24 matches found
GHSA-H74G-238J-357M vulnerabilities
Vulnerabilities for packages: redka, prometheus-operator, flux, kubo, libnvidia-container, mattermost, external-dns, nerdctl, juicefs, rancher-agent, runc, zarf, telegraf, cilium-cli, istio, karma, prometheus, kots, cert-manager, k8s-device-plugin, hubble, knative-serving, grafana, grafana-alloy,...
CVE-2026-39825 vulnerabilities
Vulnerabilities for packages: redka, prometheus-operator, flux, kubo, libnvidia-container, mattermost, external-dns, nerdctl, juicefs, rancher-agent, runc, zarf, telegraf, cilium-cli, istio, karma, prometheus, kots, cert-manager, k8s-device-plugin, hubble, knative-serving, grafana, grafana-alloy,...
CVE-2026-39825 vulnerabilities
Vulnerabilities for packages: knative-operator-fips, rke2-runtime-fips, terraform-fips, virt-operator-fips, aws-flb-cloudwatch-fips, nerdctl, docker-cli-fips, loki, tekton-pipelines-fips, azuredisk-csi-fips, juicefs, zabbix-agent2, cilium-fips, yunikorn-web-fips, kubo, hubble,...
GHSA-H74G-238J-357M vulnerabilities
Vulnerabilities for packages: knative-operator-fips, rke2-runtime-fips, terraform-fips, virt-operator-fips, aws-flb-cloudwatch-fips, nerdctl, docker-cli-fips, loki, tekton-pipelines-fips, azuredisk-csi-fips, juicefs, zabbix-agent2, cilium-fips, yunikorn-web-fips, kubo, hubble,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: rke2-runtime-fips, goose, localstack, gpu-operator, crossplane-provider-aws-dynamodb-fips, docker-cli-fips, kubernetes-csi-external-resizer-fips, spark-operator-fips, vale, vault-csi-provider, terraform-docs, gosu, gitsign, podman-fips, kuberay-operator,...
CLEANSTART-2026-GC37751 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-66jq-2c23-2xh5, ghsa-9h8m-3fm2-qjrq applied in versions: 0.65.0-r0, 0.65.0-r1
Multiple security vulnerabilities affect the victoriametrics-operator package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-GX29850 Security fixes for CVE-2025-61732, CVE-2025-68121 applied in versions: 1.132.0-r0, 1.132.0-r1
Multiple security vulnerabilities affect the victoriametrics-cluster package. These issues are resolved in later releases. See references for individual vulnerability details...
Denial Of Service (DoS)
github.com/VictoriaMetrics/VictoriaMetrics is vulnerable to Denial of Service DoS. The vulnerability is due to the snappy decoder ignoring request size limits, which allows an attacker to send malformed compressed blocks that trigger excessive memory usage and cause service disruption...
GHSA-PH5J-38MG-J6HP vulnerabilities
Vulnerabilities for packages: flux-source-controller, flux-image-reflector-controller, grafana-fips, victoriametrics-cluster-fips, localstack, pluto, flux-source-watcher, podinfo, aws-ebs-csi-driver-fips, grafana-rollout-operator, amazon-k8s-cni-fips, flux-operator, gotenberg, victoriametrics,...
CVE-2026-27138 vulnerabilities
Vulnerabilities for packages: flux-source-controller, flux-image-reflector-controller, grafana-fips, victoriametrics-cluster-fips, localstack, pluto, flux-source-watcher, podinfo, aws-ebs-csi-driver-fips, grafana-rollout-operator, amazon-k8s-cni-fips, flux-operator, gotenberg, victoriametrics,...
GHSA-7HFW-R8QC-89V4 vulnerabilities
Vulnerabilities for packages: flux-source-controller, flux-image-reflector-controller, grafana-fips, victoriametrics-cluster-fips, localstack, pluto, flux-source-watcher, podinfo, aws-ebs-csi-driver-fips, grafana-rollout-operator, amazon-k8s-cni-fips, flux-operator, gotenberg, victoriametrics,...
CVE-2026-27137 vulnerabilities
Vulnerabilities for packages: flux-source-controller, flux-image-reflector-controller, grafana-fips, victoriametrics-cluster-fips, localstack, pluto, flux-source-watcher, podinfo, aws-ebs-csi-driver-fips, grafana-rollout-operator, amazon-k8s-cni-fips, flux-operator, gotenberg, victoriametrics,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: step-ca, libnvidia-container, falcosidekick, terragrunt, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-aws-memorydb, kots, prometheus-adapter, xeol, mockery, langfuse, helm-mapkubeapis, terraform-provider-azuread, gh, crossplane-provider-aws-elasticache...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: gotestsum, step-ca, libnvidia-container, protoc-gen-go, sbom-convert, falcosidekick, terragrunt, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-aws-memorydb, kots, prometheus-adapter, xeol, timescaledb-tune, yq, mockery, langfuse, helm-mapkubeapis,...
SUSE CVE-2025-65942
VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics...
GO-2025-4161 VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM in github.com/VictoriaMetrics/VictoriaMetrics
VictoriaMetrics' Snappy Decoder DoS Vulnerability is Causing OOM in github.com/VictoriaMetrics/VictoriaMetrics...
CVE-2025-65942 vulnerabilities
Vulnerabilities for packages: victorialogs, victoriametrics-operator-fips, victorialogs-fips...
GHSA-66JQ-2C23-2XH5 vulnerabilities
Vulnerabilities for packages: victorialogs, victoriametrics-operator-fips, victorialogs-fips...
CVE-2025-65942
VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics...
EUVD-2025-199645
VictoriaMetrics is a scalable solution for monitoring and managing time series data. In versions from 1.0.0 to before 1.110.23, from 1.111.0 to before 1.122.8, and from 1.123.0 to before 1.129.1, affected versions are vulnerable to DoS attacks because the snappy decoder ignored VictoriaMetrics...