46 matches found
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: kyverno-fips, flux, flux-image-automation-controller, kaf, tekton-pipelines, cloud-provider-aws, harbor, knative-serving-fips, skaffold, skaffold-fips, zot, commercial-grafana, gatekeeper-fips, chisel, coder-fips, knative-kafka-broker-fips, kubescape-server-fips,...
CLEANSTART-2026-VX15911 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2
Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-XV65906 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2
Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-JL47330 Security fixes for CVE-2025-22868, CVE-2025-47911, CVE-2025-47912, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-27145, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42507, CVE-2026-46598 applied in versions: 2.15.0-r0, 2.15.0-r1, 2.15.0-r2, 2.15.0-r3, 2.16.0-r3
Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-NG75665 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the kube-state-metrics package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...
CLEANSTART-2026-BM53321 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing
Multiple security vulnerabilities affect the kube-state-metrics package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...
CLEANSTART-2026-QN98167 html
Multiple security vulnerabilities affect the kube-state-metrics package. The html. See references for individual vulnerability details...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: cadvisor, scorecard, kubernetes, metrics-server, skaffold, terraform-provider-google, crossplane-provider-aws-rds, falcosidekick, apisix-ingress-controller, prometheus, kserve, cluster-api-gcp-controller, tekton-chains, mcp-grafana, tekton-pipelines, fluent-operator,...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: cadvisor, scorecard, kubernetes, metrics-server, skaffold, terraform-provider-google, crossplane-provider-aws-rds, falcosidekick, apisix-ingress-controller, prometheus, kserve, cluster-api-gcp-controller, tekton-chains, mcp-grafana, tekton-pipelines, fluent-operator,...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter-fips, cilium-fips, gcsfuse, ko, rabbitmq-messaging-topology-operator-fips, clickhouse-backup-fips, ksops, rancher-webhook-fips, crossplane-provider-sql-fips, tekton-pipelines, crossplane-provider-aws-macie2, datadog-operator,...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter-fips, cilium-fips, gcsfuse, ko, rabbitmq-messaging-topology-operator-fips, clickhouse-backup-fips, ksops, rancher-webhook-fips, crossplane-provider-sql-fips, tekton-pipelines, crossplane-provider-aws-macie2, datadog-operator,...
CLEANSTART-2026-EJ93145 attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames
Multiple security vulnerabilities affect the kube-state-metrics package. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. See references for individual vulnerability details...
CLEANSTART-2026-KK98885 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq applied in versions: 2.18.0-r0
Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RJ35552 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, ghsa-9h8m-3fm2-qjrq, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 2.17.0-r0, 2.17.0-r1, 2.18.0-r1
Multiple security vulnerabilities affect the kube-state-metrics-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-RJ88561 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-LP38773 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-VL83369 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
CLEANSTART-2026-PI00621 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate
Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...
EUVD-2022-3542
Malicious code in bioql PyPI...
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: cadvisor, nuclei, petname, scorecard, kubeadm-bootstrap-controller, metrics-server, skaffold, doppler-kubernetes-operator, stakater-reloader, aws-flb-firehose, prometheus-pushgateway, delve, up, gke-gcloud-auth-plugin, go-licenses, litefs,...