CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: grafana-mimir, terraform-provider-time, openbao, dgraph, yace, govulncheck, crossplane-provider-keycloak, multus-cni, spire-controller-manager, secrets-store-csi-driver-provider-azure, boring-registry, smokescreen, croc, crossplane-provider-gcp, opentelemetry-operato...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: flux-helm-controller-fips, http-echo, dockerize, crossplane-provider-aws-rolesanywhere-fips, kubeflow-fips, prometheus-nats-exporter, cue, spqr, crossplane-function-auto-ready, tigera-operator-fips, azure-workload-identity-webhook, omnibump, cortex,...

CLEANSTART-2026-MQ21261 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142 applied in versions: 1.5.1-r0, 1.5.1-r1, 1.5.1-r2, 1.5.1-r3

Multiple security vulnerabilities affect the vertical-pod-autoscaler package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: sops, wolfictl, grafana-mimir, linkerd2, pulumi-language-java, trivy-operator, zot, crossplane-provider-aws-kms, azure-service-operator, cluster-api-azure-controller, kyverno-policy-reporter, ksops, cert-manager-webhook-pdns, mattermost, pluto, cilium-cli,...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: sops, wolfictl, grafana-mimir, linkerd2, pulumi-language-java, trivy-operator, zot, crossplane-provider-aws-kms, azure-service-operator, cluster-api-azure-controller, kyverno-policy-reporter, ksops, cert-manager-webhook-pdns, mattermost, pluto, cilium-cli,...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-efs, apko, crossplane-provider-aws-rolesanywhere-fips, crossplane-provider-terraform, fleet-server-fips, apache-beam-python-3.11-sdk, kube-rbac-proxy-fips, dex-fips, crossplane-provider-aws-lambda, crossplane-provider-aws-cloudwatchlogs-fips,...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-efs, apko, crossplane-provider-aws-rolesanywhere-fips, crossplane-provider-terraform, fleet-server-fips, apache-beam-python-3.11-sdk, kube-rbac-proxy-fips, dex-fips, crossplane-provider-aws-lambda, crossplane-provider-aws-cloudwatchlogs-fips,...

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: wolfictl, grafana-mimir, grype, terraform-provider-time, openbao, sftpgo-plugin-kms, dgraph, gomplate, yace, govulncheck, crossplane-provider-keycloak, spire-controller-manager, juicefs, secrets-store-csi-driver-provider-azure, boring-registry, rekor, smokescreen,...

GHSA-H355-32PF-P2XM vulnerabilities

Vulnerabilities for packages: wolfictl, grafana-mimir, grype, terraform-provider-time, openbao, sftpgo-plugin-kms, dgraph, gomplate, yace, govulncheck, crossplane-provider-keycloak, spire-controller-manager, juicefs, secrets-store-csi-driver-provider-azure, boring-registry, rekor, smokescreen,...

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: confluent-cp-docker-utils, wolfictl, grafana-mimir, grype, terraform-provider-time, openbao, sftpgo-plugin-kms, velero-plugin-for-csi, dgraph, gomplate, yace, govulncheck, crossplane-provider-keycloak, multus-cni, spire-controller-manager, juicefs,...

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: flux-helm-controller-fips, http-echo, kubeflow-fips, cue, spqr, crossplane-function-auto-ready, fulcio-fips, sealed-secrets, tigera-operator-fips, azure-workload-identity-webhook, cortex, kubernetes-csi-node-driver-registrar-fips, local-static-provisioner-fips,...

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: flux-helm-controller-fips, http-echo, kubeflow-fips, cue, spqr, crossplane-function-auto-ready, fulcio-fips, sealed-secrets, tigera-operator-fips, azure-workload-identity-webhook, cortex, kubernetes-csi-node-driver-registrar-fips, local-static-provisioner-fips,...

GHSA-8JVR-VH7G-F8GX vulnerabilities

Vulnerabilities for packages: flux-helm-controller-fips, http-echo, kubeflow-fips, cue, spqr, crossplane-function-auto-ready, fulcio-fips, sealed-secrets, tigera-operator-fips, azure-workload-identity-webhook, cortex, kubernetes-csi-node-driver-registrar-fips, local-static-provisioner-fips,...

CLEANSTART-2026-UM63521 Within HostnameError

Multiple security vulnerabilities affect the vertical-pod-autoscaler-fips package. Within HostnameError. See references for individual vulnerability details...

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: grafana-mimir, grype, ratify, terraform-provider-time, openbao, sftpgo-plugin-kms, dgraph, gomplate, temporal-server, govulncheck, crossplane-provider-keycloak, multus-cni, headlamp, spire-controller-manager, juicefs, secrets-store-csi-driver-provider-azure,...

CVE-2025-58186 vulnerabilities

Vulnerabilities for packages: runc, sops, terraform-provider-time, grafana-pyroscope, secrets-store-csi-driver-provider-aws, vault-secrets-webhook, velero-plugin-for-csi, dask-gateway, ko, aws-signer-notation-plugin, govulncheck, metrics-server, terraform-provider-sendgrid, http-echo,...

CVE-2025-58185 vulnerabilities

Vulnerabilities for packages: runc, sops, terraform-provider-time, grafana-pyroscope, secrets-store-csi-driver-provider-aws, vault-secrets-webhook, velero-plugin-for-csi, dask-gateway, ko, aws-signer-notation-plugin, govulncheck, metrics-server, terraform-provider-sendgrid, http-echo,...

CVE-2025-58188 vulnerabilities

Vulnerabilities for packages: runc, sops, terraform-provider-time, grafana-pyroscope, secrets-store-csi-driver-provider-aws, vault-secrets-webhook, velero-plugin-for-csi, dask-gateway, ko, aws-signer-notation-plugin, govulncheck, metrics-server, terraform-provider-sendgrid, http-echo,...

CVE-2025-47912 vulnerabilities

Vulnerabilities for packages: runc, sops, terraform-provider-time, grafana-pyroscope, secrets-store-csi-driver-provider-aws, vault-secrets-webhook, velero-plugin-for-csi, dask-gateway, ko, aws-signer-notation-plugin, govulncheck, metrics-server, terraform-provider-sendgrid, http-echo,...

GHSA-FRHW-MQJ2-WXW2 vulnerabilities

Vulnerabilities for packages: terraform-provider-time, velero-plugin-for-csi, dgraph, yace, govulncheck, spire-controller-manager, juicefs, boring-registry, rekor, smokescreen, prometheus-alertmanager, envconsul, lazydocker, flux-operator, kube-state-metrics, skaffold, gatekeeper, buildkitd,...