GHSA-88JX-383Q-W4QC vulnerabilities
Vulnerabilities for packages: aactl, tkn, melange, falcoctl, goreleaser, neuvector-sigstore-interface, zarf, zot, gitsign, ko, slsa-verifier, policy-controller, kubescape, skaffold, tekton-chains, flux-source-controller, apko, spire-server, vexctl, falco,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...
7.5AI Score
CVE-2023-46737 vulnerabilities
Vulnerabilities for packages: goreleaser, cosign, aactl, tekton-chains, ko, slsa-verifier, policy-controller, tkn, melange, apko, spire-server, kubescape, skaffold,...
5.3CVSS
5.1AI Score
0.0005EPSS
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...
7.5AI Score
Vulnerabilities for packages: calico, cluster-autoscaler, spark-operator, ip-masq-agent, kubernetes-dns-node-cache, aws-efs-csi-driver, aws-ebs-csi-driver, prometheus-adapter,...
8.8CVSS
8.1AI Score
0.001EPSS
GHSA-HQ6Q-C2X6-HMCH vulnerabilities
Vulnerabilities for packages: calico, cluster-autoscaler, spark-operator, ip-masq-agent, kubernetes-dns-node-cache, aws-efs-csi-driver, aws-ebs-csi-driver, prometheus-adapter,...
7.5AI Score
CVE-2024-26147 vulnerabilities
Vulnerabilities for packages: helm-operator, k9s, eksctl, cert-manager, zarf, zot, helm-push, flux-source-controller, istio-operator, up, k8sgpt, kots, cilium-cli, flux-helm-controller, kubescape, trivy,...
7.5CVSS
7.7AI Score
0.0004EPSS
9.8CVSS
9.9AI Score
0.005EPSS
CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-19
CVE-2021-4235 affecting package application-gateway-kubernetes-ingress 1.4.0-19. This CVE either no longer is or was never...
5.5CVSS
6.6AI Score
0.001EPSS
CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-19
CVE-2022-3064 affecting package application-gateway-kubernetes-ingress 1.4.0-19. This CVE either no longer is or was never...
7.5CVSS
7.8AI Score
0.005EPSS
GHSA-V53G-5GJP-272R vulnerabilities
Vulnerabilities for packages: helm-operator, k9s, eksctl, cert-manager, zarf, zot, helm-push, flux-source-controller, istio-operator, up, k8sgpt, kots, cilium-cli, flux-helm-controller, kubescape, trivy,...
7.5AI Score
7.5AI Score
9.8CVSS
9.9AI Score
0.005EPSS
9.8CVSS
9.9AI Score
0.005EPSS
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: aactl, prometheus-bind-exporter, go-md2man, render-template, grpcurl, influx, ctop, cass-operator, gops, goreleaser, helm-push, local-path-provisioner, slsa-verifier, prometheus-stackdriver-exporter, configmap-reload, nri-discovery-kubernetes, cni-plugins, gosu,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: aactl, prometheus-bind-exporter, go-md2man, render-template, grpcurl, influx, ctop, cass-operator, gops, goreleaser, helm-push, local-path-provisioner, slsa-verifier, prometheus-stackdriver-exporter, configmap-reload, nri-discovery-kubernetes, cni-plugins, gosu,...
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: skopeo, cosign, aactl, tkn, step, melange, tekton-pipelines, weaviate, grafana, istio-pilot-discovery, falcoctl, grpc-health-probe, vault, cilium, goreleaser, zarf, frp, gitsign, ko, slsa-verifier, policy-controller, terragrunt, keda, external-secrets-operator,...
4.3CVSS
6AI Score
0.0005EPSS
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: calico, grype, wireguard-go, aactl, prometheus, flux-image-reflector-controller, consul, zot, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubescape, temporal-server, pulumi, dockerize, secrets-store-csi-driver-provider-azure, sigstore-scaffolding,...
7.5AI Score
CVE-2024-29902 vulnerabilities
Vulnerabilities for packages: aactl, tkn, melange, falcoctl, goreleaser, neuvector-sigstore-interface, zarf, zot, gitsign, ko, slsa-verifier, policy-controller, kubescape, skaffold, tekton-chains, flux-source-controller, apko, spire-server, vexctl, falco,...
4.2CVSS
4.5AI Score
0.0004EPSS
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, kubernetes-csi-livenessprobe, trust-manager, tctl, hey, pulumi, minio, prometheus-operator,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, trust-manager, tctl, hey, pulumi, minio,....
