EUVD-2023-0865

Malicious code in bioql PyPI...

EUVD-2024-2632

Malicious code in bioql PyPI...

EUVD-2024-0547

Malicious code in bioql PyPI...

EUVD-2023-2509

Malicious code in bioql PyPI...

EUVD-2024-2192

Malicious code in bioql PyPI...

CVE-2024-52529

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range AND 2. A Layer 7 allow policy that selects a specific port within the first policy's range...

CVE-2024-25631

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and...

CVE-2024-25630

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state the default configuration and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affect...

CVE-2023-41332

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

CVE-2023-27594

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which...

CVE-2025-32793

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can lea...

GO-2025-3635 In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium

In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium...

CVE-2025-32793 Cilium packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can lea...

BIT-CILIUM-OPERATOR-2025-30163 Node based network policies may incorrectly allow workload traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...

CVE-2025-30163

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...

CVE-2025-30162

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...

GHSA-24QP-4XX8-3JVJ Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Impact For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces Egress traffic from workloads covered by such netwo...

CVE-2025-30163

CVE-2025-30163 affects Cilium’s node-based network policies: policies using fromNodes/toNodes may incorrectly permit traffic to/from non-node endpoints sharing the same labels. Affected versions are Cilium v1.16.0–v1.16.7 and v1.17.0–v1.17.1; the issue is fixed in v1.16.8 and v1.17.2. Root cause:...

CVE-2024-28248

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being...

CVE-2024-28249 Cilium has possible unencrypted traffic between nodes when using IPsec and L7 policies

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sen...