367 matches found
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: argo-cd, fleet-server-fips, gitlab-rails-ce-fips, cadvisor-fips, kgateway-fips, docker-compose-fips, beats, argo-workflows-fips, kubescape-operator, tw, grafana-image-renderer, boring-registry-fips, crossplane-provider-aws-mediapackage-fips, gitlab-operator-fips,...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: argo-cd, fleet-server-fips, gitlab-rails-ce-fips, cadvisor-fips, kgateway-fips, docker-compose-fips, beats, argo-workflows-fips, kubescape-operator, tw, grafana-image-renderer, boring-registry-fips, crossplane-provider-aws-mediapackage-fips, gitlab-operator-fips,...
CVE-2026-33814 affecting package cert-manager for versions less than 1.12.15-9
CVE-2026-33814 affecting package cert-manager for versions less than 1.12.15-9. A patched version of the package is available...
GHSA-H524-452V-82P9 vulnerabilities
Vulnerabilities for packages: grafana-operator, dgraph, cilium, crossplane-provider-azure-authorization, sealed-secrets, kube-bench, grafana-alloy, redka, volume-modifier-for-k8s, cloud-provider-azure, crossplane-provider-aws-ec2, nri-discovery-kubernetes, k3s, rancher-webhook, polaris,...
CVE-2026-42504 vulnerabilities
Vulnerabilities for packages: grafana-operator, dgraph, cilium, crossplane-provider-azure-authorization, sealed-secrets, kube-bench, grafana-alloy, redka, volume-modifier-for-k8s, cloud-provider-azure, crossplane-provider-aws-ec2, nri-discovery-kubernetes, k3s, rancher-webhook, polaris,...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: grafana-operator, dgraph, q, cilium, crossplane-provider-azure-authorization, goreleaser, cloud-sql-proxy, sealed-secrets, delve, slsa-verifier, tetragon, kube-bench, kube-logging-operator-custom-runner, actions-runner-controller, grafana-alloy, redka, spqr,...
GHSA-H3GM-Q7M7-MP28 vulnerabilities
Vulnerabilities for packages: grafana-operator, dgraph, q, cilium, crossplane-provider-azure-authorization, goreleaser, cloud-sql-proxy, sealed-secrets, delve, slsa-verifier, tetragon, kube-bench, kube-logging-operator-custom-runner, actions-runner-controller, grafana-alloy, redka, spqr,...
CVE-2026-42507 vulnerabilities
Vulnerabilities for packages: grafana-operator, dgraph, q, cilium, crossplane-provider-azure-authorization, goreleaser, cloud-sql-proxy, sealed-secrets, delve, slsa-verifier, tetragon, kube-bench, kube-logging-operator-custom-runner, actions-runner-controller, grafana-alloy, redka, spqr,...
GHSA-4279-Q6MJ-392R vulnerabilities
Vulnerabilities for packages: grafana-operator, dgraph, q, cilium, crossplane-provider-azure-authorization, goreleaser, cloud-sql-proxy, sealed-secrets, delve, slsa-verifier, tetragon, kube-bench, kube-logging-operator-custom-runner, actions-runner-controller, grafana-alloy, redka, spqr,...
CVE-2026-42504 vulnerabilities
Vulnerabilities for packages: argo-cd, crossplane-provider-aws-guardduty, gitlab-kas-fips, cluster-autoscaler-fips, crossplane-provider-aws-ec2, aws-efs-csi-driver, crossplane-provider-aws-cloudwatchevents-fips, crossplane-provider-aws-firehose, crossplane-provider-aws-kafka-fips,...
GHSA-H524-452V-82P9 vulnerabilities
Vulnerabilities for packages: argo-cd, crossplane-provider-aws-guardduty, gitlab-kas-fips, cluster-autoscaler-fips, crossplane-provider-aws-ec2, aws-efs-csi-driver, crossplane-provider-aws-cloudwatchevents-fips, crossplane-provider-aws-firehose, crossplane-provider-aws-kafka-fips,...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: argo-cd, pulumi-language-java, crossplane-provider-aws-guardduty, gitlab-kas-fips, apache-exporter, atlantis-fips, cluster-autoscaler-fips, kubo, crossplane-provider-aws-ec2, amazon-k8s-cni, steampipe, prometheus-redis-exporter-fips, nats-server-fips,...
CVE-2026-42507 vulnerabilities
Vulnerabilities for packages: argo-cd, pulumi-language-java, crossplane-provider-aws-guardduty, gitlab-kas-fips, apache-exporter, atlantis-fips, cluster-autoscaler-fips, kubo, crossplane-provider-aws-ec2, amazon-k8s-cni, steampipe, prometheus-redis-exporter-fips, nats-server-fips,...
GHSA-4279-Q6MJ-392R vulnerabilities
Vulnerabilities for packages: argo-cd, pulumi-language-java, crossplane-provider-aws-guardduty, gitlab-kas-fips, apache-exporter, atlantis-fips, cluster-autoscaler-fips, kubo, crossplane-provider-aws-ec2, amazon-k8s-cni, steampipe, prometheus-redis-exporter-fips, nats-server-fips,...
GHSA-H3GM-Q7M7-MP28 vulnerabilities
Vulnerabilities for packages: argo-cd, pulumi-language-java, crossplane-provider-aws-guardduty, gitlab-kas-fips, apache-exporter, atlantis-fips, cluster-autoscaler-fips, kubo, crossplane-provider-aws-ec2, amazon-k8s-cni, steampipe, prometheus-redis-exporter-fips, nats-server-fips,...
CVE-2026-10840
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840
CVE-2026-10840 concerns the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role. When Kueue or cert-manager CRDs are present, any authenticated...
EUVD-2026-34248
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840 Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...