CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Wolfi•added 2026/02/26 7:48 p.m.•9 views

GHSA-Q9HV-HPM4-HJ6X vulnerabilities

Vulnerabilities for packages: q, crossplane-provider-azure-authorization, goreleaser, scorecard, nuclei, trivy-operator, tfsec, kyverno-notation-aws, actions-runner-controller, grafana-alloy, gitea, crossplane-provider-aws-ec2, melange, gptscript, lazygit, pulumi-language-dotnet, witness,...

Wolfi•added 2026/02/26 7:48 p.m.•9 views

CVE-2026-1229 vulnerabilities

9.8CVSS7.3AI score0.00397EPSS

Chainguard•added 2026/02/26 7:17 p.m.•9 views

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: sops, argo-cd, terraform-provider-pagerduty, pulumi-language-java, argo-events-fips, cert-manager-cmctl, wolfictl, hydra, atlantis-fips, crossplane-provider-aws-lambda-fips, crossplane-provider-aws-ec2, terraform-provider-azuread, cerbos, gitlab-rails-ce-fips,...

9.8CVSS7.3AI score0.00397EPSS

OSV•added 2025/12/02 5:36 p.m.•3 views

BIT-FLUX-2022-24878 Improper path handling in Kustomization files allows for denial of service

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user's CI/CD pipeline to...

7.7CVSS6.6AI score0.0093EPSS

OSV•added 2025/12/02 5:36 p.m.•3 views

BIT-FLUX-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS7AI score0.01084EPSS

OSV•added 2025/12/02 5:36 p.m.•4 views

BIT-FLUX-2022-24817 Improper kubeconfig validation allows arbitrary code execution

Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also...

9.9CVSS7.3AI score0.01022EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-3043

Malicious code in bioql PyPI...

7.7CVSS6.8AI score0.0093EPSS

Exploits0References3

Chainguard•added 2025/08/09 1:17 p.m.•9 views

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: argo-cd, chart-testing-fips, glow, kubernetes-dashboard-web, pulumi-language-java, cert-manager-cmctl, apache-exporter, gitlab-kas-fips, wolfictl, cluster-autoscaler-fips, amass, kubo, amazon-k8s-cni, steampipe, kube-arangodb-fips, prometheus-redis-exporter-fips,...

RedhatCVE•added 2025/02/05 9:42 p.m.•7 views

CVE-2022-24877

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS6.8AI score0.01084EPSS

Exploits0References1

Chainguard•added 2024/12/18 6:23 p.m.•7 views

GHSA-32GQ-X56H-299C vulnerabilities

Vulnerabilities for packages: sops, chezmoi, sops-fips, grafana-fips, ksops, age, flux-kustomize-controller, flux-kustomize-controller-fips, age-fips, litestream, grafana...

OSV•added 2024/08/21 2:30 p.m.•7 views

GO-2022-0260 Privilege escalation to cluster admin on multi-tenant environments in github.com/fluxcd/kustomize-controller

Privilege escalation to cluster admin on multi-tenant environments in github.com/fluxcd/kustomize-controller...

9CVSS8.8AI score0.01766EPSS

Exploits1References2

Wolfi•added 2024/06/11 5:16 p.m.•111 views

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: restic, boring-registry, spire-server, goreleaser, kubescape, falcoctl, fluent-bit-plugin-loki, sops, wal-g, nuclei, hugo, hugo-extended, py3-cassandra-medusa, py3-azure-identity, velero, opentelemetry-collector-contrib, sqlpad, tekton-chains, k8sgpt,...

5.5CVSS6.4AI score0.00788EPSS

OSV•added 2024/03/06 10:55 a.m.•18 views

BIT-KUSTOMIZE-2022-24877 Improper path handling in kustomization files allows path traversal

Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious kustomization.yaml allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments...

9.9CVSS9AI score0.01084EPSS

OSV•added 2024/03/06 10:55 a.m.•21 views

BIT-KUSTOMIZE-2022-24878 Improper path handling in Kustomization files allows for denial of service

7.7CVSS6.4AI score0.0093EPSS

Chainguard•added 2024/03/05 11:15 p.m.•76 views

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: pulumi-language-java, ferretdb, atlantis-fips, cluster-autoscaler-fips, amass, crossplane-provider-aws-ec2, prometheus-redis-exporter-fips, aws-efs-csi-driver, crossplane-provider-aws-firehose, kubernetes-csi-livenessprobe, rekor, nuclei,...

7.5CVSS6.6AI score0.01262EPSS

Chainguard•added 2023/10/25 9:17 p.m.•83 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: falco, kubernetes-csi-livenessprobe-fips, kiam, cortex, prometheus-adapter-fips, cluster-autoscaler-fips, timestamp-authority-fips, kube-oidc-proxy, metrics-server-fips, slsa-verifier, src, dgraph, kubernetes-csi-livenessprobe, aactl, kubeflow-fips,...

Wolfi•added 2023/10/10 9:28 p.m.•43 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-gcp, dgraph, terraform-provider-sendgrid, scorecard, slsa-verifier, hugo, cue, grpcurl, nghttp2, external-dns, nri-prometheus, ip-masq-agent, pulumi-language-dotnet, git-lfs, flux-notification-controller, weaviate,...