CVE-2025-68119 vulnerabilities

Vulnerabilities for packages: opentofu, crossplane-provider-aws-rds, croc, nerdctl, crossplane-provider-azure-sql, undock, git-sync, kube-logging-operator, wazero, net-kourier, http-echo, ingress-nginx-controller, keda, wave, crossplane-provider-aws-dynamodb, clickhouse-operator, nats-top, fixuid...

GHSA-CM6P-QC7V-M3JW vulnerabilities

Vulnerabilities for packages: opentofu, crossplane-provider-aws-rds, croc, nerdctl, crossplane-provider-azure-sql, undock, git-sync, kube-logging-operator, wazero, net-kourier, http-echo, ingress-nginx-controller, keda, wave, crossplane-provider-aws-dynamodb, clickhouse-operator, nats-top, fixuid...

GHSA-XVQR-69V8-F3GV vulnerabilities

Vulnerabilities for packages: opentofu, crossplane-provider-aws-rds, croc, nerdctl, crossplane-provider-azure-sql, undock, git-sync, kube-logging-operator, wazero, net-kourier, http-echo, ingress-nginx-controller, keda, wave, crossplane-provider-aws-dynamodb, clickhouse-operator, nats-top, fixuid...

GHSA-GM9R-Q53W-2GH4 vulnerabilities

Vulnerabilities for packages: kubernetes-event-exporter, local-static-provisioner, kbld, opentofu, dask-gateway, kubernetes-dashboard-api, terraform-docs, kubescape-operator, dockerize, crossplane-provider-aws-rds, croc, tofu-controller, kyverno-policy-reporter-ui, nerdctl,...

CVE-2025-61726 vulnerabilities

Vulnerabilities for packages: kubernetes-event-exporter, local-static-provisioner, kbld, opentofu, dask-gateway, kubernetes-dashboard-api, terraform-docs, kubescape-operator, dockerize, crossplane-provider-aws-rds, croc, tofu-controller, kyverno-policy-reporter-ui, nerdctl,...

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

CVE-2026-25152 @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...

Directory Traversal

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Directory Traversal via the TechdocsGenerator function when processing documentation from...

CVE-2026-25152

The CVE-2026-25152 entry concerns the Backstage @backstage/plugin-techdocs-node, where versions before 1.13.11 and 1.14.1 allow path traversal via the TechDocs local generator when techdocs.generator.runIn is set to local. This permits reading arbitrary host files as MkDocs follows symlinks in do...

EUVD-2026-5004

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...

Arbitrary Code Injection

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Arbitrary Code Injection via the processing of MkDocs hooks, when TechDocs is configured wit...

CVE-2026-24845

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

CLEANSTART-2026-YB44027 Moby is an open-source project created by Docker for software containerization

Multiple security vulnerabilities affect the docker-fips package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details...

CLEANSTART-2026-SB85645 Moby is an open-source project created by Docker for software containerization

Multiple security vulnerabilities affect the docker-fips package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details...

CLEANSTART-2026-OS18490 Moby is an open-source project created by Docker for software containerization

Multiple security vulnerabilities affect the docker-fips package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details...

CLEANSTART-2026-XL45869 Moby is an open-source project created by Docker for software containerization

Multiple security vulnerabilities affect the docker-fips package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details...

CLEANSTART-2026-BN11148 Moby is an open-source project created by Docker for software containerization

Multiple security vulnerabilities affect the docker-fips package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details...

CLEANSTART-2026-JD48541 Moby is an open-source project created by Docker for software containerization

Multiple security vulnerabilities affect the docker-fips package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details...

CLEANSTART-2026-HL71566 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the docker-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

CLEANSTART-2026-QM19832 Moby is an open source container framework developed by Docker Inc

Multiple security vulnerabilities affect the argo-workflows-fips package. Moby is an open source container framework developed by Docker Inc. See references for individual vulnerability details...