62 matches found
GHSA-XHF5-7WJV-PQXP vulnerabilities
Vulnerabilities for packages: tigera-operator, syft, datadog-agent-fips, docker-fips, dagger, zarf, envoy-gateway-fips, neuvector-fips, skaffold-fips, teleport, chaos-mesh, livekit-cli, kube-mgmt, rancher-agent, fuse-overlayfs-snapshotter, amazon-ecs-agent-fips, chainctl-fips, kubevela-fips,...
GHSA-FQW6-GF59-QR4W vulnerabilities
Vulnerabilities for packages: chartmuseum, datadog-agent, trivy-operator, grype, headlamp, k9s, kubescape, tigera-operator, kubescape-operator, trivy, gogatekeeper, docker-compose, manifest-tool, steampipe, scorecard, containerd, helm-mapkubeapis, k8ssandra-client, kaniko, k3s, syft, rancher,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: chartmuseum, datadog-agent, trivy-operator, grype, headlamp, k9s, kubescape, tigera-operator, kubescape-operator, trivy, gogatekeeper, docker-compose, manifest-tool, steampipe, scorecard, containerd, helm-mapkubeapis, k8ssandra-client, kaniko, k3s, syft, rancher,...
CVE-2026-46680 vulnerabilities
Vulnerabilities for packages: tigera-operator, syft, datadog-agent-fips, docker-fips, dagger, opa, zarf, envoy-gateway-fips, eks-node-monitoring-agent, neuvector-fips, k8ssandra-client, skaffold-fips, teleport, chaos-mesh, gitlab-rails-ce, livekit-cli, kube-mgmt, cg, rancher-agent,...
CVE-2026-35206 vulnerabilities
Vulnerabilities for packages: chartmuseum, trivy-operator, nova, headlamp, k9s, cilium-cli, kubescape, tigera-operator, trivy, kuma, helm-mapkubeapis, k8ssandra-client, flux-source-controller, envoy-gateway, kube-arangodb, teleport, rancher-fleet, cert-manager-cmctl, helm-operator, eksctl,...
GHSA-HR2V-4R36-88HR vulnerabilities
Vulnerabilities for packages: chartmuseum, trivy-operator, nova, headlamp, k9s, cilium-cli, kubescape, tigera-operator, trivy, kuma, helm-mapkubeapis, k8ssandra-client, flux-source-controller, envoy-gateway, kube-arangodb, teleport, rancher-fleet, cert-manager-cmctl, helm-operator, eksctl,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: actions-runner-controller, nova, flux-image-reflector-controller, aws-network-policy-agent, dkron, newrelic-k8s-metadata-injection, secrets-store-csi-driver-provider-aws, victoriametrics-cluster, dataplaneapi, flux-image-automation-controller, karpenter,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: flux-kustomize-controller, pulumi-language-dotnet, crossplane-provider-aws-cloudfront, vcluster, trivy, pulumi-kubernetes-operator, flux-image-automation-controller, pulumi-language-yaml, cert-manager-cmctl, crossplane-provider-azure-managedidentity,...
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: flux-kustomize-controller, pulumi-language-dotnet, crossplane-provider-aws-cloudfront, vcluster, trivy, pulumi-kubernetes-operator, flux-image-automation-controller, pulumi-language-yaml, cert-manager-cmctl, crossplane-provider-azure-managedidentity,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: percona-xtradb-cluster-operator-fips, aws-flb-kinesis-fips, kvm-device-plugin, minify-fips, aws-flb-firehose, prometheus-beat-exporter-fips, amazon-cloudwatch-agent-operator, nsc-fips, crossplane-provider-aws-s3-fips, kyverno, authservice, witness,...
BIT-FLUX-2022-36049 Flux2 Helm Controller denial of service
Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...
BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution
Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...
EUVD-2022-6887
Malicious code in bioql PyPI...
GHSA-8PJC-487G-W6P2 vulnerabilities
Vulnerabilities for packages: tigera-operator, harbor-registry, kapp, kubernetes-dashboard-web, wgcf, nri-memcached, guac, opa, amazon-cloudwatch-agent-operator, terraform, wal-g, kyverno, teleport, falcoctl, kubernetes-csi-driver-nfs, nodetaint, aws-privateca-issuer, dive, tekton-chains, cg,...
CVE-2025-55199 vulnerabilities
Vulnerabilities for packages: chartmuseum, trivy-operator, nova, headlamp, k9s, cilium-cli, kubescape, trivy, kuma, helm-mapkubeapis, k8ssandra-client, flux-source-controller, envoy-gateway, kube-arangodb, teleport, rancher-fleet, cert-manager-cmctl, helm-operator, kargo, eksctl, chart-testing,...
CVE-2025-55198 vulnerabilities
Vulnerabilities for packages: chartmuseum, trivy-operator, nova, headlamp, k9s, cilium-cli, kubescape, trivy, kuma, helm-mapkubeapis, k8ssandra-client, flux-source-controller, envoy-gateway, kube-arangodb, teleport, rancher-fleet, cert-manager-cmctl, helm-operator, kargo, eksctl, chart-testing,...
GHSA-F9F8-9PMF-XV68 vulnerabilities
Vulnerabilities for packages: chartmuseum, trivy-operator, nova, headlamp, k9s, cilium-cli, kubescape, trivy, kuma, helm-mapkubeapis, k8ssandra-client, flux-source-controller, envoy-gateway, kube-arangodb, teleport, rancher-fleet, cert-manager-cmctl, helm-operator, kargo, eksctl, chart-testing,...
GHSA-9H84-QMV7-982P vulnerabilities
Vulnerabilities for packages: chartmuseum, trivy-operator, nova, headlamp, k9s, cilium-cli, kubescape, trivy, kuma, helm-mapkubeapis, k8ssandra-client, flux-source-controller, envoy-gateway, kube-arangodb, teleport, rancher-fleet, cert-manager-cmctl, helm-operator, kargo, eksctl, chart-testing,...
CVE-2025-32387 vulnerabilities
Vulnerabilities for packages: eksctl, flux, k9s, flux-helm-controller, cloudbeat-fips, zarf, trivy-fips, k8ssandra-client-fips, cert-manager, k8ssandra-client, kots, helm-docs, pluto, chartmuseum, helm-operator, cluster-api-helm-controller, cert-manager-cmctl-fips, cert-manager-fips,...
CVE-2025-32386 vulnerabilities
Vulnerabilities for packages: eksctl, flux, k9s, flux-helm-controller, cloudbeat-fips, zarf, trivy-fips, k8ssandra-client-fips, cert-manager, k8ssandra-client, kots, helm-docs, pluto, chartmuseum, helm-operator, cluster-api-helm-controller, cert-manager-cmctl-fips, cert-manager-fips,...