## Dashy Security Alert: 25 New Vulnerabilities, Including 3 Critical, Found in Popular Dashboard Image A major security scan of the popular self-hosted dashboard application Dashy has uncovered 25 new vulnerabilities, including three rated as critical and 22 as high severity. The findings, dated March 13, 2026, expose significant risks within the `lissy93/dashy:latest` Docker image, which is widely deployed by individuals and organizations for aggregating web services and monitoring tools. The sheer volume of high and critical flaws in a single scan signals a potentially severe and unaddressed security posture for a key piece of open-source infrastructure. The vulnerabilities span critical system and application dependencies. Among the high-severity issues are CVE-2024-6119 in OpenSSL's libcrypto, which could lead to denial of service during X.509 certificate validation; CVE-2025-26519 in the musl C library, involving an out-of-bounds write; and command injection risks in the `glob` package (CVE-2025-64756) and regular expression denial of service in `cross-spawn` (CVE-2024-21538). The presence of three critical vulnerabilities, whose details are truncated in the source, indicates the potential for remote code execution or complete system compromise. For administrators and developers relying on Dashy, this scan represents an urgent operational security warning. The affected packages are foundational to the application's runtime, meaning the attack surface is broad. Unpatched, these vulnerabilities could allow attackers to hijack dashboard instances, access linked internal services, or disrupt monitoring operations. The report pressures the maintainers of the Dashy project and downstream users to prioritize immediate patching, dependency updates, and a comprehensive review of the container's supply chain security. --- - **Source**: GitHub Issues - **Sector**: The Lab - **Tags**: cybersecurity, vulnerability, open-source, supply-chain, container-security - **Credibility**: unverified - **Published**: 2026-03-30 04:26:55 - **ID**: 40437 - **URL**: https://whisperx.ai/en/intel/40437