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: calico, grype, cosign, aactl, flux-notification-controller, kubevela, buildkitd, helm, prometheus, weaviate, gitlab-pages, secrets-store-csi-driver, goreleaser, pulumi-language-yaml, ko, slsa-verifier, pulumi-kubernetes-operator, conftest, keda,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: calico, grype, wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, dotnet, nodetaint, pulumi-language-yaml, ko, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, tctl, hey, pulumi, minio, sigstore-scaffolding, cert-manager, metacontroller,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...
7.8AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...
7.8AI Score
0.0004EPSS
CVE-2024-37891 vulnerabilities
Vulnerabilities for packages: ggshield, py3-cassandra-medusa, reflex, mlflow, superset, py3-urllib3, airflow, confluent-docker-utils, dask-gateway, kubeflow-jupyter-web-app, kubeflow-pipelines, az, k8s-sidecar, kubeflow-katib,...
4.4CVSS
4.9AI Score
0.0004EPSS
GHSA-MW99-9CHC-XW7R vulnerabilities
Vulnerabilities for packages: kubevela, nuclei, tekton-pipelines, goreleaser, zot, pulumi-language-yaml, gitsign, pulumi-kubernetes-operator, pulumi, src-fingerprint, argo-cd, gomplate, apko, gitness, bom, pulumi-language-java, flux-kustomize-controller, pulumi-language-dotnet, scorecard, kots,...
7.5AI Score
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: aactl, tkn, melange, falcoctl, goreleaser, neuvector-sigstore-interface, zarf, zot, gitsign, ko, slsa-verifier, policy-controller, kubescape, skaffold, tekton-chains, flux-source-controller, apko, spire-server, vexctl, falco,...
4.2CVSS
4.6AI Score
0.0004EPSS
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: aactl, prometheus-bind-exporter, go-md2man, render-template, grpcurl, influx, ctop, cass-operator, gops, goreleaser, helm-push, local-path-provisioner, slsa-verifier, prometheus-stackdriver-exporter, configmap-reload, nri-discovery-kubernetes, cni-plugins, gosu,...
5.3CVSS
7.2AI Score
0.001EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...
7.5AI Score
7.5AI Score
GHSA-34JH-P97F-MPXF vulnerabilities
Vulnerabilities for packages: ggshield, py3-cassandra-medusa, reflex, mlflow, superset, py3-urllib3, airflow, confluent-docker-utils, dask-gateway, kubeflow-jupyter-web-app, kubeflow-pipelines, az, k8s-sidecar, kubeflow-katib,...
7.5AI Score
CVE-2023-49568 vulnerabilities
Vulnerabilities for packages: kubevela, nuclei, tekton-pipelines, goreleaser, zot, pulumi-language-yaml, gitsign, pulumi-kubernetes-operator, pulumi, src-fingerprint, argo-cd, gomplate, apko, gitness, bom, pulumi-language-java, flux-kustomize-controller, pulumi-language-dotnet, scorecard, kots,...
7.5CVSS
7.8AI Score
0.0005EPSS
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: calico, node-feature-discovery, cluster-autoscaler, local-static-provisioner, spark-operator, ip-masq-agent, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, kubernetes, aws-ebs-csi-driver,...
7.5AI Score
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: skopeo, grype, buildkitd, ctop, ingress-nginx-controller, kaniko, kubernetes, cadvisor, k9s, zarf, zot, kubescape, skaffold, runc, nerdctl, trivy, telegraf, k3d, syft, docker, k3s, nvidia-device-plugin, newrelic-infrastructure-agent, kots, wolfictl,...
7.5AI Score
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: py3-urllib3, dask-gateway, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, k8s-sidecar,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...
7.5AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: skopeo, cosign, aactl, filebeat, kubevela, buildkitd, helm, prometheus, flux-image-reflector-controller, tekton-pipelines, gitlab-runner, ctop, docker-credential-gcr, k8sgpt, istio-pilot-discovery, falcoctl, cadvisor, goreleaser, k9s, eksctl, timoni, gitsign, zarf,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...
6AI Score
0.0004EPSS
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: py3-urllib3, dask-gateway, kubeflow-jupyter-web-app, kubeflow-volumes-web-app, k8s-sidecar,...
8.1CVSS
7.7AI Score
0.001EPSS
CVE-2023-44487 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-15. A patched version of the package is...
7.5CVSS
8.2AI Score
0.732EPSS
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (october://) allowed external links, therefore allowing an...
3.5CVSS
6.8AI Score
EPSS
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (october://) allowed external links, therefore allowing an...
3.5CVSS
EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
6.2AI Score
EPSS
CVE-2024-24764 October Open Redirect for Administrator Accounts
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (october://) allowed external links, therefore allowing an...
3.5CVSS
EPSS
CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled
pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc...
7.2CVSS
EPSS