Missing TLS server certificate validation in ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2WriterGHSA-cxfm-8j5v-5qr2 published
Aug 19, 2021 by N-o-XLow
Learn more about advisories related to Icinga/icinga2 in the GitHub Advisory Database