1398 matches found
Prometheus 安全漏洞
Prometheus is an open-source software developed in the Go language, used to create real-time metric databases built using the HTTP pull model. Versions 3.0 to 3.5.1 and 3.6.0 to 3.11.1 of Prometheus contain security vulnerabilities. These vulnerabilities stem from a storage-side cross-site...
CLEANSTART-2026-WA14162 Delete function fails to properly validate offsets when processing malformed JSON input
Multiple security vulnerabilities affect the prometheus package. The Delete function fails to properly validate offsets when processing malformed JSON input. See references for individual vulnerability details...
GHSA-VFFH-X6R8-XX99 Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer
Impact Stored cross-site scripting XSS via crafted metric names in the Prometheus web UI: Old React UI + New Mantine UI: When a user hovers over a chart tooltip on the Graph page, metric names containing HTML/JavaScript are injected into innerHTML without escaping, causing arbitrary script...
PT-2026-32579
Name of the Vulnerable Software and Affected Versions Prometheus versions 3.0 through 3.5.1 Prometheus versions 3.6.0 through 3.11.1 Description Stored cross-site scripting exists in multiple components of the Prometheus web UI, specifically within the Mantine UI and the old React UI. The issue...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: flannel, slsa-verifier, vexctl, vault-benchmark, docker-machine-driver-harvester, xeol, argo-rollouts, cue, kubescape-operator, aws-node-termination-handler, crossplane-provider-azure-authorization, ingress-nginx-controller, cluster-api-provider-vsphere,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: flannel, slsa-verifier, vexctl, postgres-operator, kargo, dataplaneapi, kine, falco-no-driver, terraform-provider-azapi, aws-flb-kinesis, polaris, bazelisk, aws-sigv4-proxy, kots, nri-nginx, knative-eventing, prometheus, kubernetes-dashboard-metrics-scraper,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: flannel, slsa-verifier, vexctl, postgres-operator, kargo, dataplaneapi, kine, falco-no-driver, terraform-provider-azapi, aws-flb-kinesis, polaris, bazelisk, aws-sigv4-proxy, kots, nri-nginx, knative-eventing, prometheus, kubernetes-dashboard-metrics-scraper,...
GHSA-JRG3-GFJW-HM96 vulnerabilities
Vulnerabilities for packages: flannel, slsa-verifier, vexctl, postgres-operator, kargo, dataplaneapi, kine, falco-no-driver, terraform-provider-azapi, aws-flb-kinesis, polaris, bazelisk, aws-sigv4-proxy, kots, nri-nginx, knative-eventing, prometheus, kubernetes-dashboard-metrics-scraper,...
CVE-2026-32289 vulnerabilities
Vulnerabilities for packages: flannel, slsa-verifier, vexctl, vault-benchmark, docker-machine-driver-harvester, xeol, argo-rollouts, cue, kubescape-operator, aws-node-termination-handler, crossplane-provider-azure-authorization, ingress-nginx-controller, cluster-api-provider-vsphere,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: zot, extism, podman, rancher-fleet, ipfs-cluster, malcontent, helm-diff-fips, flux-source-watcher, helm, kyverno-fips, spegel-fips, docker-cli-buildx, keda-fips, dex, harbor-fips, azuredisk-csi-fips, dex-fips, kubescape-server-fips, kbld, syft, tekton-chains-fips,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: zot, extism, podman, rancher-fleet, ipfs-cluster, malcontent, helm-diff-fips, flux-source-watcher, helm, kyverno-fips, spegel-fips, docker-cli-buildx, keda-fips, dex, harbor-fips, azuredisk-csi-fips, dex-fips, kubescape-server-fips, kbld, syft, tekton-chains-fips,...
CVE-2026-32289 vulnerabilities
Vulnerabilities for packages: agentbeat, zot, rancher-support-bundle-kit, minio-object-browser-fips, terraform-provider-sendgrid, k8ssandra-operator-fips, grafana-rollout-operator, rancher-fleet, wave, helm-diff-fips, helm, sftpgo-plugin-eventsearch, dex-k8s-authenticator, kyverno-fips,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: agentbeat, zot, rancher-support-bundle-kit, minio-object-browser-fips, terraform-provider-sendgrid, k8ssandra-operator-fips, grafana-rollout-operator, rancher-fleet, wave, helm-diff-fips, helm, sftpgo-plugin-eventsearch, dex-k8s-authenticator, kyverno-fips,...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: agentbeat, nri-discovery-kubernetes, aws-sigv4-proxy-fips, nri-discovery-kubernetes-fips, extism, tw, jupyterhub-k8s-image-awaiter-fips, podman, terraform-provider-sendgrid, k8ssandra-operator-fips, grafana-rollout-operator, ipfs-cluster, wave, gotestsum,...
GHSA-GJVH-7JH8-7XHM vulnerabilities
Vulnerabilities for packages: agentbeat, nri-discovery-kubernetes, zot, aws-sigv4-proxy-fips, cilium-certgen, extism, nri-discovery-kubernetes-fips, rancher-support-bundle-kit, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips, podman, terraform-provider-sendgrid,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: agentbeat, nri-discovery-kubernetes, zot, aws-sigv4-proxy-fips, cilium-certgen, extism, nri-discovery-kubernetes-fips, rancher-support-bundle-kit, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips, podman, terraform-provider-sendgrid,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: agentbeat, nri-discovery-kubernetes, zot, aws-sigv4-proxy-fips, cilium-certgen, extism, nri-discovery-kubernetes-fips, rancher-support-bundle-kit, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips, podman, terraform-provider-sendgrid,...
GHSA-JRG3-GFJW-HM96 vulnerabilities
Vulnerabilities for packages: agentbeat, nri-discovery-kubernetes, zot, aws-sigv4-proxy-fips, cilium-certgen, extism, nri-discovery-kubernetes-fips, rancher-support-bundle-kit, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips, podman, terraform-provider-sendgrid,...
CLEANSTART-2026-JT73156 protojson
Multiple security vulnerabilities affect the prometheus-node-exporter package. The protojson. See references for individual vulnerability details...
CLEANSTART-2026-DK61762 filippo
Multiple security vulnerabilities affect the prometheus-mysqld-exporter package. filippo. See references for individual vulnerability details...