{"ecosystem":"go","package":"github.com/influxdata/influxdb","version":null,"bugs":[{"id":1395,"ecosystem":"go","package_name":"github.com/influxdata/influxdb","affected_version":null,"fixed_version":"1.7.6","bug_id":"osv:GO-2022-0780","title":"Improper Authentication in InfluxDB in github.com/influxdata/influxdb","description":"Improper Authentication in InfluxDB in github.com/influxdata/influxdb","severity":"medium","status":"fixed","source":"osv","source_url":"https://github.com/advisories/GHSA-2rmp-fw5r-j5qv","labels":["CVE-2019-20933","GHSA-2rmp-fw5r-j5qv"],"created_at":"2026-04-19T04:32:51.873551+00:00","updated_at":"2026-04-19T04:32:51.873551+00:00"},{"id":1394,"ecosystem":"go","package_name":"github.com/influxdata/influxdb","affected_version":null,"fixed_version":"0.9.6","bug_id":"osv:GHSA-w55x-q3gv-px85","title":"InfluxDB Reflected Cross-site Scripting","description":"InfluxDB 0.9.5 has Reflected XSS in the admin panel via the Write Data module.","severity":"medium","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17572","labels":["CVE-2018-17572"],"created_at":"2026-04-19T04:32:51.872857+00:00","updated_at":"2026-04-19T04:32:51.872857+00:00"},{"id":1393,"ecosystem":"go","package_name":"github.com/influxdata/influxdb","affected_version":null,"fixed_version":"1.7.6","bug_id":"osv:GHSA-2rmp-fw5r-j5qv","title":"Improper Authentication in InfluxDB","description":"InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in `services/httpd/handler.go` because a JWT token may have an empty SharedSecret (aka shared secret).","severity":"critical","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20933","labels":["CVE-2019-20933","GO-2022-0780"],"created_at":"2026-04-19T04:32:51.871688+00:00","updated_at":"2026-04-19T04:32:51.871688+00:00"}],"total":3,"_cache":"miss"}