GHSA-89GR-R52H-F8RX vulnerabilities

Vulnerabilities for packages: grype-db, ko-fips, caddy, cg, tigera-operator, crossplane-provider-azure-synapse, chainctl, helm, nerdctl, terraform, rootlesskit-fips, k3s, apko, argo-workflows-fips, cosign, crossplane-provider-azure-policyinsights, gitlab-runner-fips,...

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: cloud-provider-aws, loki, mattermost, zot, mods, rootlesskit, falcoctl, apko, pulumi-language-java, fulcio, dagger, kubernetes-dashboard, telegraf, terragrunt, cilium, rancher-machine, openbao, age, crossplane-provider-family-azure, step-kms-plugin, chisel,...

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: flux, spire-server, dataplaneapi, temporal, hubble, aws-privateca-issuer, envoy-ratelimit, flux-operator, aws-load-balancer-controller, gh, metacontroller, dgraph, goreleaser, stakater-reloader, apko, flux-source-controller, newrelic-k8s-metadata-injection,...

CVE-2026-34986 vulnerabilities

Vulnerabilities for packages: ko-fips, cg, hydra, authentik, nerdctl, kube-oidc-proxy, sqlexporter, falcosidekick-fips, kubo, hydra-fips, kyverno-notation-aws-fips, ko, vault-env, beats, chainctl-fips, syft-fips, nerdctl-fips, traefik-fips, distribution, gitaly-fips, chainloop-control-plane-fips,...

CLEANSTART-2026-VP44686 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61732, CVE-2025-68121 applied in versions: 5.7.1-r0, 5.7.1-r1

Multiple security vulnerabilities affect the kustomize-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: pluto-fips, crossplane-provider-aws-iam, caddy, cg, crossplane-provider-aws-backup-fips, azure-service-operator, pluto, tigera-operator, linkerd2, chainctl, crossplane-provider-terraform-fips, aws-ebs-csi-driver, crossplane-provider-aws-lambda,...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: pluto-fips, crossplane-provider-aws-iam, caddy, cg, crossplane-provider-aws-backup-fips, azure-service-operator, pluto, tigera-operator, linkerd2, chainctl, crossplane-provider-terraform-fips, aws-ebs-csi-driver, crossplane-provider-aws-lambda,...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-dynamodb, crossplane-provider-aws-iam, argo-workflows, ratify, zot, apko, datadog-agent, pulumi-language-java, dagger, flux-helm-controller, terragrunt, openbao, crossplane-provider-family-azure, crossplane-provider-aws-cloudwatchlogs,...

GHSA-Q9HV-HPM4-HJ6X vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-dynamodb, crossplane-provider-aws-iam, argo-workflows, ratify, zot, apko, datadog-agent, pulumi-language-java, dagger, flux-helm-controller, terragrunt, openbao, crossplane-provider-family-azure, crossplane-provider-aws-cloudwatchlogs,...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-iam, grype-db, cg, hydra, crossplane-provider-keycloak-fips, helm, chainctl, terraform, crossplane-provider-aws-lambda, apko, crossplane-provider-aws-ecr, argo-workflows-fips, kubescape-server, terraform-provider-azurerm-fips,...

GHSA-FW7P-63QQ-7HPR vulnerabilities

Vulnerabilities for packages: keda, caddy, cg, loki-fips, step-fips, hydra, crossplane-provider-sql-fips, sqlexporter, k3s, apko, elastic-agent, temporal-server, temporal-server-fips, argo-workflows-fips, hydra-fips, gitea-fips, crossplane-provider-sql, jitsucom-bulker, nri-mysql-fips, beats,...

EUVD-2026-2097

Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository...

GHSA-XV56-3WQ5-9997 Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository

Summary The user-provided chart name in the kustomize manager is appended to the helm pull --untar command without proper sanitization. Details Adversaries can provide a maliciously crafted kustomization.yaml in conjunction with a Helm repo's index.yaml file to trick Renovate to execute arbitrary...

Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repository

Summary The user-provided chart name in the kustomize manager is appended to the helm pull --untar command without proper sanitization. Details Adversaries can provide a maliciously crafted kustomization.yaml in conjunction with a Helm repo's index.yaml file to trick Renovate to execute arbitrary...

CVE-2021-41254

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could...

[SECURITY] Fedora 42 Update: kustomize-5.8.0-1.fc42

Customization of kubernetes YAML configurations...

[SECURITY] Fedora 43 Update: kustomize-5.8.0-1.fc43

Customization of kubernetes YAML configurations...

Fedora: Security Advisory (FEDORA-2025-ecfd96d6a3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : kustomize (2025-ecfd96d6a3)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ecfd96d6a3 advisory. Update to 5.8.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Fedora 42 : kustomize (2025-a887e86abc)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a887e86abc advisory. Update to 5.8.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...