Github.Com Open-Feature Flagd Flagd vulnerabilities

CVE-2026-31866 [HIGH] CWE-770 flagd Vulnerable to Allocation of Resources Without Limits or Throttling flagd Vulnerable to Allocation of Resources Without Limits or Throttling ## Details flagd exposes OFREP (`/ofrep/v1/evaluate/...`) and gRPC (`evaluation.v1`, `evaluation.v2`) endpoints for feature flag evaluation. These endpoints are designed to be publicly accessible by client applications. The evaluation context included in request payloads is read into memory without any size restriction.

CVE-2025-47907 [HIGH] CWE-20 flagd: Multiple Go Runtime CVEs Impact Security and Availability flagd: Multiple Go Runtime CVEs Impact Security and Availability ### Summary In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd (the evaluation engine for OpenFeature). These CVEs primarily focus on Denial of Service (DoS) through resource exhaustion and Race Conditions in database handling. | CVE ID | Impacted Package | Severity | De