GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: kots, opentelemetry-collector, gitea, nemo, flux-image-automation-controller, spire-server, helm, knative-serving-fips, kubescape-server-fips, cloudbeat, cilium, skaffold, kubescape, cilium-cli, k9s-fips, argocd-image-updater-fips, kubernetes, coder,...

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: cloud-provider-aws, flux, cert-manager, kots, mattermost, spire-server, chisel, k3s, kaf, minio, zot, fscrypt, kyverno, prometheus, snyk-cli, aactl, loki, kubernetes-dashboard, kubernetes, skaffold, zarf, external-dns, helm, telegraf, prometheus-operator, cilium-cli,...

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: teleport, nuclei, dagger, kaf, prometheus, neuvector-sigstore-interface, wolfictl, go-discover, crossplane-provider-azure-managedidentity, zarf, kargo, prometheus-operator, step-kms-plugin, telegraf, terragrunt, pulumi-language-java, crossplane-provider-family-azure,...

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: teleport, podman, cloud-provider-aws, flux, cert-manager, kots, mattermost, spire-server, k3s, kaf, minio, zot, fscrypt, kyverno, prometheus, snyk-cli, aactl, loki, kubernetes-dashboard, docker-cli-buildx, kubernetes, external-dns, helm, telegraf, prometheus-operator...

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: teleport, nuclei, dagger, kaf, prometheus, wolfictl, go-discover, zarf, telegraf, prometheus-operator, step-kms-plugin, terragrunt, pulumi-language-java, scorecard, gitlab-kas, rancher, external-secrets-operator, istio, pulumi, pulumi-language-dotnet, cert-manager,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: crypto: ccp – Fixed null pointer dereference in sevplatformshutdownlocked. The SEV platform device can be shut down with a null pspmaster, for example, using DEBUGTESTDRIVERREMOVE. This issue was identified using KASAN:...

kas-dagger-utils (=1.0.0) potentially affected by CVE-2026-47192 via kas (=4.8.2)

kas PYPI version =4.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on kas and may be impacted: - kas-dagger-utils =1.0.0 Source cves: CVE-2026-47192 Source advisory: OSV:GHSA-4VQC-WPWG-VH7J...

kas's late signature validation may allow unnoticed repository manipulations

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

PT-2026-46846

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

kas-dagger-utils (=1.0.0) potentially affected by CVE-2026-47191 via kas (=4.8.2)

kas PYPI version =4.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on kas and may be impacted: - kas-dagger-utils =1.0.0 Source cves: CVE-2026-47191 Source advisory: OSV:GHSA-QJWP-HRQ6-R26R...

PT-2026-45483

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

GHSA-J88V-2CHJ-QFWX vulnerabilities

Vulnerabilities for packages: flyte, cloudprober, kubeflow-pipelines, teleport, sqlexporter, wal-g, step-ca, spicedb, spire-server, k3s, steampipe, caddy, kube-bench, hydra, temporal-server, kuma, step, argo-workflows, amass, keda, gitness, sftpgo-plugin-eventsearch, rke2-cloud-provider,...

kernel: net/sched: cls_u32: use skb_header_pointer_careful()

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: vt-cli, crossplane-provider-sql, knative-operator, kube-bench, azure-workload-identity-webhook, php-fpmexporter, haproxy-ingress, helm-set-status, kwok, cadvisor, portieris, addon-resizer, kargo, litestream, scorecard, nri-prometheus, nri-rabbitmq, argo-rollouts,...

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: vt-cli, gogatekeeper, knative-operator, kube-bench, azure-workload-identity-webhook, php-fpmexporter, cadvisor, portieris, crossplane-provider-aws-sns, addon-resizer, sealed-secrets, crossplane-provider-aws-s3, litestream, terragrunt, openfga, nri-prometheus,...

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-cloudwatchlogs, migrate, teleport, gogatekeeper, aws-load-balancer-controller, kaf, knative-operator, libnvidia-container, trino, prometheus, neuvector-sigstore-interface, aws-flb-kinesis, thanos, cadvisor, dataplaneapi,...

GHSA-J3GX-2473-5FP8 vulnerabilities

Vulnerabilities for packages: vt-cli, gogatekeeper, knative-operator, kube-bench, azure-workload-identity-webhook, php-fpmexporter, cadvisor, portieris, crossplane-provider-aws-sns, addon-resizer, sealed-secrets, crossplane-provider-aws-s3, litestream, terragrunt, openfga, nri-prometheus,...

CVE-2026-27142 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-cloudwatchlogs, migrate, teleport, gogatekeeper, aws-load-balancer-controller, kaf, knative-operator, libnvidia-container, trino, prometheus, neuvector-sigstore-interface, aws-flb-kinesis, thanos, cadvisor, dataplaneapi,...