Prometheus exporter process crash via malformed HTTP request

Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...

GHSA-Q7RR-3CGH-J5R3 Prometheus exporter process crash via malformed HTTP request

Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...

Improper Handling of Exceptional Conditions

Overview @opentelemetry/exporter-prometheus is an OpenTelemetry Exporter Prometheus provides a metrics endpoint for Prometheus Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the PrometheusExporter process. An attacker can cause the process to...

0perator (>=0.1.0 <=0.3.0), 0pflow (>=0.1.0 <=0.1.0-dev.f5622ac) +1825 more potentially affected by CVE-2026-44902 via @opentelemetry/exporter-prometheus (>=0.10.2 <=0.216.0)

@opentelemetry/exporter-prometheus NPM version =0.10.2, =0.1.0, =0.1.0, =0.1.1, =0.0.1, =0.8.0, =0.1.1, =0.1.1, =0.1.1, =0.1.8, =0.1.5, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.3.4, =0.1.0, =0.4.0, =5.0.1-staging.f17326334 and more Source cves: CVE-2026-44902 Source...

PT-2026-39676

Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...

GHSA-3V2C-X6Q9-F697 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, crossplane-provider-azure-storagesync, minio-object-browser-fips, crossplane-provider-aws-mediapackage, k8ssandra-operator-fips, skopeo-fips, crossplane-provider-azure-security, skopeo,...

GHSA-2283-WF8C-RW8R vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, crossplane-provider-azure-storagesync, minio-object-browser-fips, crossplane-provider-aws-mediapackage, k8ssandra-operator-fips, skopeo-fips, crossplane-provider-azure-security, skopeo, helm-diff-fips,...

CVE-2026-39826 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, crossplane-provider-azure-storagesync, minio-object-browser-fips, crossplane-provider-aws-mediapackage, k8ssandra-operator-fips, skopeo-fips, crossplane-provider-azure-security, skopeo,...

CVE-2026-39823 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, crossplane-provider-azure-storagesync, minio-object-browser-fips, crossplane-provider-aws-mediapackage, k8ssandra-operator-fips, skopeo-fips, crossplane-provider-azure-security, skopeo, helm-diff-fips,...

GHSA-8G2R-HHVJ-MV99 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, aws-sigv4-proxy-fips, cilium-certgen, nri-discovery-kubernetes-fips, crossplane-provider-azure-storagesync, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips,...

GHSA-QC64-M6C2-V4X7 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, aws-sigv4-proxy-fips, cilium-certgen, nri-discovery-kubernetes-fips, tw, crossplane-provider-azure-storagesync, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips,...

CVE-2026-39817 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, aws-sigv4-proxy-fips, cilium-certgen, nri-discovery-kubernetes-fips, tw, crossplane-provider-azure-storagesync, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips,...

GHSA-5M4P-2GJX-P2G8 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, aws-sigv4-proxy-fips, cilium-certgen, nri-discovery-kubernetes-fips, tw, crossplane-provider-azure-storagesync, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips,...

CVE-2026-39819 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, aws-sigv4-proxy-fips, cilium-certgen, nri-discovery-kubernetes-fips, tw, crossplane-provider-azure-storagesync, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips,...

CVE-2026-42501 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, aws-sigv4-proxy-fips, cilium-certgen, nri-discovery-kubernetes-fips, tw, crossplane-provider-azure-storagesync, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips,...

CVE-2026-39836 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, aws-sigv4-proxy-fips, cilium-certgen, nri-discovery-kubernetes-fips, crossplane-provider-azure-storagesync, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips,...

GHSA-QF3Q-3H68-MMH2 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, zot, aws-sigv4-proxy-fips, cilium-certgen, nri-discovery-kubernetes-fips, tw, crossplane-provider-azure-storagesync, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, nova-fips,...

CVE-2026-33814 vulnerabilities

Vulnerabilities for packages: agentbeat, crossplane-provider-aws-organizations, nri-discovery-kubernetes, zot, aws-sigv4-proxy-fips, cilium-certgen, jaeger-operator, nri-discovery-kubernetes-fips, ocm-kubernetes-controller, rancher-support-bundle-kit, task-fips, crossplane-provider-aws-kms,...

Prometheus: remote read endpoint allows denial of service via crafted snappy payload

...

Prometheus Azure AD remote write OAuth client secret exposed via config API

...