99 matches found
GHSA-PXH5-6RRC-8RJV vulnerabilities
Vulnerabilities for packages: opentofu...
GHSA-PXH5-6RRC-8RJV vulnerabilities
Vulnerabilities for packages: opentofu-fips, opentofu...
GHSA-PXH5-6RRC-8RJV OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server
Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...
OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server
Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...
CLEANSTART-2026-CN84623 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-GY48351 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-MI12470 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-SO13464 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the opentofu-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: k6, dex, cert-manager, xeol, cert-manager-cmctl, minio, rancher-webhook, kyverno, zot, kyverno-notation-aws, external-secrets-operator, opentofu, spqr, harbor, openbao, rancher-agent, sftpgo-plugin-auth, yunikorn-k8shim, flux, gitea, percona-server-mongodb-operator,...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: k6, dex, cert-manager, xeol, cert-manager-cmctl, minio, rancher-webhook, kyverno, zot, kyverno-notation-aws, external-secrets-operator, opentofu, spqr, harbor, openbao, rancher-agent, sftpgo-plugin-auth, yunikorn-k8shim, flux, gitea, percona-server-mongodb-operator,...
OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses
Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or deadlock when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...
GHSA-92MM-2PJQ-R785 vulnerabilities
Vulnerabilities for packages: kots, wolfictl, xeol, zot, terragrunt, zarf, trivy-operator, trivy, grype, kubescape, opentofu, tflint, steampipe, tfsec, k9s, syft, terraform, conftest, snyk-cli, task...
CVE-2026-4660 vulnerabilities
Vulnerabilities for packages: kots, wolfictl, xeol, zot, terragrunt, zarf, trivy-operator, trivy, grype, kubescape, opentofu, tflint, steampipe, tfsec, k9s, syft, terraform, conftest, snyk-cli, task...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: helm, secrets-store-csi-driver, filebrowser, emissary, lvm-driver, wave, bento, tetragon, kyverno, spire-server, aws-flb-firehose, kubernetes-csi-driver-nfs, cluster-api-provider-vsphere, envoy-gateway, istio, trivy-operator, datadog-agent, vault-benchmark,...
CVE-2026-39882 vulnerabilities
Vulnerabilities for packages: opentofu-fips, livekit-server, kiali, cerbos, gatekeeper-fips, opentelemetry-operator-fips, grafana-rollout-operator-fips, envoy-ratelimit-fips, opentelemetry-collector, prometheus, terragrunt-fips, knative-serving-fips, dapr, hydra, prometheus-alertmanager-fips,...
GHSA-W8RR-5GCM-PP58 vulnerabilities
Vulnerabilities for packages: opentofu-fips, livekit-server, kiali, cerbos, gatekeeper-fips, opentelemetry-operator-fips, grafana-rollout-operator-fips, envoy-ratelimit-fips, opentelemetry-collector, prometheus, terragrunt-fips, knative-serving-fips, dapr, hydra, prometheus-alertmanager-fips,...
CLEANSTART-2026-AD71344 Security fixes for CVE-2024-10005, CVE-2024-10006, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.10.7-r1, 1.10.9-r0, 1.10.9-r1, 1.10.9-r2, 1.10.9-r3, 1.9.4-r0
Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-DP35743 Security fixes for CVE-2024-10005, CVE-2024-10006, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24051, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.7.10-r0, 1.7.10-r1, 1.7.10-r2, 1.7.10-r3, 1.9.4-r0
Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-OM95908 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-qxp5-gwg8-xv66, ghsa-r92c-9c7f-3pj8, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.10.7-r1, 1.11.4-r0, 1.11.5-r0, 1.11.5-r1, 1.11.5-r2, 1.9.4-r0
Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-GU55430 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-9h8m-3fm2-qjrq, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.9.4-r0, 1.9.4-r1, 1.9.4-r2, 1.9.4-r3
Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...