Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via httprequester.go and httpdownloader.go‎. An attacker can access internal network resources and exfiltrate sensitive data by crafting malicious promotion templates or Promotion resources that trigger...

GHSA-CFPF-HRX2-8RV6 vulnerabilities

Vulnerabilities for packages: kserve, splunk-otel-collector, datadog-agent, tempo, coredns, grafana-alloy, k8sgateway, argo-workflows, vale, amazon-cloudwatch-agent, jaeger, opentelemetry-collector, kargo, opentelemetry-collector-contrib, k8sgpt, nats, kubeflow-pipelines, verticadb-operator, kine...

CVE-2025-68156 vulnerabilities

Vulnerabilities for packages: kserve, splunk-otel-collector, datadog-agent, tempo, coredns, grafana-alloy, k8sgateway, argo-workflows, vale, amazon-cloudwatch-agent, jaeger, opentelemetry-collector, kargo, opentelemetry-collector-contrib, k8sgpt, nats, kubeflow-pipelines, verticadb-operator, kine...

GHSA-CFPF-HRX2-8RV6 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines, coredns-fips, elastic-agent-fips, tempo, opentelemetry-collector-fips, argo-cd, vale, k3s, eks-distro-fips, keda-fips, aws-otel-collector-fips, datadog-agent, elastic-agent, opentelemetry-collector-contrib, eks-distro, nats-fips, grafana-alloy,...