62 matches found
GHSA-XHF5-7WJV-PQXP vulnerabilities
Vulnerabilities for packages: headlamp-fips, manifest-tool, helm-operator, cloudbeat-fips, docker-compose, eksctl, docker-fips, kots, linkerd2-fips, grype, kaniko, neuvector, linkerd2, envoy-gateway-fips, datadog-agent, tigera-operator-fips, trivy-operator, kaniko-fips, zot, kubescape-server-fips...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: gatekeeper, eksctl, fuse-overlayfs-snapshotter, scorecard, skaffold, tigera-operator, chartmuseum, docker, envoy-gateway, kaniko, linkerd2, steampipe, zot, newrelic-infrastructure-agent, datadog-agent, consul-k8s, helm-push, tw, syft, dagger, spegel, trivy-operator,...
GHSA-FQW6-GF59-QR4W vulnerabilities
Vulnerabilities for packages: gatekeeper, eksctl, fuse-overlayfs-snapshotter, scorecard, skaffold, tigera-operator, chartmuseum, docker, envoy-gateway, kaniko, linkerd2, steampipe, zot, newrelic-infrastructure-agent, datadog-agent, consul-k8s, helm-push, tw, syft, dagger, spegel, trivy-operator,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: headlamp-fips, manifest-tool, helm-operator, opa-fips-envoy, cloudbeat-fips, docker-compose, gogatekeeper, osv-scanner, eksctl, docker-fips, kots, linkerd2-fips, grype, kaniko, neuvector, linkerd2, envoy-gateway-fips, datadog-agent, tigera-operator-fips,...
CVE-2026-35206 vulnerabilities
Vulnerabilities for packages: eksctl, tigera-operator, chartmuseum, envoy-gateway, linkerd2, kuma, cilium-cli, zot, nova, consul-k8s, helm-push, tw, helm-docs, trivy-operator, cert-manager-cmctl, pluto, cluster-api-helm-controller, cerbos, flux-source-controller, k9s, chart-testing, headlamp,...
GHSA-HR2V-4R36-88HR vulnerabilities
Vulnerabilities for packages: eksctl, tigera-operator, chartmuseum, envoy-gateway, linkerd2, kuma, cilium-cli, zot, nova, consul-k8s, helm-push, tw, helm-docs, trivy-operator, cert-manager-cmctl, pluto, cluster-api-helm-controller, cerbos, flux-source-controller, k9s, chart-testing, headlamp,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: apko, envoy-ratelimit, temporal, local-path-provisioner, smarter-device-manager, mariadb-operator, volume-modifier-for-k8s, goreleaser, rabbitmq-messaging-topology-operator, flux-operator, nova, secrets-store-csi-driver-provider-aws, external-secrets-operator, hubble...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: skaffold, scorecard, crossplane-provider-azure-sql, gitlab-runner, syft, dagger, flux-source-controller, terraform-provider-azurerm, grafana-alloy, kubescape, argo-events, trivy, argo-rollouts, flux, zarf, terraform-provider-pagerduty, flux-kustomize-controller, kots...
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: skaffold, scorecard, crossplane-provider-azure-sql, gitlab-runner, syft, dagger, flux-source-controller, terraform-provider-azurerm, grafana-alloy, kubescape, argo-events, trivy, argo-rollouts, flux, zarf, terraform-provider-pagerduty, flux-kustomize-controller, kots...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: fluxcd-kustomize-mutating-webhook-fips, backup-restore-operator, gitlab-runner-fips, amazon-ssm-agent-fips, manifest-tool, terraform-provider-sendgrid, crossplane-provider-keycloak, aactl, rancher-fleet, eck-operator-fips, opa-fips-envoy, kubernetes-csi-driver-nfs,...
BIT-FLUX-2022-36049 Flux2 Helm Controller denial of service
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...
BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...
EUVD-2022-6887
Malicious code in bioql PyPI...
GHSA-8PJC-487G-W6P2 vulnerabilities
Vulnerabilities for packages: falcoctl, aactl, helm-operator, nri-memcached, terraform-mcp-server, kubernetes-csi-driver-nfs, emissary, kapp, plugin-barman-cloud, eksctl, spire-controller-manager, ipfs-cluster, dive, k8sgateway, kubernetes-csi-driver-hostpath, controller-gen, undock, rke2-runtime...
CVE-2025-55199 vulnerabilities
Vulnerabilities for packages: eksctl, chartmuseum, envoy-gateway, linkerd2, kuma, cilium-cli, zot, nova, consul-k8s, helm-push, tw, helm-docs, trivy-operator, cert-manager-cmctl, pluto, cluster-api-helm-controller, cerbos, flux-source-controller, k9s, flux-helm-controller, chart-testing, headlamp...
CVE-2025-55198 vulnerabilities
Vulnerabilities for packages: eksctl, chartmuseum, envoy-gateway, linkerd2, kuma, cilium-cli, zot, nova, consul-k8s, helm-push, helm-docs, trivy-operator, cert-manager-cmctl, pluto, cluster-api-helm-controller, cerbos, flux-source-controller, k9s, flux-helm-controller, chart-testing, headlamp,...
GHSA-F9F8-9PMF-XV68 vulnerabilities
Vulnerabilities for packages: eksctl, chartmuseum, envoy-gateway, linkerd2, kuma, cilium-cli, zot, nova, consul-k8s, helm-push, helm-docs, trivy-operator, cert-manager-cmctl, pluto, cluster-api-helm-controller, cerbos, flux-source-controller, k9s, flux-helm-controller, chart-testing, headlamp,...
GHSA-9H84-QMV7-982P vulnerabilities
Vulnerabilities for packages: eksctl, chartmuseum, envoy-gateway, linkerd2, kuma, cilium-cli, zot, nova, consul-k8s, helm-push, tw, helm-docs, trivy-operator, cert-manager-cmctl, pluto, cluster-api-helm-controller, cerbos, flux-source-controller, k9s, flux-helm-controller, chart-testing, headlamp...
CVE-2025-32387 vulnerabilities
Vulnerabilities for packages: flux-source-controller-fips, kubescape, chartmuseum-fips, cert-manager-cmctl-fips, harbor-fips, helm-operator, k8ssandra-client, cilium-cli, consul-k8s-fips, helm-push, flux-fips, flux-source-controller, cloudbeat-fips, trivy-fips, trivy, eksctl, chartmuseum,...
CVE-2025-32386 vulnerabilities
Vulnerabilities for packages: flux-source-controller-fips, kubescape, chartmuseum-fips, cert-manager-cmctl-fips, harbor-fips, helm-operator, k8ssandra-client, cilium-cli, consul-k8s-fips, helm-push, flux-fips, flux-source-controller, cloudbeat-fips, trivy-fips, trivy, eksctl, chartmuseum,...