Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/smallstep/certificates

View on go registry
7 Total advisories
7 Vulnerabilities
0 Malware

Vulnerabilities

LOW 3.7
Go

CVE-2026-40097

Step CA affected by an index out of bounds panic in TPM attestation EKU validation
CRITICAL 10.0
Go

CVE-2026-30836

step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
UNKNOWN
Go

CVE-2026-30836

step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18) in github.com/smallstep/certificates
CRITICAL 10.0
Go

CVE-2025-44005

Step CA Has Authorization Bypass in ACME and SCEP Provisioners
UNKNOWN
Go

CVE-2025-44005

Step CA Has Authorization Bypass in ACME and SCEP Provisioners in github.com/smallstep/certificates
UNKNOWN
Go

CVE-2025-66406

step-ca Has Improper Authorization Check for SSH Certificate Revocation in github.com/smallstep/certificates
MEDIUM 5.0
Go

CVE-2025-66406

step-ca Has Improper Authorization Check for SSH Certificate Revocation

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes