128 matches found
CVE-2026-48758 vulnerabilities
Vulnerabilities for packages: pulumi...
GHSA-JFC7-64V2-MR8C vulnerabilities
Vulnerabilities for packages: pulumi...
CVE-2026-48758 vulnerabilities
Vulnerabilities for packages: pulumi...
GHSA-JFC7-64V2-MR8C vulnerabilities
Vulnerabilities for packages: pulumi...
GHSA-VGWF-H737-FF37 vulnerabilities
Vulnerabilities for packages: seaweedfs-rocksdb-fips, terragrunt, amazon-ssm-agent, podman, pulumi, wolfictl, peerdb-flow, grype-db, prometheus-podman-exporter-fips, podman-fips, pulumi-kubernetes-operator, frankenphp-8.5, osv-scanner, containerd, cloud-provider-aws, prometheus-operator, telegraf...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-servicediscovery, crossplane-provider-aws-sqs, crossplane-provider-aws-networkmanager, terragrunt, wolfictl, crossplane-provider-azure-servicelinker, peerdb-flow, prometheus-podman-exporter-fips, crossplane-provider-aws-rolesanywhere-fips,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-servicediscovery, crossplane-provider-aws-sqs, crossplane-provider-aws-networkmanager, terragrunt, wolfictl, crossplane-provider-azure-servicelinker, peerdb-flow, prometheus-podman-exporter-fips, crossplane-provider-aws-rolesanywhere-fips,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, rootlesskit, gomplate, opentelemetry-collector, loki, pulumi, grype, chisel, pulumi-language-yaml, docker-cli-buildx, flux-kustomize-controller, policy-controller, eksctl, glab, kargo, tekton-chains, gitea, minio, kaf, ko, atlantis, kyvern...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, rootlesskit, gomplate, opentelemetry-collector, loki, pulumi, grype, chisel, crossplane-provider-aws-route53, pulumi-language-yaml, docker-cli-buildx, flux-kustomize-controller, crossplane-provider-aws-kms, policy-controller, eksctl, glab,...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: helm, istio, osv-scanner, pulumi-kubernetes-operator, dagger, cert-manager, gomplate, chezmoi, mattermost, opentelemetry-collector, loki, splunk-otel-collector, teleport, flux-source-controller, pulumi, grype, knative-serving, opentofu, cloud-provider-aws, nfpm,...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, gomplate, opentelemetry-collector, loki, pulumi, grype, pulumi-language-yaml, docker-cli-buildx, gitea, minio, kaf, kyverno, telegraf, snyk-cli, nuclei, act, zot, kubernetes-dashboard, cilium, docker-machine-driver-harvester, prometheus,...
@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...
GHSA-RHGJ-6G2C-FRMM @hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...
PT-2026-48479
Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-693 Protection Mechanism Failure Summary AccountFoundation can either create AWS detective services GuardDuty for threat detection, Security Hub for compliance dashboards or reuse pre-existing ones via opt-in flags. The...
Malicious code in pulumi-vcd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...
MAL-2026-4763 Malicious code in pulumi-vcd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...
GHSA-JVWF-75H9-CWGG vulnerabilities
Vulnerabilities for packages: renovate, pulumi, vitess, kubeflow-centraldashboard...
GHSA-75PX-5XX7-5XC7 vulnerabilities
Vulnerabilities for packages: renovate, pulumi, vitess, kubeflow-centraldashboard...
CVE-2026-44289 vulnerabilities
Vulnerabilities for packages: renovate, pulumi, vitess, kubeflow-centraldashboard...
CVE-2026-44293 vulnerabilities
Vulnerabilities for packages: renovate, pulumi, vitess, kubeflow-centraldashboard...