5 matches found
Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance
When using lockFileMaintenance using the bazel-module or bazelisk managers between Renovate 43.65.0 2026-03-12 and 43.102.11 2026-04-02, there was the opportunity for remote code execution from a malicious dependency, if the Bazel module executes code that relies on a dependency. As this is an...
GHSA-5VJQ-5JMG-39XQ Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance
When using lockFileMaintenance using the bazel-module or bazelisk managers between Renovate 43.65.0 2026-03-12 and 43.102.11 2026-04-02, there was the opportunity for remote code execution from a malicious dependency, if the Bazel module executes code that relies on a dependency. As this is an...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-csi-external-snapshotter, infinispan-operator, kubernetes-dashboard-metrics-scraper, eksctl, mc, flux-operator, kserve-modelmesh-serving, newrelic-nri-statsd, gatekeeper, kubeflow-katib, sftpgo,...
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: php-fpmexporter, gke-gcloud-auth-plugin, secrets-store-csi-driver-provider-aws, dgraph, volume-modifier-for-k8s, kubernetes-dashboard-metrics-scraper, kubeadm-bootstrap-controller, eksctl, up, kubewatch, vite, local-path-provisioner, pulumi-kubernetes-operator,...
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: php-fpmexporter, gke-gcloud-auth-plugin, secrets-store-csi-driver-provider-aws, dgraph, volume-modifier-for-k8s, kubernetes-dashboard-metrics-scraper, kubeadm-bootstrap-controller, eksctl, up, kubewatch, vite, local-path-provisioner, pulumi-kubernetes-operator,...