179 matches found
GHSA-47JG-VQRV-5F8V vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-azure, linux-gcp, linux-qemu-melange...
CVE-2026-46300 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-azure, linux-gcp, linux-qemu-melange...
CLEANSTART-2026-LR89498 Security fixes for CVE-2026-34986, ghsa-3xc5-wrhm-f963, ghsa-78h2-9frx-2jm8 applied in versions: 0.48.1-r0, 0.49.0-r0
Multiple security vulnerabilities affect the melange package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-VB45003 Security fixes for CVE-2026-34986, ghsa-78h2-9frx-2jm8 applied in versions: 0.48.1-r0
Multiple security vulnerabilities affect the melange package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-43500 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-qemu-rc, linux-azure, linux-gcp, linux-qemu-melange...
GHSA-8P2W-G92W-F4X3 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-qemu-rc, linux-azure, linux-gcp, linux-qemu-melange...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: guac, crossplane, nfpm, src-fingerprint, snyk-cli, kaniko, melange, grype, grafana-alloy, gitsign, dagger, steampipe, external-secrets-operator, kargo, scorecard, argo-cd, flux-image-automation-controller, syft, act, tfsec, argocd-image-updater, xeol, kots,...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: grafana-alloy, zarf, chainloop-cli-fips, amazon-ssm-agent, cloudbeat-fips, kots, flux-image-automation-controller, kubescape-server, gitlab-rails-ce, grype-db, skaffold, gitlab-rails-ce-fips, kubevela, gitlab-runner, terragrunt-fips, external-secrets-operator,...
GHSA-G4P6-4X9W-QFQ5 vulnerabilities
Vulnerabilities for packages: linux-azure, linux-qemu-melange...
CVE-2026-43228 vulnerabilities
Vulnerabilities for packages: linux-azure, linux-qemu-melange...
GHSA-W5VP-HVM6-339G vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-qemu-rc, linux-azure, linux-gcp, linux-qemu-melange...
CVE-2026-31574 vulnerabilities
Vulnerabilities for packages: linux-vmware, linux-aws, linux-qemu, linux-qemu-rc, linux-azure, linux-gcp, linux-qemu-melange...
CVE-2026-29050
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...
CVE-2026-29050
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...
CVE-2026-29051
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...
CVE-2026-29051
This CVE affects melange, where the lint/build workflow (enabled by --persist-lint-results) constructs output paths by joining --out-dir with arch and pkgname read from the APK’s .PKGINFO. Versions 0.32.0 through 0.43.3 are vulnerable; 0.43.4 fixes the issue by validating arch/pkgname against ..,...
CVE-2026-29051
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...
CVE-2026-29051 melange has Path Traversal via .PKGINFO in --persist-lint-results
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...
CVE-2026-29051 melange has Path Traversal via .PKGINFO in --persist-lint-results
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...
EUVD-2026-25356
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...