GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: argo-cd, azure-service-operator-fips, gitlab-cng, aws-iam-authenticator, docker-compose-fips, azurefile-csi-fips, cloudbeat-fips, cadvisor-fips, knative-serving, crossplane-provider-azure-signalrservice, boring-registry-fips, k9s-fips, flux-notification-controller,...

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: argo-cd, azure-service-operator-fips, gitlab-cng, aws-iam-authenticator, docker-compose-fips, azurefile-csi-fips, cloudbeat-fips, cadvisor-fips, knative-serving, crossplane-provider-azure-signalrservice, boring-registry-fips, k9s-fips, flux-notification-controller,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: The dereference operation was corrected before the NULL check. In stm32csistart, the variable csidev-ssubdev is dereferenced directly when assigning a value to srcpad. However, the same value is then checked...

CLEANSTART-2026-RE02723 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-32281, CVE-2026-32283, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 6.1.0-r0, 6.1.0-r1, 6.1.0-r2, 6.1.0-r3, 6.1.0-r4

Multiple security vulnerabilities affect the kubernetes-csi-external-provisioner-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

JLSEC-2026-528

In tmux before version 3.1c the function inputcsidispatchsgrcolon in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output...

CLEANSTART-2026-CS02869 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, ghsa-p77j-4mvh-x3m3 applied in versions: 2.18.0-r0, 2.18.0-r1, 2.18.0-r2

Multiple security vulnerabilities affect the kubernetes-csi-livenessprobe-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-OH47925 Security fixes for CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810 applied in versions: 4.13.0-r0, 4.13.0-r1, 4.13.0-r2

Multiple security vulnerabilities affect the kubernetes-csi-driver-nfs-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-LA07853 Security fixes for CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-29181, CVE-2026-33186, ghsa-mh2q-q3fh-2475 applied in versions: 4.13.0-r0, 4.13.0-r1, 4.13.2-r0

Multiple security vulnerabilities affect the kubernetes-csi-driver-nfs-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-33814 vulnerabilities

Vulnerabilities for packages: minio-operator, crossplane-provider-aws-route53, flux-image-reflector-controller, db-operator, azcopy, aws-efs-csi-driver, trust-manager, kuma, k8ssandra-client, k6, thanos, terraform-provider-google, custom-pod-autoscaler-operator, prometheus-adapter,...

RHCOS 3 : OpenShift Container Platform 3.11 openshift-external-storage (RHSA-2019:4054)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4054 advisory. - kubernetes-csi: CSI volume snapshot, cloning and resizing features can result in unauthorized volume data access or mutation CVE-2019-11255...

GHSA-PJCQ-XVWQ-HHPJ vulnerabilities

Vulnerabilities for packages: cert-manager, cert-manager-csi-driver, minio, nuclei, seaweedfs, opentofu, spqr, grafana, percona-server-mongodb-operator, dex, k6, flux-source-controller, gitea, rclone, yunikorn-k8shim, ratify, rancher-agent, cert-manager-istio-csr, teleport, trufflehog,...

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: cert-manager, cert-manager-csi-driver, minio, nuclei, seaweedfs, opentofu, spqr, grafana, percona-server-mongodb-operator, dex, k6, flux-source-controller, gitea, rclone, yunikorn-k8shim, ratify, rancher-agent, cert-manager-istio-csr, teleport, trufflehog,...

EUVD-2026-23500

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields...

CVE-2026-6437 AWS EFS CSI Driver Mount Option Injection

Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver aws-efs-csi-driver before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users...

CVE-2026-6437

CVE-2026-6437 concerns the AWS EFS CSI Driver (aws-efs-csi-driver) prior to v3.0.1. The flaw is improper neutralization of argument delimiters in the volume handling component, which allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via...

Amazon EFS CSI Driver 安全漏洞

The Amazon EFS CSI Driver is an open-source component developed by the Kubernetes SIGs, used for mounting AWS File Storage in Kubernetes clusters. Previous versions of the Amazon EFS CSI Driver, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from improper paramet...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: smokescreen, grafana-operator, newrelic-k8s-metadata-injection, pluto, flux-operator, supercronic, dgraph, flux-image-reflector-controller, victoriametrics-cluster, dkron, temporal, aws-privateca-issuer, secrets-store-csi-driver-provider-aws, clickhouse-operator,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: minio-operator, flux-image-reflector-controller, db-operator, aws-efs-csi-driver, k8ssandra-client, custom-pod-autoscaler-operator, prometheus-adapter, newrelic-infra-operator, rancher-agent, nri-f5, flux-image-automation-controller, runc, grafana-pyroscope, kargo,...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: kube-state-metrics, verticadb-operator, lazydocker, flux-image-reflector-controller, prometheus-operator, db-operator, grpcurl, opentofu, spqr, docker-cli, grpc-health-probe, aws-efs-csi-driver, helm-set-status, k8ssandra-client, kots, yunikorn-k8shim, syft,...

CVE-2026-33810 vulnerabilities

Vulnerabilities for packages: flux-helm-controller, mountpoint-s3-csi-driver, metacontroller, nodetaint, pgwatch, fluxcd-kustomize-mutating-webhook-fips, mariadb-operator, rabbitmq-messaging-topology-operator, smarter-device-manager, aws-iam-authenticator, flux-source-controller, atlas,...