BIT-ENVOY-GATEWAY-2025-24030 Envoy Admin Interface Exposed through prometheus metrics endpoint

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack to execute Envoy Admin interface commands on proxies managed by any version of Envoy Gateway prior...

CVE-2025-9566 vulnerabilities

Vulnerabilities for packages: prometheus-podman-exporter, prometheus-podman-exporter-fips, falco...

GHSA-WP3J-XQ48-XPJW vulnerabilities

Vulnerabilities for packages: prometheus-podman-exporter, prometheus-podman-exporter-fips, falco...

Linux Distros Unpatched Vulnerability : CVE-2019-3826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored, DOM based, cross-site scripting XSS flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated...

MAL-2025-41719 Malicious code in prometheus-api-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in prometheus-api-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Linux Distros Unpatched Vulnerability : CVE-2022-4289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2...

Linux Distros Unpatched Vulnerability : CVE-2023-1733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to...

Linux Distros Unpatched Vulnerability : CVE-2020-16248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both...

Linux Distros Unpatched Vulnerability : CVE-2021-29622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless...

ROS-20250822-10

Vulnerability in clientgolang library of Prometheus event monitoring and notification application is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2021-22178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnerable to SRRF attack through the Prometheus integration...

Linux Distros Unpatched Vulnerability : CVE-2022-3613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15....

Linux Distros Unpatched Vulnerability : CVE-2021-22166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method CVE-2021-22166 Note that Nessus relies...

Malicious code in prometheus-stats-library (npm)

The package prometheus-stats-library was found to contain malicious code...

MAL-2025-30729 Malicious code in prometheus-stats-library (npm)

The package prometheus-stats-library was found to contain malicious code...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: falcoctl, rancher-telemetry, kubescape-operator, zot, kapp-controller, kpt, boring-registry, rancher-fleet, docker-machine-driver-harvester, influx, crossplane-provider-azure-managedidentity, kube-metrics-adapter, cluster-proportional-autoscaler, verticadb-operator,...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: victoriametrics-operator, cluster-autoscaler-fips, kube-metrics-adapter, databricks-cli, eks-distro, cluster-api-gcp-controller, victoriametrics-cluster, gitaly, mcp-grafana-fips, k9s, chainctl, kubernetes-csi-external-provisioner-fips, gitea, kine, fixuid, mattermos...

CVE-2025-54388 vulnerabilities

Vulnerabilities for packages: falcoctl, osv-scanner, k9s, telegraf, apko, trufflehog, zot, grype, buildkitd, kargo, nerdctl, opentelemetry-collector-contrib, wolfictl, syft, splunk-otel-collector, opentelemetry-collector, aws-otel-collector, tw, docker-compose, openfga, dagger, zarf, cadvisor,...

GHSA-X4RX-4GW3-53P4 vulnerabilities

Vulnerabilities for packages: falcoctl, osv-scanner, k9s, telegraf, apko, trufflehog, zot, grype, buildkitd, kargo, nerdctl, opentelemetry-collector-contrib, wolfictl, syft, splunk-otel-collector, opentelemetry-collector, aws-otel-collector, tw, docker-compose, openfga, dagger, zarf, cadvisor,...