GHSA-2388-JP8V-FG9W vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller...

CVE-2026-52943

In the Linux kernel, the following vulnerability has been resolved: n...

CVE-2026-52924

In the Linux kernel, the following vulnerability has been resolved: s...

CVE-2026-9539

An out-of-bounds heap read and integer underflow in the TCP urgent dat...

CVE-2026-56117

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

GHSA-M25M-5778-FM22 vulnerabilities

Vulnerabilities for packages: grafana-fips...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

CVE-2026-9669 vulnerabilities

Vulnerabilities for packages: python...

GHSA-VMHF-C436-HXJ4 vulnerabilities

Vulnerabilities for packages: tensorflow-gpu-jupyter...

CVE-2026-54905 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby4.0-rails, kube-fluentd-operator, ruby3.3-rails, ruby3.4-rails...

CVE-2026-54904 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby4.0-rails, kube-fluentd-operator, ruby3.3-rails, ruby3.4-rails...

GHSA-WFQX-GJRF-G28R vulnerabilities

Vulnerabilities for packages: crossplane...

CVE-2026-46083 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46083 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

GHSA-35P6-XMWP-9G52 vulnerabilities

Vulnerabilities for packages: npm, code-server...

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

CVE-2026-54280

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

CVE-2026-54276

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

CVE-2026-56109

The Advanced Linux Sound Architecture ALSA library before 1.2.16.1 contains a double-free vulnerability in parsedef in src/conf.c that allows attackers to corrupt memory by supplying maliciously crafted ALSA configuration text. When parsing nested compound or array configuration blocks, parsedef...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...