69 matches found
CVE-2026-12726
A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...
CVE-2026-12726 Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential
A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...
CVE-2026-12726
A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...
CVE-2026-12726
AWX/AUTOMATION-CONTROLLER GitHub webhook integration vulnerability (CVE-2026-12726): processing of GitHub pull_request webhooks stores statuses_url from the payload without validating it points to a trusted GitHub API endpoint. If a job template uses a GitHub Personal Access Token as the webhook ...
PT-2026-51010
Name of the Vulnerable Software and Affected Versions AWX affected versions not specified Description A flaw exists in the GitHub webhook integration where the controller stores the pull request.statuses url value from a pull request webhook payload without validating if it points to a trusted...
CVE-2026-52902
CVE-2026-52902 affects awxkit (AWX CLI). The YAML !include directive permits path traversal, enabling an attacker to craft a YAML file that reads arbitrary local YAML files when a user imports it via awx --conf.format yaml import. This is a client-side vulnerability requiring user interaction. Mi...
GHSA-MV93-W799-CJ2W vulnerabilities
Vulnerabilities for packages: datahub-ingestion-fips, mlflow, mlflow-fips, awx, nemo, jupyter-all-spark-notebook, opal...
CVE-2026-33936 vulnerabilities
Vulnerabilities for packages: airflow, awx...
GHSA-9F5J-8JWJ-X28G vulnerabilities
Vulnerabilities for packages: airflow, awx...
GHSA-PXRR-HQ57-Q35P vulnerabilities
Vulnerabilities for packages: awx...
CVE-2026-33154 vulnerabilities
Vulnerabilities for packages: awx...
CVE-2025-69534 vulnerabilities
Vulnerabilities for packages: superset, awx...
GHSA-5WMX-573V-2QWQ vulnerabilities
Vulnerabilities for packages: superset, awx...
GHSA-JJ3X-WXRX-4X23 vulnerabilities
Vulnerabilities for packages: airflow, apache-beam-python-3.11-sdk, gitlab-cng, py3.13-scanner-test-libraries-aiohttp, authentik, py3-cassandra-medusa, kserve, awx, open-webui, dask-kubernetes, checkov, kubeflow-pipelines-visualization-server, request-1276, py3-vllm-cuda-12.4...
GHSA-6JHG-HG63-JVVF vulnerabilities
Vulnerabilities for packages: airflow, apache-beam-python-3.11-sdk, gitlab-cng, py3.13-scanner-test-libraries-aiohttp, authentik, py3-cassandra-medusa, kserve, awx, open-webui, dask-kubernetes, checkov, kubeflow-pipelines-visualization-server, request-1276, py3-vllm-cuda-12.4...
CVE-2025-69229 vulnerabilities
Vulnerabilities for packages: airflow, apache-beam-python-3.11-sdk, gitlab-cng, py3.13-scanner-test-libraries-aiohttp, authentik, py3-cassandra-medusa, kserve, awx, open-webui, dask-kubernetes, checkov, kubeflow-pipelines-visualization-server, request-1276, py3-vllm-cuda-12.4...
CVE-2025-69228 vulnerabilities
Vulnerabilities for packages: airflow, apache-beam-python-3.11-sdk, gitlab-cng, py3.13-scanner-test-libraries-aiohttp, authentik, py3-cassandra-medusa, kserve, awx, open-webui, dask-kubernetes, checkov, kubeflow-pipelines-visualization-server, request-1276, py3-vllm-cuda-12.4...
GHSA-G84X-MCQJ-X9QQ vulnerabilities
Vulnerabilities for packages: airflow, apache-beam-python-3.11-sdk, gitlab-cng, py3.13-scanner-test-libraries-aiohttp, authentik, py3-cassandra-medusa, kserve, awx, open-webui, dask-kubernetes, checkov, kubeflow-pipelines-visualization-server, request-1276, py3-vllm-cuda-12.4...
GHSA-6MQ8-RVHQ-8WGG vulnerabilities
Vulnerabilities for packages: airflow, apache-beam-python-3.11-sdk, gitlab-cng, py3.13-scanner-test-libraries-aiohttp, authentik, py3-cassandra-medusa, kserve, awx, open-webui, dask-kubernetes, checkov, kubeflow-pipelines-visualization-server, request-1276, py3-vllm-cuda-12.4...
CVE-2025-69227 vulnerabilities
Vulnerabilities for packages: airflow, apache-beam-python-3.11-sdk, gitlab-cng, py3.13-scanner-test-libraries-aiohttp, authentik, py3-cassandra-medusa, kserve, awx, open-webui, dask-kubernetes, checkov, kubeflow-pipelines-visualization-server, request-1276, py3-vllm-cuda-12.4...