62 matches found
GHSA-XHF5-7WJV-PQXP vulnerabilities
Vulnerabilities for packages: k9s-fips, kube-arangodb, tigera-operator-fips, kubevela-fips, trivy-operator-fips, skaffold-fips, dagger, helmfile, helm-exporter, packer, rancher-agent, kgateway, neuvector-scanner-fips, headlamp-fips, cloudbeat, docker-cli-buildx-fips, kube-mgmt, kargo,...
GHSA-FQW6-GF59-QR4W vulnerabilities
Vulnerabilities for packages: kots, newrelic-infrastructure-agent, ctop, containerd, tigera-operator, helm, gogatekeeper, dagger, consul-k8s, skaffold, helm-mapkubeapis, kube-arangodb, kubescape-operator, trivy, helm-operator, fuse-overlayfs-snapshotter, xeol, docker, k8sgpt, osv-scanner,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: kots, newrelic-infrastructure-agent, ctop, containerd, tigera-operator, helm, gogatekeeper, dagger, consul-k8s, skaffold, helm-mapkubeapis, kube-arangodb, kubescape-operator, trivy, helm-operator, fuse-overlayfs-snapshotter, xeol, docker, k8sgpt, osv-scanner,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: k9s-fips, kube-arangodb, tigera-operator-fips, kubevela-fips, trivy-operator-fips, skaffold-fips, dagger, helm-exporter, packer, rancher-agent, neuvector-scanner-fips, headlamp-fips, cloudbeat, docker-cli-buildx-fips, kube-mgmt, kargo, upwind-agent, envoy-gateway-fip...
GHSA-HR2V-4R36-88HR vulnerabilities
Vulnerabilities for packages: kots, helm-docs, cerbos, tigera-operator, harbor, consul-k8s, helm-mapkubeapis, kube-arangodb, trivy, helm-operator, chart-testing, cilium-cli, chartmuseum, kubescape, pluto, trivy-operator, zarf, k9s, cert-manager-cmctl, teleport, tw, cluster-api-helm-controller, zo...
CVE-2026-35206 vulnerabilities
Vulnerabilities for packages: kots, helm-docs, cerbos, tigera-operator, harbor, consul-k8s, helm-mapkubeapis, kube-arangodb, trivy, helm-operator, chart-testing, cilium-cli, chartmuseum, kubescape, pluto, trivy-operator, zarf, k9s, cert-manager-cmctl, teleport, tw, cluster-api-helm-controller, zo...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, dgraph, grafana-operator, clickhouse-operator, supercronic, apko, volume-modifier-for-k8s, temporal, polaris, smokescreen, spire-server, flux-helm-controller, go, mariadb-operator, victoriametrics-cluster,...
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-kinesis, nfpm, crossplane-provider-aws-cloudformation, pulumi-language-yaml, extism, dagger, gitness, skaffold, lazygit, flux-image-automation-controller, cluster-api, argo-workflows, witness, docker, tfsec, argo-events,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-kinesis, nfpm, crossplane-provider-aws-cloudformation, pulumi-language-yaml, extism, dagger, gitness, skaffold, lazygit, flux-image-automation-controller, cluster-api, argo-workflows, witness, docker, tfsec, argo-events,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: minify, k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, flux-source-watcher, minio-operator-fips, pgtimetable, prometheus-podman-exporter-fips, jobset-fips, prometheus-process-exporter-fips, blob-csi-fips, capslock, crossplane-provider-aws-ecr-fips,...
BIT-FLUX-2022-36049 Flux2 Helm Controller denial of service
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...
BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...
EUVD-2022-6887
Malicious code in bioql PyPI...
GHSA-8PJC-487G-W6P2 vulnerabilities
Vulnerabilities for packages: docker-cli, knative-serving, node-problem-detector, thanos-operator, ko, nri-nginx, dgraph, keda, azure-service-operator, nodetaint, kubecolor, pluto, kuma, chart-testing, cert-manager, grafana-alloy, rancher-agent, cloud-provider-vsphere, rancher-system-agent,...
CVE-2025-55199 vulnerabilities
Vulnerabilities for packages: kots, helm-docs, cerbos, flux-helm-controller, harbor, consul-k8s, helm-mapkubeapis, kube-arangodb, trivy, helm-operator, chart-testing, cilium-cli, chartmuseum, kubescape, pluto, trivy-operator, zarf, istio, k9s, cert-manager-cmctl, teleport, tw,...
CVE-2025-55198 vulnerabilities
Vulnerabilities for packages: kots, helm-docs, cerbos, flux-helm-controller, harbor, consul-k8s, helm-mapkubeapis, kube-arangodb, trivy, helm-operator, chart-testing, cilium-cli, chartmuseum, kubescape, pluto, trivy-operator, zarf, istio, k9s, cert-manager-cmctl, teleport,...
GHSA-F9F8-9PMF-XV68 vulnerabilities
Vulnerabilities for packages: kots, helm-docs, cerbos, flux-helm-controller, harbor, consul-k8s, helm-mapkubeapis, kube-arangodb, trivy, helm-operator, chart-testing, cilium-cli, chartmuseum, kubescape, pluto, trivy-operator, zarf, istio, k9s, cert-manager-cmctl, teleport,...
GHSA-9H84-QMV7-982P vulnerabilities
Vulnerabilities for packages: kots, helm-docs, cerbos, flux-helm-controller, harbor, consul-k8s, helm-mapkubeapis, kube-arangodb, trivy, helm-operator, chart-testing, cilium-cli, chartmuseum, kubescape, pluto, trivy-operator, zarf, istio, k9s, cert-manager-cmctl, teleport, tw,...
CVE-2025-32387 vulnerabilities
Vulnerabilities for packages: cloudbeat-fips, trivy, chartmuseum, tw, k8ssandra-client, flux-source-controller-fips, cert-manager-fips, cert-manager-cmctl-fips, k8ssandra-client-fips, trivy-fips, k9s, flux-source-controller, helm-operator-fips, kubescape, chartmuseum-fips, pluto, flux-fips,...
CVE-2025-32386 vulnerabilities
Vulnerabilities for packages: cloudbeat-fips, trivy, chartmuseum, tw, k8ssandra-client, flux-source-controller-fips, cert-manager-fips, cert-manager-cmctl-fips, k8ssandra-client-fips, trivy-fips, k9s, flux-source-controller, helm-operator-fips, kubescape, chartmuseum-fips, pluto, flux-fips,...