1406 matches found
GHSA-3M87-5598-2V4F vulnerabilities
Vulnerabilities for packages: prometheus, node-problem-detector-fips, grafana, istio-fips...
CVE-2025-22868 affecting package prometheus for versions less than 2.45.4-8
CVE-2025-22868 affecting package prometheus for versions less than 2.45.4-8. A patched version of the package is available...
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is available...
GHSA-QXP5-GWG8-XV66 vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, crossplane-provider-aws-eks, terraform-provider-pagerduty-fips, skopeo, opentofu, go-discover, cert-manager-istio-csr, kuberay-operator-fips, flux-fips, datadog-agent, gh, harbor-scanner-trivy-fips, kubernetes-csi-livenessprobe,...
AZL-58472 CVE-2025-22870 affecting package prometheus for versions less than 2.45.4-12
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58422 CVE-2025-22870 affecting package prometheus-node-exporter for versions less than 1.7.0-3
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
AZL-58413 CVE-2025-22870 affecting package prometheus-process-exporter for versions less than 0.8.2-2
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
Linux Distros Unpatched Vulnerability : CVE-2022-21698
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and...
Linux Distros Unpatched Vulnerability : CVE-2023-40577
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the...
Linux Distros Unpatched Vulnerability : CVE-2022-46146
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and...
An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c.
...
AZL-57335 CVE-2025-22868 affecting package prometheus for versions less than 2.45.4-10
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: nri-discovery-kubernetes, gops, smarter-device-manager, kubernetes-dashboard-metrics-scraper, vault-k8s, direnv, cluster-proportional-autoscaler, kyverno-policy-reporter-kyverno-plugin, dynamic-localpv-provisioner, esbuild, prometheus-blackbox-exporter, nri-mongodb,...
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: nri-discovery-kubernetes, gops, smarter-device-manager, kubernetes-dashboard-metrics-scraper, vault-k8s, direnv, cluster-proportional-autoscaler, kyverno-policy-reporter-kyverno-plugin, dynamic-localpv-provisioner, esbuild, prometheus-blackbox-exporter, nri-mongodb,...
GHSA-3WHM-J4XM-RV8X vulnerabilities
Vulnerabilities for packages: gostatsd, git-sync, smarter-device-manager, crossplane-provider-aws-kms, protoc-gen-go, cluster-proportional-autoscaler, crossplane-provider-aws-dynamodb, prometheus-blackbox-exporter, kbld, secrets-store-csi-driver-provider-aws, extism, aws-application-networking-k8...
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: gostatsd, smarter-device-manager, protoc-gen-go, cluster-proportional-autoscaler, prometheus-blackbox-exporter, secrets-store-csi-driver-provider-aws, prometheus-adapter, extism, boring-registry, fq, nri-kubernetes, kube-state-metrics, bom, cni-plugins, sops, tflint,...
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: configmap-reload-fips, amass, bazelisk, falco, vt-cli, etcd, local-path-provisioner, rqlite, cluster-proportional-autoscaler, prometheus-beat-exporter-fips, tigera-operator-fips, dataplaneapi, flux, prometheus-pushgateway, kubernetes-csi-livenessprobe, cortex,...
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: configmap-reload-fips, amass, bazelisk, falco, vt-cli, etcd, local-path-provisioner, rqlite, cluster-proportional-autoscaler, prometheus-beat-exporter-fips, tigera-operator-fips, dataplaneapi, flux, prometheus-pushgateway, kubernetes-csi-livenessprobe, cortex,...
GHSA-J7VJ-RW65-4V26 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-eks, mockgen, bazelisk, skopeo, nri-postgresql, kserve-rest-proxy, kubernetes-csi-livenessprobe, flux-fips, datadog-agent, gh, harbor-scanner-trivy-fips, prometheus-statsd-exporter-fips, cert-exporter-fips, s5cmd, falcosidekick, thanos-operato...
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: skopeo, kubernetes-csi-livenessprobe, prometheus-statsd-exporter-fips, harbor-scanner-trivy-fips, cert-exporter-fips, s5cmd, falcosidekick, aws-flb-firehose-fips, pulumi-language-yaml, vault-k8s, gitness, wavefront-collector-for-kubernetes, local-static-provisioner,...