GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: juicefs-csi-driver, kubernetes, hubble, postgres-operator, argo-rollouts, k3s, consul-k8s, cilium, k8ssandra-client, istio, cilium-cli, kubernetes-dashboard-api, kubevela, trivy-operator, datadog-agent, headlamp, gitlab-kas, infinispan-operator, kubeflow-pipelines,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: tailscale, neuvector-dbgen, mattermost, dbmate, azure-workload-identity-webhook, haproxy-ingress, dapr, tetragon, vertical-pod-autoscaler, git-lfs, influx, redpanda, flux-operator, apisix-ingress-controller, rabbitmq-messaging-topology-operator, kuma, docker-cli,...

CLEANSTART-2026-UM45661 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, ghsa-6v2p-p543-phr9, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw applied in versions: 4.4.0-r0, 4.4.0-r1, 4.4.0-r2, 4.4.0-r3

Multiple security vulnerabilities affect the dynamic-localpv-provisioner package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-HJX7-FPXX-MJ48 vulnerabilities

Vulnerabilities for packages: fixuid, portieris, xcover, task, thanos-operator, cfssl, istio, azurefile-csi, custom-pod-autoscaler, docker-machine-driver-harvester, ko, ini-file, kubeflow, mattermost, kubebuilder, dbmate, neuvector-dbgen, terraform-provider-azuread, azure-workload-identity-webhoo...

GHSA-FRHW-MQJ2-WXW2 vulnerabilities

Vulnerabilities for packages: xcover, cfssl, neuvector-dbgen, mattermost, dbmate, azure-workload-identity-webhook, cluster-api-helm-controller, vertical-pod-autoscaler, redpanda, flux-operator, apisix-ingress-controller, gotestsum, hydra, docker-cli, temporal, velero-plugin-for-microsoft-azure,...

GHSA-447V-2QG4-H8HC vulnerabilities

Vulnerabilities for packages: fixuid, portieris, xcover, task, thanos-operator, cfssl, istio, azurefile-csi, custom-pod-autoscaler, docker-machine-driver-harvester, ko, ini-file, kubeflow, mattermost, kubebuilder, dbmate, neuvector-dbgen, terraform-provider-azuread, azure-workload-identity-webhoo...

GHSA-WCW9-47FP-RRFR vulnerabilities

Vulnerabilities for packages: fixuid, portieris, xcover, task, thanos-operator, cfssl, istio, azurefile-csi, custom-pod-autoscaler, docker-machine-driver-harvester, ko, ini-file, kubeflow, mattermost, kubebuilder, dbmate, neuvector-dbgen, terraform-provider-azuread, azure-workload-identity-webhoo...

GHSA-RJCG-56PH-3QVG vulnerabilities

Vulnerabilities for packages: xcover, cfssl, neuvector-dbgen, mattermost, dbmate, azure-workload-identity-webhook, cluster-api-helm-controller, vertical-pod-autoscaler, redpanda, apisix-ingress-controller, gotestsum, hydra, velero-plugin-for-microsoft-azure, node-problem-detector,...

GHSA-QH38-484V-W52X vulnerabilities

Vulnerabilities for packages: fixuid, portieris, xcover, task, cfssl, istio, azurefile-csi, custom-pod-autoscaler, docker-machine-driver-harvester, ko, ini-file, kubeflow, mattermost, kubebuilder, dbmate, neuvector-dbgen, terraform-provider-azuread, azure-workload-identity-webhook, prometheus,...

GHSA-JWMF-CHVC-RF92 vulnerabilities

Vulnerabilities for packages: xcover, cfssl, neuvector-dbgen, mattermost, dbmate, azure-workload-identity-webhook, cluster-api-helm-controller, vertical-pod-autoscaler, redpanda, apisix-ingress-controller, gotestsum, hydra, velero-plugin-for-microsoft-azure, node-problem-detector,...

GHSA-CXQ7-XW9V-RCV3 vulnerabilities

Vulnerabilities for packages: xcover, cfssl, neuvector-dbgen, mattermost, dbmate, azure-workload-identity-webhook, cluster-api-helm-controller, vertical-pod-autoscaler, redpanda, apisix-ingress-controller, gotestsum, hydra, velero-plugin-for-microsoft-azure, node-problem-detector,...

GHSA-9GCR-GP5F-JW27 vulnerabilities

Vulnerabilities for packages: fixuid, portieris, xcover, task, thanos-operator, cfssl, istio, azurefile-csi, custom-pod-autoscaler, docker-machine-driver-harvester, ko, ini-file, kubeflow, mattermost, kubebuilder, dbmate, neuvector-dbgen, terraform-provider-azuread, azure-workload-identity-webhoo...

CVE-2025-58188 vulnerabilities

Vulnerabilities for packages: fixuid, portieris, xcover, task, thanos-operator, cfssl, istio, azurefile-csi, custom-pod-autoscaler, docker-machine-driver-harvester, ko, ini-file, kubeflow, mattermost, kubebuilder, dbmate, neuvector-dbgen, terraform-provider-azuread, azure-workload-identity-webhoo...

CVE-2025-58186 vulnerabilities

Vulnerabilities for packages: xcover, cfssl, neuvector-dbgen, mattermost, dbmate, azure-workload-identity-webhook, cluster-api-helm-controller, vertical-pod-autoscaler, redpanda, apisix-ingress-controller, gotestsum, hydra, velero-plugin-for-microsoft-azure, node-problem-detector,...

CVE-2025-58185 vulnerabilities

Vulnerabilities for packages: xcover, cfssl, neuvector-dbgen, mattermost, dbmate, azure-workload-identity-webhook, cluster-api-helm-controller, vertical-pod-autoscaler, redpanda, apisix-ingress-controller, gotestsum, hydra, velero-plugin-for-microsoft-azure, node-problem-detector,...

CVE-2025-61723 vulnerabilities

Vulnerabilities for packages: fixuid, portieris, xcover, task, thanos-operator, cfssl, istio, azurefile-csi, custom-pod-autoscaler, docker-machine-driver-harvester, ko, ini-file, kubeflow, mattermost, kubebuilder, dbmate, neuvector-dbgen, terraform-provider-azuread, azure-workload-identity-webhoo...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: rancher-helm, flux-kustomize-controller-fips, conjur-cli, kubernetes-dashboard-metrics-scraper, loki-fips, otel-cli, skaffold-fips, trino, amazon-ssm-agent-fips, db-operator, cass-operator-fips-no-pvc-delete, helm-fips, kbld, rook, trivy-fips, cert-exporter, kbld-fip...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: k3s, task, thanos-operator, cfssl, tailscale, nri-nginx, yq, eksctl, kubebuilder, caddy, nri-mssql, haproxy-ingress, etcd, vertical-pod-autoscaler, newrelic-fluent-bit-output, nri-discovery-kubernetes, fuse-overlayfs-snapshotter, k3d, src, gke-gcloud-auth-plugin,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: cortex, buildkitd, kubevela, terraform-provider-sendgrid-fips, kubescape, metrics-server-fips, dynamic-localpv-provisioner-fips, prometheus-stackdriver-exporter, terraform-provider-sendgrid, slsa-verifier, prometheus-blackbox-exporter, aactl, k3d,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: spark-operator, kubescape, terraform-provider-sendgrid, ipfs, up, k3d, scorecard, dgraph, slsa-verifier, src, kubevela, falco, buildkitd, aactl, kubeflow, cortex, prometheus-blackbox-exporter...