CVE-2025-11065 affecting package kube-vip-cloud-provider for versions less than 0.0.2-26

CVE-2025-11065 affecting package kube-vip-cloud-provider for versions less than 0.0.2-26. A patched version of the package is available...

CVE-2025-58358

CVE-2025-58358 — Markdownify command injection : The Markdownify MCP Server (mcp-markdownify-server) is vulnerable in versions before 0.0.2 due to unsanitized user input used inside child_process.exec, enabling arbitrary shell commands and remote code execution under the server process. The issue...

AZL-52227 CVE-2024-51744 affecting package kube-vip-cloud-provider for versions less than 0.0.2-22

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-33604 CVE-2021-44716 affecting package kube-vip-cloud-provider for versions less than 0.0.2-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...