SP Project & Document Manager Security Vulnerabilities

Malicious code in airbnb-o2 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (15a37bd4059b76c7466684dfbc565c913af0ab4af849c5a643ce44d3bb7a4a6e) The OpenSSF Package Analysis project identified 'airbnb-o2' @ 13.37.1 (npm) as malicious. It is considered malicious because: The package...

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: argo-workflows, slsa-verifier, terragrunt, flux-source-controller, external-secrets-operator, argo-cd, traefik, flux-kustomize-controller, gitsign, oauth2-proxy, sops, kubescape, dex, fulcio, kyverno, tekton-chains, cert-manager, kots, cosign, falco,...

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: slsa-verifier, ctop, scorecard, kubescape, loki, kpt, tekton-chains, cert-manager, k3s, prometheus, up, paranoia, falco, chartmuseum, goreleaser, bom, aactl, tekton-pipelines, skaffold,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: cue, conftest, slsa-verifier, ingress-nginx-controller, tctl, pulumi-language-yaml, envoy-ratelimit, flux-kustomize-controller, gitness, ko, nginx-stable, fuse-overlayfs-snapshotter, mc, kubernetes-csi-external-attacher, falco, calico, hugo, keda, nats, pulumi,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: eksctl, flux-helm-controller, chartmuseum, cert-manager, k9s, cilium-cli, flux-source-controller, helm-push, kots, kubescape, up, istio-operator, zot, k8sgpt, trivy, helm-operator,...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: eksctl, flux-helm-controller, chartmuseum, cert-manager, k9s, cilium-cli, flux-source-controller, helm-push, kots, kubescape, up, istio-operator, zot, k8sgpt, trivy, helm-operator,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: flux-source-controller, ctop, telegraf, neuvector-agent, grype, zot, flux-helm-controller, gitness, kubescape, kubevela, kaniko, fuse-overlayfs-snapshotter, cert-manager, helm, cilium-cli, kots, up, melange, trivy, eksctl, newrelic-infrastructure-agent, helm-push,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: conftest, argo-workflows, slsa-verifier, terraform-docs, ingress-nginx-controller, newrelic-infra-operator, vault-k8s, flannel, prometheus-operator, tctl, zot, pulumi-language-yaml, envoy-ratelimit, certificate-transparency, nri-kubernetes, kine, osv-scanner, gitness,....

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, kine, osv-scanner, tigera-operator, smarter-device-manager, doppler-kubernetes-operator, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: cue, conftest, ipfs, terraform-docs, node-feature-discovery, wait-for-port, mage, newrelic-infra-operator, harbor-cli, mkcert, flannel, vault-k8s, zot, pulumi-language-yaml, gostatsd, certificate-transparency, delve, render-template, croc, flux-kustomize-controller,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: cue, conftest, ipfs, terraform-docs, node-feature-discovery, wait-for-port, mage, newrelic-infra-operator, harbor-cli, mkcert, flannel, vault-k8s, zot, pulumi-language-yaml, gostatsd, certificate-transparency, delve, render-template, croc, flux-kustomize-controller,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: local-path-provisioner, slsa-verifier, vertical-pod-autoscaler, wait-for-port, ctop, mage, protoc-gen-go-grpc, scorecard, prometheus-bind-exporter, render-template, petname, hey, grpcurl, sbom-scorecard, sops, docker-credential-ecr-login, cni-plugins,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: cue, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, trust-manager, thanos-operator, kube-logging-operator, hugo,.....

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: argo-workflows, slsa-verifier, ctop, dagger, telegraf, zot, docker-credential-gcr, scorecard, traefik, gitsign, policy-controller, timoni, flux-helm-controller, guac, kubescape, loki, datadog-agent, kubevela, cri-tools, nerdctl, k8sgpt, helm-operator, kargo, kyverno,.....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: conftest, argo-workflows, slsa-verifier, terraform-docs, ingress-nginx-controller, newrelic-infra-operator, vault-k8s, flannel, prometheus-operator, tctl, zot, pulumi-language-yaml, envoy-ratelimit, certificate-transparency, nri-kubernetes, kine, osv-scanner, gitness,....

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: teleport, argo-workflows, harbor-registry, terragrunt, flux-source-controller, external-secrets-operator, grafana-mimir, telegraf, prometheus-operator, zot, external-dns, traefik, flux-kustomize-controller, policy-controller, flyte, chezmoi, flux, sops, guac, loki,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: teleport, argo-workflows, harbor-registry, terragrunt, flux-source-controller, external-secrets-operator, grafana-mimir, telegraf, prometheus-operator, zot, external-dns, traefik, flux-kustomize-controller, policy-controller, flyte, chezmoi, flux, sops, guac, loki,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: libssh2, conftest, argo-workflows, slsa-verifier, terraform-docs, vault-k8s, zot, certificate-transparency, libssh, flux-kustomize-controller, apko, gitness, tigera-operator, dockerize, ko, nerdctl, secrets-store-csi-driver-provider-azure, k3s, cilium-cli,...

