AZL-76935 CVE-2025-47911 affecting package keda for versions less than 2.4.0-32

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

CVE-2025-68476 affecting package keda for versions less than 2.14.1-9

CVE-2025-68476 affecting package keda for versions less than 2.14.1-9. A patched version of the package is available...

AZL-72736 CVE-2025-68156 affecting package keda for versions less than 2.14.1-9

Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including flatten, min, max, mean, and median, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation...

AZL-33598 CVE-2022-32149 affecting package keda for versions less than 2.4.0-23

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...