Overview · dagucloud/dagu · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG
GHSA-ph8x-4jfv-v9v8 published Mar 19, 2026 by yottahmd

High
SSE Authentication Bypass in Basic Auth Mode
GHSA-9wmw-9wph-2vwp published Mar 13, 2026 by yottahmd

High
Path Traversal via `dagRunId` in Inline DAG Execution
GHSA-m4q3-457p-hh2x published Mar 13, 2026 by yottahmd

Critical
Unauthenticated RCE via inline DAG spec in default configuration
GHSA-6qr9-g2xw-cw92 published Feb 19, 2026 by yottahmd

Low
Path traversal in DAG creation allows arbitrary YAML file write outside DAGs directory
GHSA-6v48-fcq6-ff23 published Feb 21, 2026 by yottahmd

Low

Learn more about advisories related to dagucloud/dagu in the GitHub Advisory Database