Acme.Sh Project Acme.Sh vulnerabilities
2 known vulnerabilities affecting acme.sh_project/acme.sh.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-38198P1CRITICALCVSS 9.8Exploitedfixed in 3.0.62023-07-13
CVE-2023-38198 [CRITICAL] CWE-94 CVE-2023-38198: acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild
acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.
nvd
CVE-2025-32111P3HIGHCVSS 8.7fixed in 40b6db6a2715628aa977ed1853fe5256704010ae2025-04-04
CVE-2025-32111 [HIGH] CWE-260 CVE-2025-32111: The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout.
nvd