CLEANSTART-2026-RU00721 Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0, 4.0.2-r1

Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-LS30652 Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.11-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0

Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-VJ56922 Security fixes for CVE-2025-15558, CVE-2025-61729, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-fv92-fjc5-jj9h, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3 applied in versions: 3.6.16-r0, 3.7.11-r0, 3.7.4-r0, 3.7.9-r0, 4.0.1-r0, 4.0.2-r0

Multiple security vulnerabilities affect the argo-workflows package. These issues are resolved in later releases. See references for individual vulnerability details...

Axios NPM Distribution Compromised in Supply Chain Attack

A compromised axios maintainer account led to malicious npm releases that propagated across environments. Learn how to assess impact, detect compromise, and secure your development workflows...

GHSA-37CH-88JC-XWX2 vulnerabilities

Vulnerabilities for packages: json-server, sqlpad, kubeflow-pipelines, argo-workflows, kubeflow-centraldashboard, pelias-api, langfuse, langfuse-fips, thingsboard-fips...

CVE-2026-4867 vulnerabilities

Vulnerabilities for packages: json-server, sqlpad, kubeflow-pipelines, argo-workflows, kubeflow-centraldashboard, pelias-api, langfuse, langfuse-fips, thingsboard-fips...

GHSA-JHF3-XXHW-2WPP vulnerabilities

Vulnerabilities for packages: grype-db, argocd-image-updater-fips, zarf, cloudbeat, rancher-fleet-fips, scorecard, gitaly-fips, cerbos, gitea-fips, kubevela-fips, src-fingerprint, grype, pulumi-kubernetes-operator, gitlab-rails-ce, gitea, zot, src-fingerprint-fips, nuclei, trivy-operator-fips,...

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: grype-db, argocd-image-updater-fips, zarf, cloudbeat, rancher-fleet-fips, scorecard, gitaly-fips, cerbos, gitea-fips, kubevela-fips, src-fingerprint, grype, pulumi-kubernetes-operator, gitlab-rails-ce, gitea, zot, src-fingerprint-fips, nuclei, trivy-operator-fips,...

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: grype-db, argocd-image-updater-fips, zarf, cloudbeat, rancher-fleet-fips, scorecard, gitaly-fips, cerbos, gitea-fips, kubevela-fips, src-fingerprint, grype, pulumi-kubernetes-operator, gitlab-rails-ce, gitea, zot, src-fingerprint-fips, nuclei, trivy-operator-fips,...

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: grype-db, argocd-image-updater-fips, zarf, cloudbeat, rancher-fleet-fips, scorecard, gitaly-fips, cerbos, gitea-fips, kubevela-fips, src-fingerprint, grype, pulumi-kubernetes-operator, gitlab-rails-ce, gitea, zot, src-fingerprint-fips, nuclei, trivy-operator-fips,...

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: nuclei, rancher-fleet, skaffold, wolfictl, kaniko, dagger, bom, trufflehog, grafana-alloy, syft, flux-source-controller, witness, gomplate, pulumi-language-yaml, argo-workflows, tfsec, gitlab-runner, zarf, external-secrets-operator, apko, argo-events, gitaly, k9s,...

CVE-2026-4867 vulnerabilities

Vulnerabilities for packages: argo-workflows, kubeflow-pipelines, kubeflow-centraldashboard, json-server, sqlpad...

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: nuclei, rancher-fleet, skaffold, wolfictl, kaniko, dagger, bom, trufflehog, grafana-alloy, syft, flux-source-controller, witness, gomplate, pulumi-language-yaml, argo-workflows, tfsec, gitlab-runner, zarf, external-secrets-operator, apko, argo-events, gitaly, k9s,...

GHSA-37CH-88JC-XWX2 vulnerabilities

Vulnerabilities for packages: argo-workflows, kubeflow-pipelines, kubeflow-centraldashboard, json-server, sqlpad...

GHSA-JHF3-XXHW-2WPP vulnerabilities

Vulnerabilities for packages: nuclei, rancher-fleet, skaffold, wolfictl, kaniko, dagger, bom, trufflehog, grafana-alloy, syft, flux-source-controller, witness, gomplate, pulumi-language-yaml, argo-workflows, tfsec, gitlab-runner, zarf, external-secrets-operator, apko, argo-events, gitaly, k9s,...

The Real Risk of Vibecoding

This blog looks at how AI‑driven vibecoding speeds up software development while increasing security risk by outpacing traditional review and ownership. It explains why security needs to move earlier and be built into modern development workflows...

ANT-2026-DJBBBBPE · temporalio/temporal · Broken Access Control

broken-access-control critical CVE-2026-5199 Severity Claude critical · Security research firm - · Maintainer - Discovered by Claude Mythos Preview REPORT The report below was sent to the maintainer and sealed at approval. ANT-2026-DJBBBBPE: Cross-namespace manipulation including deletion of...

SQL Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to SQL Injection in the orderByColumn expression of the Data Table Get node. An attacker with permissions to create or modify workflows can execute arbitrary SQL commands by supplying crafted input,...

CVE-2026-33720

n8n is an open source workflow automation platform. Prior to version 2.8.0, when the N8NSKIPAUTHONOAUTHCALLBACK environment variable is set to true, the OAuth callback handler skips ownership verification of the OAuth state parameter. This allows an attacker to trick a victim into completing an...

Introducing Wiz Workflows: Your path to building a self healing cloud

Orchestrate customizable workflows with agents, enabling end-to-end discovery and response in Wiz...