GHSA-VVGJ-X9JQ-8CJ9 vulnerabilities

Vulnerabilities for packages: kargo, kube-metrics-adapter, q, kubernetes-dns-node-cache, frp, k3s, opentelemetry-operator, k8sgateway...

CVE-2026-40898 vulnerabilities

Vulnerabilities for packages: kargo, kube-metrics-adapter, q, kubernetes-dns-node-cache, frp, k3s, opentelemetry-operator, k8sgateway...

Traefik 访问控制错误漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.46, 3.6.17, and 3.7.1 contained a access control vulnerability. This vulnerability stemmed from the Kubernetes Gateway API provider, which allowed tenants with permission to create...

Traefik 2.x < 2.11.46 / 3.x < 3.6.17 / 3.7.x < 3.7.1 Authentication Bypass (CVE-2026-44774)

The version of Traefik installed on the remote macOS host is 2.x prior to 2.11.46, 3.x prior to 3.6.17, or 3.7.x prior to 3.7.1. It is, therefore, affected by an authentication bypass vulnerability: - The Kubernetes Gateway API provider accepts any TraefikService backend reference whose name ends...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the handling of internal service references by the Gateway API provider. An attacker can gain unauthorized dynamic configuration write access by creating or updating an HTTPRoute that targets rest@internal, even...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the handling of internal service references by the Gateway API provider. An attacker can gain unauthorized dynamic configuration write access by creating or updating an HTTPRoute that targets rest@internal, even...

GHSA-X4MJ-7F9G-29H4 vulnerabilities

Vulnerabilities for packages: external-dns, k8sgateway...

GHSA-H9MW-H4QC-F5JF kubernetes-graphql-gateway: GraphQL Endpoint Vulnerable to Authenticated Denial-of-Service via Unrestricted Query Execution

CVSS 6.5 Medium — The GraphQL API served by kubernetes-graphql-gateway is vulnerable to Denial-of-Service DoS attacks due to a complete absence of query resource controls depth limiting, complexity analysis, response size capping, and rate limiting. An authenticated attacker can craft queries tha...

Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Summary There is a potential vulnerability in Traefik's Kubernetes Gateway provider related to rule injection. A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. ...

CVE-2026-26017 vulnerabilities

Vulnerabilities for packages: k8sgateway, kubernetes-dns-node-cache, juicefs...

GHSA-C9V3-4PV7-87PR vulnerabilities

Vulnerabilities for packages: k8sgateway, kubernetes-dns-node-cache, juicefs...

CVE-2026-26017 vulnerabilities

Vulnerabilities for packages: juicefs, kubernetes-dns-node-cache-fips, kubernetes-dns-node-cache, eks-distro, eks-distro-fips, k8sgateway-fips, k8sgateway...

GHSA-C9V3-4PV7-87PR vulnerabilities

Vulnerabilities for packages: juicefs, kubernetes-dns-node-cache-fips, kubernetes-dns-node-cache, eks-distro, eks-distro-fips, k8sgateway-fips, k8sgateway...

GHSA-G754-HX8W-X2G6 vulnerabilities

Vulnerabilities for packages: ipfs-cluster, ipfs-cluster-fips, kubo-fips, seaweedfs-fips, spegel-fips, kubernetes-dns-node-cache, rke2-runtime, dkron-fips, k3s, kubo, k8sgateway-fips, q, coredns-fips, syncthing-fips, dkron, k8sgateway, kargo, traefik, traefik-fips, frp, caddy, caddy-fips,...

CVE-2025-64702 vulnerabilities

Vulnerabilities for packages: ipfs-cluster, ipfs-cluster-fips, kubo-fips, seaweedfs-fips, spegel-fips, kubernetes-dns-node-cache, rke2-runtime, dkron-fips, k3s, kubo, k8sgateway-fips, q, coredns-fips, syncthing-fips, dkron, k8sgateway, kargo, traefik, traefik-fips, frp, caddy, caddy-fips,...

CVE-2025-59530 vulnerabilities

Vulnerabilities for packages: ipfs-cluster, kargo, traefik, q, kyverno-policy-reporter-ui, kubernetes-dns-node-cache, frp, caddy, spegel, teleport, k3s, kubo, dkron, k8sgateway...

GHSA-47M2-4CR7-MHCW vulnerabilities

Vulnerabilities for packages: ipfs-cluster, ipfs-cluster-fips, kubo-fips, spegel-fips, kubernetes-dns-node-cache, rke2-runtime, dkron-fips, k3s, kubo, k8sgateway-fips, q, coredns-fips, syncthing-fips, dkron, k8sgateway, kargo, traefik, traefik-fips, kyverno-policy-reporter-ui, frp,...

EUVD-2022-26894

Malicious code in bioql PyPI...

CVE-2022-21701

Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that th...

Privilege escalation

Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that th...