CVE-2023-45142 vulnerabilities

Vulnerabilities for packages: kubernetes, cert-manager, gitlab-kas, gatekeeper, ipfs, k3s, keda, prometheus, thanos, kubevela, up, caddy, calico,...

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: kubernetes, cert-manager, gitlab-kas, gatekeeper, ipfs, k3s, keda, prometheus, thanos, kubevela, up, caddy, calico,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: kyverno, kubernetes-csi-external-resizer, aws-ebs-csi-driver, kine, kubernetes, cert-manager, containerd, keda, docker-compose, k3s, kubescape, temporal, kubevela, argo-cd, temporal-server, cri-tools,...

GHSA-8PGV-569H-W5RW vulnerabilities

Vulnerabilities for packages: kyverno, kubernetes-csi-external-resizer, aws-ebs-csi-driver, kine, kubernetes, cert-manager, containerd, keda, docker-compose, k3s, kubescape, temporal, kubevela, argo-cd, temporal-server, cri-tools,...

CVE-2024-26147 vulnerabilities

Vulnerabilities for packages: eksctl, flux-helm-controller, chartmuseum, cert-manager, k9s, cilium-cli, flux-source-controller, helm-push, kots, kubescape, up, istio-operator, zot, k8sgpt, trivy, helm-operator,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, kine, osv-scanner, tigera-operator, smarter-device-manager, doppler-kubernetes-operator, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: cue, conftest, ipfs, terraform-docs, node-feature-discovery, wait-for-port, mage, newrelic-infra-operator, harbor-cli, mkcert, flannel, vault-k8s, zot, pulumi-language-yaml, gostatsd, certificate-transparency, delve, render-template, croc, flux-kustomize-controller,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, kubernetes-dns-node-cache, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, istio-operator,...

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: containerd, argo-workflows, slsa-verifier, weaviate, terragrunt, flux-source-controller, external-secrets-operator, argo-cd, rabbitmq-messaging-topology-operator, cilium, flux-kustomize-controller, gitsign, oauth2-proxy, policy-controller, apko, guac, dex, ko,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: argo-workflows, nri-rabbitmq, mkcert, flannel, gostatsd, delve, render-template, flux-kustomize-controller, osv-scanner, smarter-device-manager, doppler-kubernetes-operator, wgcf, k3s, mc, volume-modifier-for-k8s, trivy, protoc-gen-go, kube-logging-operator, grafana,.....

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: local-path-provisioner, slsa-verifier, vertical-pod-autoscaler, wait-for-port, ctop, mage, protoc-gen-go-grpc, scorecard, prometheus-bind-exporter, render-template, petname, hey, grpcurl, sbom-scorecard, sops, docker-credential-ecr-login, cni-plugins,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: local-path-provisioner, slsa-verifier, vertical-pod-autoscaler, wait-for-port, ctop, mage, protoc-gen-go-grpc, scorecard, prometheus-bind-exporter, render-template, petname, hey, grpcurl, sbom-scorecard, sops, docker-credential-ecr-login, cni-plugins,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: containerd, argo-workflows, slsa-verifier, weaviate, terragrunt, flux-source-controller, external-secrets-operator, argo-cd, rabbitmq-messaging-topology-operator, cilium, flux-kustomize-controller, gitsign, oauth2-proxy, policy-controller, apko, guac, dex, ko,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, kubernetes-dns-node-cache, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, istio-operator,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: cue, vault-k8s, prometheus-operator, tctl, zot, pulumi-language-yaml, flux-kustomize-controller, apko, gitness, prometheus-pushgateway, fuse-overlayfs-snapshotter, k3s, mc, kubernetes-csi-external-attacher, trust-manager, thanos-operator, kube-logging-operator, hugo,.....

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: conftest, gitlab-pages, gatekeeper, slsa-verifier, weaviate, flux-source-controller, telegraf, argo-cd, neuvector-agent, vault-csi-provider, grype, tctl, dynamic-localpv-provisioner, nvidia-device-plugin, pulumi-language-yaml, external-dns, envoy-ratelimit,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: cue, conftest, slsa-verifier, ingress-nginx-controller, tctl, pulumi-language-yaml, envoy-ratelimit, flux-kustomize-controller, gitness, ko, nginx-stable, fuse-overlayfs-snapshotter, mc, kubernetes-csi-external-attacher, falco, calico, hugo, keda, nats, pulumi,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: cue, slsa-verifier, terraform-docs, wait-for-port, ingress-nginx-controller, mage, newrelic-infra-operator, nri-rabbitmq, vault-k8s, prometheus-operator, tctl, pulumi-language-yaml, envoy-ratelimit, nri-memcached, delve, nri-apache, render-template, kine, gitness,...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: eksctl, flux-helm-controller, chartmuseum, cert-manager, k9s, cilium-cli, flux-source-controller, helm-push, kots, kubescape, up, istio-operator, zot, k8sgpt, trivy, helm-operator,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: local-path-provisioner, slsa-verifier, vertical-pod-autoscaler, wait-for-port, ctop, mage, protoc-gen-go-grpc, scorecard, prometheus-bind-exporter, render-template, petname, hey, grpcurl, sbom-scorecard, sops, docker-credential-ecr-login, cni-plugins,...