824 matches found
ROOT-APP-NPM-CVE-2026-44902 CVE-2026-44902 in @rootio/opentelemetry__sdk-node - Patched by Root
Root has patched CVE-2026-44902 in the @rootio/opentelemetrysdk-node package for Root:npm. Multiple fixed versions available...
CVE-2026-59892 OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header
OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...
CVE-2026-59892
OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...
EUVD-2026-42324
OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...
PT-2026-56504
Name of the Vulnerable Software and Affected Versions @opentelemetry/propagator-jaeger versions prior to 2.9.0 Description The @opentelemetry/propagator-jaeger component decodes incoming uber-trace-id and uberctx- HTTP header values using the decodeURIComponent function without proper error...
opentelemetry-collector security update
An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpri...
ROOT-APP-MAVEN-CVE-2026-45292 CVE-2026-45292 in io.root.io.opentelemetry:opentelemetry-api - Patched by Root
Root has patched CVE-2026-45292 in the io.root.io.opentelemetry:opentelemetry-api package for Root:Maven. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-29181 CVE-2026-29181 in rootio-go.opentelemetry.io/otel - Patched by Root
Root has patched CVE-2026-29181 in the rootio-go.opentelemetry.io/otel package for Root:Go. Multiple fixed versions available...
RHSA-2026:34359 Red Hat Security Advisory: opentelemetry-collector security update
Bulletin has no description...
RHSA-2026:34357 Red Hat Security Advisory: opentelemetry-collector security update
Bulletin has no description...
CVE-2026-54704
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...
CVE-2026-54704
OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: opentelemetry-collector security update
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
PT-2026-54844
Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...
ALSA-2026:34359 Important: opentelemetry-collector security update
Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42154 github.com/prometheus/prometheus: Prometheus: Information...
CVE-2026-54285
A flaw was found in the @opentelemetry/core component of the OpenTelemetry JavaScript Client. This vulnerability allows a remote attacker to trigger uncontrolled memory allocation by sending oversized baggage HTTP headers. The system's inability to enforce size limits during inbound baggage parsi...
Malicious code in @epic-common/observability-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 73d7457ccefffe2de1f0464f21ac2eadfb981be593d2b34ceb0d5cde1174da0b Package targets the private @epic-common scope Epic Games and is published to the public npm registry as a dependency-confusion vehicle. On import of...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, coder-fips, kubernetes-dashboard, calico-fips, traefik, zarf-fips, argo-cd, argo-workflows-fips, reports-server, knative-serving-fips, aactl, mattermost-fips, rancher-agent, k9s, argo-workflows, spire-server, traefik-fips,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: flux, fscrypt, kubernetes-dashboard, k9s, argocd-image-updater, loki, mattermost, argo-cd, zarf, containerd, knative-serving, minio, trivy-operator, trivy, skaffold, flux-image-automation-controller, opentelemetry-collector, rancher, helm, cloud-provider-aws, kots,...