60 matches found
GHSA-5JMJ-H7XM-6Q6V vulnerabilities
Vulnerabilities for packages: druid, geoserver, s3proxy-fips, apache-hop, s3proxy, flyway, flyway-fips, confluent-common-docker, kayenta-fips, neo4j, strimzi-kafka-operator, strimzi-kafka-operator-fips, thingsboard, trino, apache-camel-karavan-devmode, kayenta, scala...
CVE-2026-54515 vulnerabilities
Vulnerabilities for packages: druid, geoserver, s3proxy-fips, apache-hop, s3proxy, flyway, flyway-fips, confluent-common-docker, kayenta-fips, neo4j, strimzi-kafka-operator, strimzi-kafka-operator-fips, thingsboard, trino, apache-camel-karavan-devmode, kayenta, scala...
GHSA-5JMJ-H7XM-6Q6V vulnerabilities
Vulnerabilities for packages: thingsboard, confluent-common-docker, trino...
CVE-2026-54515 vulnerabilities
Vulnerabilities for packages: thingsboard, confluent-common-docker, trino...
CVE-2026-45409 vulnerabilities
Vulnerabilities for packages: reflex, open-webui, jwt-tool, kserve, kubeflow-pipelines-visualization-server, confluent-docker-utils, airflow, kubeflow-jupyter-web-app, kubeflow-pipelines, httpie, pypy-3.11, kubeflow-volumes-web-app, datadog-agent, semgrep, dask-kubernetes, tensorflow-cpu-jupyter,...
GHSA-65PC-FJ4G-8RJX vulnerabilities
Vulnerabilities for packages: reflex, open-webui, jwt-tool, kserve, kubeflow-pipelines-visualization-server, confluent-docker-utils, airflow, kubeflow-jupyter-web-app, kubeflow-pipelines, httpie, pypy-3.11, kubeflow-volumes-web-app, datadog-agent, semgrep, dask-kubernetes, tensorflow-cpu-jupyter,...
GHSA-65PC-FJ4G-8RJX vulnerabilities
Vulnerabilities for packages: jwt-tool, vast-csi, azure-functions-host, azureml-inference-server-http-fips, locust, vllm-openai-cuda-13.0, tritonserver-backend-vllm-cuda-13.0, azureml-inference-server-http, dbt-bigquery, mlflow-fips, opentelemetry-python-instrumentation, httpie, localstack,...
CVE-2026-45409 vulnerabilities
Vulnerabilities for packages: jwt-tool, vast-csi, azure-functions-host, azureml-inference-server-http-fips, locust, vllm-openai-cuda-13.0, tritonserver-backend-vllm-cuda-13.0, azureml-inference-server-http, dbt-bigquery, mlflow-fips, opentelemetry-python-instrumentation, httpie, localstack,...
CLEANSTART-2026-LI56163 Security fixes for CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.0.8-r0, 1.0.8-r1
Multiple security vulnerabilities affect the confluent-cp-docker-utils package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RD06185 Security fixes for CVE-2024-29371, CVE-2026-1225, CVE-2026-24281, CVE-2026-24308, CVE-2026-42577, CVE-2026-42583, ghsa-25qh-j22f-pwp8, ghsa-3677-xxcr-wjqv, ghsa-72hv-8253-57qq, ghsa-7xrh-hqfc-g7qr, ghsa-crhr-qqj8-rpxc, ghsa-mj4r-2hfc-f8p6, ghsa-qqpg-mvqg-649v, ghsa-rwm7-x88c-3g2p applied in versions: 7.6.9-r2, 7.6.9-r3, 7.6.9-r4, 7.6.9-r5
Multiple security vulnerabilities affect the confluent-common-docker package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-PV53006 Security fixes for CVE-2025-67030, CVE-2026-33811, CVE-2026-33814, CVE-2026-34479, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6fmv-xxpf-w3cw, ghsa-72hv-8253-57qq applied in versions: 8.2.0-r0, 8.2.0-r1, 8.2.0-r2
Multiple security vulnerabilities affect the confluent-kafka package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2021-33923
Insecure permissions in Confluent Ansible cp-ansible 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information private keys, state database...
CVE-2021-33924
Confluent Ansible cp-ansible version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information...
Malicious Package
Overview confluent-kafka is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in confluent-kafka (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80f8f3691acc10147a767bd08facab31e59a8acfb8d38c89df1400e263cc6f8f The package confluent-kafka was found to contain malicious code. Source: ghsa-malware 135e8cf2cd5582b8ed8562c5f5ccfd1cf7265319ad340463b750b75e341858e...
EUVD-2025-202372
Malicious code in confluent-kafka npm...
MAL-2025-192405 Malicious code in confluent-kafka (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80f8f3691acc10147a767bd08facab31e59a8acfb8d38c89df1400e263cc6f8f The package confluent-kafka was found to contain malicious code. Source: ghsa-malware 135e8cf2cd5582b8ed8562c5f5ccfd1cf7265319ad340463b750b75e341858e...
EUVD-2021-20595
Malware in sbrugna...
EUVD-2021-20596
Malware in sbrugna...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: git-lfs, newrelic-nri-statsd, dagdotdev, octo-sts, gitsign, kube-vip-cloud-provider, sftpgo-plugin-geoipfilter, local-path-provisioner, addon-resizer, sftpgo-plugin-pubsub, vault-k8s, kuberay-operator, mongodb-kubernetes-operator, gitlab-runner,...