41 matches found
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: helm, nfs-subdir-external-provisioner, secrets-store-csi-driver-provider-gcp, secrets-store-csi-driver, tetragon, liquibase-package-manager, cluster-api-provider-vsphere, logstash-exporter, pvc-autoresizer, chartmuseum, kube-metrics-adapter, steampipe,...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: fulcio-fips, opentofu-fips, gatekeeper-fips, newrelic-infrastructure-agent, agentbeat, chaos-mesh-fips, crossplane-fips, kubernetes, tfsec, ceph-csi-operator-fips, cilium-fips, tetragon-fips, prometheus-alertmanager-fips, sftpgo, chronyexporter-fips,...
GHSA-J3GX-2473-5FP8 vulnerabilities
Vulnerabilities for packages: fulcio-fips, nri-redis, opentofu-fips, git-sync, php-fpmexporter, rabbitmq-default-user-credential-updater, gatekeeper-fips, vertical-pod-autoscaler-fips, kubelet-csr-approver-fips, opentelemetry-collector, newrelic-infrastructure-agent, yace, agentbeat,...
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: fulcio-fips, nri-redis, opentofu-fips, git-sync, php-fpmexporter, rabbitmq-default-user-credential-updater, gatekeeper-fips, vertical-pod-autoscaler-fips, kubelet-csr-approver-fips, opentelemetry-collector, newrelic-infrastructure-agent, yace, agentbeat,...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: fulcio-fips, nri-redis, opentofu-fips, git-sync, php-fpmexporter, rabbitmq-default-user-credential-updater, gatekeeper-fips, vertical-pod-autoscaler-fips, kubelet-csr-approver-fips, opentelemetry-collector, newrelic-infrastructure-agent, yace, agentbeat,...
GHSA-9H8M-3FM2-QJRQ vulnerabilities
Vulnerabilities for packages: fulcio-fips, opentofu-fips, gatekeeper-fips, tfsec, ceph-csi-operator-fips, sftpgo, scorecard, telegraf, flux-notification-controller-fips, azure-service-operator, coredns, docker-compose-fips, gogatekeeper, kyverno-policy-reporter-plugins-kyverno-fips, kubevela-fips...
PT-2026-3780
Name of the Vulnerable Software and Affected Versions Pyroscope versions prior to 1.15.2 Pyroscope versions prior to 1.16.1 Description When configured to use Tencent Cloud Object Storage COS as the storage backend, the Pyroscope API may expose the secret key configuration value. An attacker with...
Exposure of Storage Secret in Pyroscope
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
CVE-2025-61727 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver, grafana-pyroscope, opentofu, harbor-scanner-trivy, kubelet-csr-approver, paranoia, gitea, prometheus-operator, kube-metrics-adapter, helm-push, rancher-helm, steampipe, slsa-verifier, cert-manager-webhook-pdns, newrelic-nri-kube-events,...
GHSA-5MH9-3JWC-RP59 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver, grafana-pyroscope, opentofu, harbor-scanner-trivy, kubelet-csr-approver, paranoia, gitea, prometheus-operator, kube-metrics-adapter, helm-push, rancher-helm, steampipe, slsa-verifier, cert-manager-webhook-pdns, newrelic-nri-kube-events,...
GHSA-5MH9-3JWC-RP59 vulnerabilities
Vulnerabilities for packages: opentofu-fips, php-fpmexporter, vertical-pod-autoscaler-fips, gatekeeper-fips, opentelemetry-collector, newrelic-infrastructure-agent, crossplane-fips, sonobuoy-fips, ceph-csi-operator-fips, flux-helm-controller-fips, cilium-fips, tetragon-fips, telegraf,...
CVE-2025-54576 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope...
GHSA-7RH7-C77V-6434 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope...
GHSA-7RH7-C77V-6434 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope...
CVE-2025-54576 vulnerabilities
Vulnerabilities for packages: grafana-pyroscope...
Malicious code in pyroscope-nodejs (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f63660c0844969995da8de5a83535772031d00f3247e8cbb5a40addbc21a234 Any computer that has this package installed or running should be considered...
MAL-2025-5535 Malicious code in pyroscope-nodejs (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f63660c0844969995da8de5a83535772031d00f3247e8cbb5a40addbc21a234 Any computer that has this package installed or running should be considered...
Malicious code in grafana-pyroscope (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60f047f0a854cfa17b3119b25caf2e1a95069686aa77470689c2cfb55cddf1e0 Any computer that has this package installed or running should be considered...
MAL-2025-5534 Malicious code in grafana-pyroscope (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60f047f0a854cfa17b3119b25caf2e1a95069686aa77470689c2cfb55cddf1e0 Any computer that has this package installed or running should be considered...
MAL-2025-235 Malicious code in pyroscope-oss (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78530d6378099081103c13a5d340a9c8562d2c041085a8c20893adb93bdd115d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...