DigitaloceanCVEs & Vulnerabilities
2 CVEs affecting Digitalocean products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
2 CVEs→ All vendors
Most Affected Products
do-markdownit 1golang-nanoauth 1
CVE-2025-59717CRITICAL
In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array).
19 Sep 2025
9.8
CVSS
CVE-2020-36569CRITICAL
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.
28 Dec 2022
9.1
CVSS
← PrevPage 1 / 1Next →