Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-44005
CVE-2025-44005
An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks.
Published Dec 4, 2025
https://github.com/smallstep/certificates/security/advisories/GHSA-h8cp-697h-8c8p
CVSS Score
Critical
10.0
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20191023014154-4669bef8c700
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20191025192352-8ef9b020ed24
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20191030004513-ff13b2a6991d
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20191126035953-e88034bea402
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20191210005525-50152391a397
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20191213215656-d2100821138c
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20191217235337-aa5894058226
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20191218224459-1fa35491ea07
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20200110185849-085ae821636e
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20200111012147-3ce267cdd6b7
golang
github.com/smallstep/certificates
v0.14.0-rc.1.0.20200128212940-432ed0090f3d
golang
github.com/smallstep/certificates
v0.14.0-rc.10.badger2
golang
github.com/smallstep/certificates
v0.14.0-rc.14
golang
github.com/smallstep/certificates
v0.14.0-rc.15
golang
github.com/smallstep/certificates
v0.14.0-rc.16
golang
github.com/smallstep/certificates
v0.14.0-rc.1
golang
github.com/smallstep/certificates
v0.14.0-rc.2.0.20200129195847-7846696fbb69
golang
github.com/smallstep/certificates
v0.14.0-rc.2
golang
github.com/smallstep/certificates
v0.14.0-rc.3
golang
github.com/smallstep/certificates
v0.14.0-rc.4.badger2
golang
github.com/smallstep/certificates
v0.14.0-rc.5
golang
github.com/smallstep/certificates
v0.14.0-rc.6
golang
github.com/smallstep/certificates
v0.14.0-rc.7
golang
github.com/smallstep/certificates
v0.14.0-rc.8
golang
github.com/smallstep/certificates
v0.14.0-rc.9
golang
github.com/smallstep/certificates
v0.14.0
golang
github.com/smallstep/certificates
v0.14.1
golang
github.com/smallstep/certificates
v0.14.2
golang
github.com/smallstep/certificates
v0.14.3-rc.1.badger2
golang
github.com/smallstep/certificates
v0.14.3-rc.2.32bitbadger2
golang
github.com/smallstep/certificates
v0.14.3
golang
github.com/smallstep/certificates
v0.14.4
golang
github.com/smallstep/certificates
v0.14.5-rc.1.100MB.badgerV2
golang
github.com/smallstep/certificates
v0.14.5-rc.2.100MB.badgerV2
golang
github.com/smallstep/certificates
v0.14.5-rc.3.cullACMEOrders
golang
github.com/smallstep/certificates
v0.14.5-rc.4
golang
github.com/smallstep/certificates
v0.14.5
golang
github.com/smallstep/certificates
v0.14.6
golang
github.com/smallstep/certificates
v0.14.7-rc.1.docker-buildx
golang
github.com/smallstep/certificates
v0.14.7-rc.2.deb-name-test
golang
github.com/smallstep/certificates
v0.15.0-rc.1.0.20200506212953-e855707dc274
golang
github.com/smallstep/certificates
v0.15.0-rc.1.0.20200731180748-e55ad2ad5245
golang
github.com/smallstep/certificates
v0.15.0-rc.1
golang
github.com/smallstep/certificates
v0.15.0
golang
github.com/smallstep/certificates
v0.15.1-rc.1
golang
github.com/smallstep/certificates
v0.15.10
golang
github.com/smallstep/certificates
v0.15.11
golang
github.com/smallstep/certificates
v0.15.12-rc1
golang
github.com/smallstep/certificates
v0.15.12-rc2
golang
github.com/smallstep/certificates
v0.15.12-rc3
1-50 of 228
CVE-2025-44005 | Components Impacted | Sonatype Guide | Sonatype Guide
