46 matches found
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: mattermost, upwind-agent, chisel-fips, nemo, gitlab-rails-ce, kine, telegraf, kube-arangodb-fips, opentelemetry-collector, cloud-provider-aws, knative-serving-fips, zot, frankenphp-8.5, kubescape, kubescape-server-fips, frankenphp-8.4, minio-fips, opentofu-fips,...
CLEANSTART-2026-VX15911 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2
Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-XV65906 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2
Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-JL47330 Security fixes for CVE-2025-22868, CVE-2025-47911, CVE-2025-47912, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-27145, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42507, CVE-2026-46598 applied in versions: 2.15.0-r0, 2.15.0-r1, 2.15.0-r2, 2.15.0-r3, 2.16.0-r3
Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-NG75665 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the kube-state-metrics package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...
CLEANSTART-2026-BM53321 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing
Multiple security vulnerabilities affect the kube-state-metrics package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...
CLEANSTART-2026-QN98167 html
Multiple security vulnerabilities affect the kube-state-metrics package. The html. See references for individual vulnerability details...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver, cadvisor, sftpgo, harbor-cli, crossplane-provider-aws-iam, fluent-operator, aws-otel-collector, kuberay-operator, cluster-api-gcp-controller, external-dns, podinfo, crossplane-provider-azure-sql, grafana-alloy, cluster-autoscaler,...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver, cadvisor, sftpgo, harbor-cli, crossplane-provider-aws-iam, fluent-operator, aws-otel-collector, kuberay-operator, cluster-api-gcp-controller, external-dns, podinfo, crossplane-provider-azure-sql, grafana-alloy, cluster-autoscaler,...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-elbv2-fips, azcopy-fips, istio-fips, opencost-fips, tflint, tflint-fips, k6-fips, gotrue-fips, grafana-beyla, crossplane-provider-aws-ecr-fips, envoy-gateway, gitlab-pages-fips, crossplane-provider-aws-imagebuilder, kine, kaniko, coredns,...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-elbv2-fips, azcopy-fips, istio-fips, opencost-fips, tflint, tflint-fips, k6-fips, gotrue-fips, grafana-beyla, crossplane-provider-aws-ecr-fips, envoy-gateway, gitlab-pages-fips, crossplane-provider-aws-imagebuilder, kine, kaniko, coredns,...
CLEANSTART-2026-EJ93145 attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames
Multiple security vulnerabilities affect the kube-state-metrics package. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. See references for individual vulnerability details...
CLEANSTART-2026-KK98885 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq applied in versions: 2.18.0-r0
Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RJ35552 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, ghsa-9h8m-3fm2-qjrq, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 2.17.0-r0, 2.17.0-r1, 2.18.0-r1
Multiple security vulnerabilities affect the kube-state-metrics-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RJ88561 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-VL83369 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-LP38773 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-PI00621 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
EUVD-2022-3542
Malicious code in bioql PyPI...
GHSA-7WRW-R4P8-38RX vulnerabilities
Vulnerabilities for packages: sftpgo, terraform, external-dns, k8sgpt, docker-credential-ecr-login, undock, configmap-reload, slsa-verifier, nats, falco-exporter, aws-load-balancer-controller, yq, kbld, prometheus-blackbox-exporter, coredns, node-problem-detector, conftest,...