238 matches found
GHSA-GCGV-V5GF-C543 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2026-42945 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
GHSA-GCGV-V5GF-C543 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...
CLEANSTART-2026-OB67529 Security fixes for CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499 applied in versions: 1.15.1-r0
Multiple security vulnerabilities affect the ingress-nginx-controller-1.15 package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: victoriametrics, dkron, flux-helm-controller, pluto, gh, fluxcd-kustomize-mutating-webhook, hubble, ingress-nginx-controller, nodetaint, metacontroller, tailscale, clickhouse-operator, nfs-subdir-external-provisioner, actions-runner-controller, nova,...
Ingress-NGINX Controller < 1.13.9 / 1.14.x < 1.14.5 / 1.15.x < 1.15.1 Configuration Injection
The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.9, 1.14.5, or 1.15.1. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject...
Resource Injection
Overview Affected versions of this package are vulnerable to Resource Injection via the buildProxyPass function. An attacker can execute arbitrary code and access sensitive information by injecting malicious configuration into the nginx controller process. Remediation Upgrade...
GHSA-84XH-PWC6-7G4G vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2025-23419 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2025-23419 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...
GHSA-84XH-PWC6-7G4G vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, ingress-nginx-controller-fips...
Ingress-NGINX Controller < 1.13.7 / 1.14.x < 1.14.3 Multiple Vulnerabilities
The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.7 or 1.14.3. It is, therefore, affected by multiple vulnerabilities: - A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject...
CLEANSTART-2026-OJ41940 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines
Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...
CVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...
CVE-2020-7621
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the 'nginxCmd' function...
EUVD-2021-10136
Malware in sbrugna...
EUVD-2020-27064
Malware in sbrugna...
EUVD-2020-20234
Malware in sbrugna...
EUVD-2020-27055
Malware in sbrugna...
EUVD-2020-27063
Malware in sbrugna...