Azure Linux 3.0 Security Update: keda (CVE-2021-42836)

The version of keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-42836 advisory. - GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack. CVE-2021-42836 Note that Nessus...

Azure Linux 3.0 Security Update: keda (CVE-2021-32923)

The version of keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-32923 advisory. - HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret...

Azure Linux 3.0 Security Update: keda (CVE-2025-29923)

The version of keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29923 advisory. - go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7....

EUVD-2025-204753

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

PT-2025-52724

Name of the Vulnerable Software and Affected Versions KEDA versions prior to 2.17.3 KEDA versions prior to 2.18.3 Description KEDA is a Kubernetes-based Event Driven Autoscaling component. A flaw exists in KEDA that could allow an attacker with permissions to create or modify a...

CVE-2025-22872 affecting package keda for versions less than 2.14.1-7

CVE-2025-22872 affecting package keda for versions less than 2.14.1-7. A patched version of the package is available...

CVE-2025-22870 affecting package keda for versions less than 2.14.1-6

CVE-2025-22870 affecting package keda for versions less than 2.14.1-6. A patched version of the package is available...

CVE-2024-51744 affecting package keda for versions less than 2.14.1-6

CVE-2024-51744 affecting package keda for versions less than 2.14.1-6. A patched version of the package is available...

CBL Mariner 2.0 Security Update: coredns / ig / keda (CVE-2025-29786)

The version of coredns / ig / keda installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29786 advisory. - Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if th...

Azure Linux 3.0 Security Update: cert-manager / influxdb / keda / libcontainers-common / packer (CVE-2024-6104)

The version of cert-manager / influxdb / keda / libcontainers-common / packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6104 advisory. - go-retryablehttp prior to 0.7.7 did not sanitize urls...

AZL-52201 CVE-2024-51744 affecting package keda for versions less than 2.14.1-7

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-35882 CVE-2024-28180 affecting package keda for versions less than 2.14.0-1

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

AZL-35843 CVE-2024-28180 affecting package keda for versions less than 2.4.0-26

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

AZL-35579 CVE-2024-24786 affecting package keda for versions less than 2.4.0-24

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...