Skip to main content

Hydra

12 CVEs product

Monthly

CVE-2025-54864 MEDIUM PATCH This Month

Hydra is a continuous integration service for Nix based projects. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Denial Of Service Hydra
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-54800 HIGH PATCH This Month

Hydra is a continuous integration service for Nix based projects. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Hydra
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-32435 LOW PATCH Monitor

Hydra is a Continuous Integration service for Nix based projects. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Code Injection Hydra
NVD GitHub
CVSS 3.1
2.6
EPSS
0.2%
CVE-2024-45049 HIGH PATCH This Week

Hydra is a Continuous Integration service for Nix based projects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Hydra
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-32657 MEDIUM PATCH This Month

Hydra is a Continuous Integration service for Nix based projects. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Hydra
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-42449 HIGH POC This Week

Hydra is the two-layer scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hydra
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-42448 HIGH PATCH This Week

Hydra is the layer-two scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Hydra
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-38701 CRITICAL POC Act Now

Hydra is the layer-two scalability solution for Cardano. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hydra
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-42806 MEDIUM This Month

Hydra is the layer-two scalability solution for Cardano. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Hydra
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-5300 Go MEDIUM PATCH This Month

In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Hydra
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-17502 HIGH POC This Week

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Hydra
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2019-8400 Go MEDIUM POC PATCH This Month

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Hydra
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Hydra is a continuous integration service for Nix based projects. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Denial Of Service Hydra
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Month

Hydra is a continuous integration service for Nix based projects. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Hydra
NVD GitHub
EPSS 0% CVSS 2.6
LOW PATCH Monitor

Hydra is a Continuous Integration service for Nix based projects. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Code Injection Hydra
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Hydra is a Continuous Integration service for Nix based projects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Hydra
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Hydra is a Continuous Integration service for Nix based projects. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Hydra
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

Hydra is the two-layer scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hydra
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Hydra is the layer-two scalability solution for Cardano. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Hydra
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Hydra is the layer-two scalability solution for Cardano. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hydra
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Hydra is the layer-two scalability solution for Cardano. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Hydra
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Hydra
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Hydra
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Hydra
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy