CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Wolfi•added 2026/02/26 7:48 p.m.•5 views

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: flux, crossplane-provider-azure-authorization, gitea, argo-events, nfpm, crossplane-provider-aws-cloudfront, extism, gitness, crossplane, rclone, crossplane-provider-aws-dynamodb, rancher-fleet, flux-source-controller, syft, crossplane-provider-aws-elasticache, dagge...

9.8CVSS7.5AI score0.00026EPSS

Wolfi•added 2026/02/26 7:48 p.m.•6 views

GHSA-Q9HV-HPM4-HJ6X vulnerabilities

Chainguard•added 2026/02/26 7:17 p.m.•6 views

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-dynamodb-fips, cg, crossplane-provider-aws-elasticache-fips, flux, rancher-fleet, image-factory, trivy, buildkitd, cluster-api, terraform-provider-pagerduty, ratify-fips, gitlab-rails-ce-fips, trufflehog, argo-events-fips,...

9.8CVSS7.5AI score0.00026EPSS

OSV•added 2025/12/02 5:36 p.m.•2 views

BIT-FLUX-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

7.7CVSS6.6AI score0.0031EPSS

OSV•added 2025/12/02 5:36 p.m.•2 views

BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS7AI score0.00617EPSS

OSV•added 2025/12/02 5:36 p.m.•3 views

BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

9.9CVSS7.3AI score0.00378EPSS

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-3043

Malicious code in bioql PyPI...

7.7CVSS6.8AI score0.0031EPSS

Exploits0References3

Chainguard•added 2025/08/09 1:17 p.m.•8 views

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: flux, fuse-overlayfs-snapshotter, harbor-scanner-trivy-fips, kube-bench, conftest-fips, databricks-cli-fips, nri-nagios, falco-exporter-fips, trino, cluster-api-helm-controller, fulcio, victoriametrics-operator, apm-server, eksctl, gotestsum, opentofu, kyverno,...

RedhatCVE•added 2025/02/05 9:42 p.m.•7 views

CVE-2022-24877

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS6.8AI score0.00617EPSS

Exploits0References1

Chainguard•added 2024/12/18 6:23 p.m.•6 views

GHSA-32GQ-X56H-299C vulnerabilities

Vulnerabilities for packages: grafana-fips, flux-kustomize-controller, litestream, sops-fips, chezmoi, age-fips, grafana, age, ksops, sops, flux-kustomize-controller-fips...

OSV•added 2024/08/21 2:30 p.m.•7 views

GO-2022-0260 Privilege escalation to cluster admin on multi-tenant environments in github.com/fluxcd/kustomize-controller

Privilege escalation to cluster admin on multi-tenant environments in github.com/fluxcd/kustomize-controller...

9CVSS8.8AI score0.01711EPSS

Exploits1References2

Wolfi•added 2024/06/11 5:16 p.m.•88 views

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: flux, flux-image-reflector-controller, secrets-store-csi-driver-provider-azure, airflow, sops, step, tekton-chains, terragrunt, thanos, argo-events, buildkitd, external-secrets-operator, zarf, hugo-extended, opentelemetry-collector-contrib, fulcio, restic,...

5.5CVSS6.2AI score0.00221EPSS

OSV•added 2024/03/06 10:55 a.m.•17 views

BIT-KUSTOMIZE-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS9AI score0.00617EPSS

OSV•added 2024/03/06 10:55 a.m.•21 views

BIT-KUSTOMIZE-2022-24878 Improper path handling in Kustomization files allows for denial of service

7.7CVSS6.4AI score0.0031EPSS

Chainguard•added 2024/03/05 11:15 p.m.•74 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: flux, kubeflow-fips, flux-notification-controller, fuse-overlayfs-snapshotter, kube-bench, conftest-fips, envoy-ratelimit-fips, fulcio, pulumi-kubernetes-operator, eksctl, opentofu, kube-state-metrics-fips, flux-helm-controller, guac, cloudflared,...

7.5CVSS6.4AI score0.00533EPSS

Chainguard•added 2023/10/25 9:17 p.m.•80 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: vault-csi-provider, terraform-provider-sendgrid, kube-oidc-proxy, kubeflow-fips, dgraph, src, buildkitd, metrics-server-fips, ipfs, slsa-verifier, aws-efs-csi-driver-fips, conftest-fips, kubevela, up, volume-modifier-for-k8s-fips, bank-vaults-fips,...

Wolfi•added 2023/10/10 9:28 p.m.•41 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: coredns, conftest, sigstore-scaffolding, minio, kind, gitness, haproxy-ingress, spark-operator, flux-source-controller, wireguard-go, cosign, kubernetes-csi-livenessprobe, pulumi-language-dotnet, pulumi, flux-helm-controller, kubeflow-katib, nghttp2,...