106 matches found
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: backup-restore-operator, telegraf, k3s, coder, seaweedfs-rocksdb, cloud-provider-aws, kubescape-server, gitlab-kas, kubescape-server-fips, loki, prometheus-mongodb-exporter, osv-scanner, kubernetes-dashboard, knative-eventing-fips, opentofu, gitlab-rails-ce-fips,...
GHSA-9M57-25V3-79X9 vulnerabilities
Vulnerabilities for packages: backup-restore-operator, telegraf, k3s, cloud-provider-aws, packer, gitlab-kas, loki, prometheus-mongodb-exporter, kubernetes-dashboard, knative-eventing-fips, teleport-operator-fips, opentofu, gitlab-rails-ce-fips, docker-cli-buildx, opentofu-fips, commercial-grafan...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: backup-restore-operator, tkn, telegraf, crossplane-provider-azure-search, coder, k3s, seaweedfs-rocksdb, cloud-provider-aws, atlantis, kubescape-server, vault-fips, flux-notification-controller-fips, jfrog-cli, packer, juicefs, gitlab-kas, kubescape-server-fips, gh,...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: backup-restore-operator, telegraf, k3s, cloud-provider-aws, kubescape-server, packer, jfrog-cli, gitlab-kas, kubescape-server-fips, loki, prometheus-mongodb-exporter, osv-scanner, kubernetes-dashboard, knative-eventing-fips, teleport-operator-fips, opentofu,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: backup-restore-operator, telegraf, k3s, coder, seaweedfs-rocksdb, cloud-provider-aws, kubescape-server, gitlab-kas, kubescape-server-fips, loki, prometheus-mongodb-exporter, osv-scanner, kubernetes-dashboard, knative-eventing-fips, opentofu,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: scorecard, podman, rancher, kargo, hcloud, flux-source-controller, falcoctl, step-issuer, vitess, flux-notification-controller, steampipe, gatus, istio, prometheus, caddy, melange, loki, gitlab-runner, argo-events, act, grype, openbao, pulumi-kubernetes-operator,...
GHSA-Q7J3-V8QV-22VQ OpenTofu: Possible arbitrary file read during certain git operations via a maliciously crafted URL
Impact Possible data exposure. Summary While downloading packages from a maliciously crafted URL, some git operations against that URL could allow arbitrary file read. This might allow disclosure of confidential information. Details OpenTofu relies on go-getter for downloading packages like...
GHSA-PXH5-6RRC-8RJV vulnerabilities
Vulnerabilities for packages: opentofu...
GHSA-PXH5-6RRC-8RJV vulnerabilities
Vulnerabilities for packages: opentofu-fips, opentofu...
GHSA-PXH5-6RRC-8RJV OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server
Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...
OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server
Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...
CLEANSTART-2026-GY48351 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-CN84623 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-MI12470 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-SO13464 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the opentofu-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-auth, teleport, percona-server-mongodb-operator, trufflehog, xeol, cert-manager, rancher, flux-source-controller, juicefs, external-secrets-operator, frp, kyverno, terraform, dex, cert-manager-cmctl, bento, opentofu, rancher-webhook, yunikorn-k8shim,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: sftpgo-plugin-auth, teleport, percona-server-mongodb-operator, trufflehog, xeol, cert-manager, rancher, flux-source-controller, juicefs, external-secrets-operator, frp, kyverno, terraform, dex, cert-manager-cmctl, bento, opentofu, rancher-webhook, yunikorn-k8shim,...
OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses
Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or deadlock when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...
CVE-2026-4660 vulnerabilities
Vulnerabilities for packages: xeol, trivy, kots, steampipe, terraform, wolfictl, conftest, opentofu, tfsec, tflint, task, zot, grype, snyk-cli, k9s, zarf, kubescape, terragrunt, syft, trivy-operator...
GHSA-92MM-2PJQ-R785 vulnerabilities
Vulnerabilities for packages: xeol, trivy, kots, steampipe, terraform, wolfictl, conftest, opentofu, tfsec, tflint, task, zot, grype, snyk-cli, k9s, zarf, kubescape, terragrunt, syft, trivy-operator...