AZL-76868 CVE-2025-47911 affecting package cert-manager 1.12.15-4

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-34582 CVE-2023-3978 affecting package cert-manager for versions less than 1.12.12-1

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...