GHSA-GXHX-2686-5H9G vulnerabilities

Vulnerabilities for packages: kubernetes-event-exporter, atlantis, bento, argo-rollouts, goreleaser, argo-events, argo-cd, kyverno-policy-reporter, kubewatch...

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: ipfs-cluster-fips, crossplane-provider-azure-notificationhubs, cluster-api-ipam-provider-in-cluster, crossplane-provider-gitlab, flux-helm-controller-fips, terraform-provider-databricks-fips, crossplane-provider-aws-elasticsearch-fips,...

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: teleport, slsa-verifier, litestream, dataplaneapi, knative-client, cilium-cli, trivy, chartmuseum, k8ssandra-client, gitlab-runner, step, metallb, crossplane-provider-azure-sql, kubernetes-event-exporter, hubble, cadvisor, cilium, crossplane-provider-aws-kinesis,...

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: teleport, slsa-verifier, litestream, dataplaneapi, knative-client, cilium-cli, trivy, chartmuseum, k8ssandra-client, gitlab-runner, step, metallb, crossplane-provider-azure-sql, kubernetes-event-exporter, hubble, cadvisor, cilium, crossplane-provider-aws-kinesis,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: slsa-verifier, litestream, ctop, kwok, chezmoi, knative-client, malcontent, chartmuseum, sftpgo-plugin-pubsub, otel-cli, ingress-nginx-controller, goreleaser, kubernetes-csi-external-resizer, step, filebrowser, mariadb-operator, github-mcp-server, gcsfuse,...

CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

CVE-2025-65637 vulnerabilities

Vulnerabilities for packages: prometheus-beat-exporter-fips, php-fpmexporter, prometheus-beat-exporter, consul-fips, docker-credential-gcr, falcoctl-fips, terraform-provider-google-fips, src-fingerprint, terraform-provider-google, aws-flb-firehose-fips, aws-flb-kinesis-fips,...

GHSA-4F99-4Q7P-P3GH vulnerabilities

Vulnerabilities for packages: prometheus-beat-exporter-fips, php-fpmexporter, prometheus-beat-exporter, consul-fips, docker-credential-gcr, falcoctl-fips, terraform-provider-google-fips, src-fingerprint, terraform-provider-google, aws-flb-firehose-fips, aws-flb-kinesis-fips,...

GHSA-5MH9-3JWC-RP59 vulnerabilities

Vulnerabilities for packages: spiffe-helper-fips, flux-helm-controller-fips, cert-manager-webhook-pdns, grpc-health-probe-fips, gitlab-workhorse-ce-fips, stakater-reloader, go-discover-fips, ko, grafana, mariadb-operator-fips, nri-discovery-kubernetes-fips, sealed-secrets-fips,...

Moderate: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat 2.14.1-467 OpenShift Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift Security Update to fix Moderate CVE-2024-24791 The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional operator based upon the Kubernetes Event Driven Autoscaler KEDA, which allows workloads to be scaled by using...

Low: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.12.1-394 Security Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...

CVE-2024-31391

The CVE-2024-31391 issue affects the Apache Solr Operator (versions 0.3.0–0.8.0). When bootstraping security with basic authentication, the operator creates accounts (including k8s-oper) and uses health probes (liveness/readiness/startup) to check Solr. By default, probe endpoints can be exempt f...

Moderate: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift (with security updates)

Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...