CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: docker-compose, tw, xeol, tigera-operator, cluster-api-helm-controller, neuvector-scanner, trivy-operator, kubescape-operator, grype, datadog-agent, gogatekeeper, k8sgpt, kargo, kaniko, kube-arangodb, k9s, linkerd2, rancher-agent, steampipe, fuse-overlayfs-snapshotte...

GHSA-FQW6-GF59-QR4W vulnerabilities

Vulnerabilities for packages: docker-compose, tw, xeol, tigera-operator, cluster-api-helm-controller, neuvector-scanner, trivy-operator, kubescape-operator, grype, datadog-agent, gogatekeeper, k8sgpt, kargo, kaniko, kube-arangodb, k9s, linkerd2, rancher-agent, steampipe, fuse-overlayfs-snapshotte...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: helm-push, zot, helm-operator, tw, trivy-fips, skaffold, cluster-api-helm-controller-fips, docker-compose, manifest-tool, consul-k8s-fips, kaniko, tigera-operator, helm, opa, kargo, helm-set-status, neuvector-scanner-fips, spegel-fips, docker-cli-buildx,...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: tw, tigera-operator, cluster-api-helm-controller, trivy-operator, harbor, nova, helm-docs, chart-testing, kube-arangodb, k9s, linkerd2, zot, cilium-cli, eksctl, chartmuseum, zarf, helm-set-status, kots, flux-source-controller, helm-mapkubeapis, flux, helm-push,...

CVE-2026-35206 vulnerabilities

Vulnerabilities for packages: tw, tigera-operator, cluster-api-helm-controller, trivy-operator, harbor, nova, helm-docs, chart-testing, kube-arangodb, k9s, linkerd2, zot, cilium-cli, eksctl, chartmuseum, zarf, helm-set-status, kots, flux-source-controller, helm-mapkubeapis, flux, helm-push,...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: apko, karpenter, clickhouse-operator, grafana-operator, temporal, flux-image-automation-controller, aws-load-balancer-controller, github-mcp-server, secrets-store-csi-driver-provider-aws, grafana-rollout-operator, ingress-nginx-controller,...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: xeol, crossplane-provider-aws-kinesis, crossplane-provider-aws-ec2, argo-rollouts, crossplane-provider-azure-authorization, grafana-alloy, crossplane-provider-aws-route53, k9s, zot, actions-runner-controller, crossplane-provider-aws-iam,...

GHSA-Q9HV-HPM4-HJ6X vulnerabilities

Vulnerabilities for packages: xeol, crossplane-provider-aws-kinesis, crossplane-provider-aws-ec2, argo-rollouts, crossplane-provider-azure-authorization, grafana-alloy, crossplane-provider-aws-route53, k9s, zot, actions-runner-controller, crossplane-provider-aws-iam,...

GHSA-8JVR-VH7G-F8GX vulnerabilities

Vulnerabilities for packages: agentbeat, zot, aws-sigv4-proxy-fips, cilium-certgen, extism, jaeger-operator, protoc-gen-go, rancher-support-bundle-kit, stampdalf, tw, crossplane-provider-aws-kms, minio-object-browser-fips, jupyterhub-k8s-image-awaiter-fips, skaffold, glow, nova-fips, podman,...

BIT-FLUX-2022-36049 Flux2 Helm Controller denial of service

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...

BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

EUVD-2022-6887

Malicious code in bioql PyPI...

GHSA-8PJC-487G-W6P2 vulnerabilities

Vulnerabilities for packages: helm-push, zot, helm-operator, src, traefik, dapr, k8sgateway, nginx-prometheus-exporter, glow, ip-masq-agent, clickhouse-operator, grafana-rollout-operator, nri-rabbitmq, terraform, ko, kube-logging-operator, ipfs-cluster, nats-server-config-reloader, apm-server,...

CVE-2025-55199 vulnerabilities

Vulnerabilities for packages: tw, cluster-api-helm-controller, trivy-operator, harbor, kargo, helm-docs, chart-testing, nova, kube-arangodb, k9s, linkerd2, zot, cilium-cli, eksctl, chartmuseum, zarf, helm-set-status, kots, flux-source-controller, helm-mapkubeapis, flux, helm-push, kubescape,...

CVE-2025-55198 vulnerabilities

Vulnerabilities for packages: cluster-api-helm-controller, trivy-operator, harbor, kargo, helm-docs, chart-testing, nova, kube-arangodb, k9s, linkerd2, zot, cilium-cli, eksctl, chartmuseum, zarf, helm-set-status, kots, flux-source-controller, helm-mapkubeapis, flux, helm-push, kubescape, headlamp...

GHSA-F9F8-9PMF-XV68 vulnerabilities

Vulnerabilities for packages: cluster-api-helm-controller, trivy-operator, harbor, kargo, helm-docs, chart-testing, nova, kube-arangodb, k9s, linkerd2, zot, cilium-cli, eksctl, chartmuseum, zarf, helm-set-status, kots, flux-source-controller, helm-mapkubeapis, flux, helm-push, kubescape, headlamp...

GHSA-9H84-QMV7-982P vulnerabilities

Vulnerabilities for packages: tw, cluster-api-helm-controller, trivy-operator, harbor, kargo, helm-docs, chart-testing, nova, kube-arangodb, k9s, linkerd2, zot, cilium-cli, eksctl, chartmuseum, zarf, helm-set-status, kots, flux-source-controller, helm-mapkubeapis, flux, helm-push, kubescape,...

CVE-2025-32387 vulnerabilities

Vulnerabilities for packages: flux-source-controller-fips, eksctl, helm-push, zot, helm-operator, kuma, pluto, tw, trivy-fips, flux, helm-operator-fips, cluster-api-helm-controller-fips, flux-helm-controller-fips, cert-manager-cmctl-fips, consul-k8s-fips, teleport, flux-source-controller,...

CVE-2025-32386 vulnerabilities

Vulnerabilities for packages: flux-source-controller-fips, eksctl, helm-push, zot, helm-operator, kuma, pluto, tw, trivy-fips, flux, helm-operator-fips, cluster-api-helm-controller-fips, flux-helm-controller-fips, cert-manager-cmctl-fips, consul-k8s-fips, teleport, flux-source-controller,...

GHSA-265R-HFXG-FHMG vulnerabilities

Vulnerabilities for packages: docker-compose, xeol, cluster-api-helm-controller, neuvector-scanner, nerdctl, grype, melange, datadog-agent, k8sgpt, kargo, kaniko, linkerd2, fuse-overlayfs-snapshotter, zot, cilium-cli, eksctl, skaffold, chartmuseum, helm, k3s, spegel, zarf, osv-scanner, kots,...