GHSA-RJFV-PJVX-MJGV vulnerabilities

Vulnerabilities for packages: aws-load-balancer-controller...

CLEANSTART-2026-BZ28794 Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service

Multiple security vulnerabilities affect the aws-load-balancer-controller package. Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. See references for...

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: dfc, opentelemetry-operator, kind, seaweedfs, ratify, nerdctl, cluster-api-aws-controller, kube-bench, prometheus-alertmanager, glab, rancher-telemetry, azurefile-csi, pluto, php-fpmexporter, opensearch-k8s-operator, kuma, govulncheck, harbor, nri-mongodb,...

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, influxd, caddy, crossplane-provider-azure-managedidentity, fulcio, http-echo, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller, opa, postgres-operator-fips, docker-machine-driver-harvester, loki-3.6,...

GHSA-62JJ-GR2R-5C34 vulnerabilities

Vulnerabilities for packages: trivy, kapp, influxd, restic-fips, fulcio, http-echo, kube-bench, opa, postgres-operator-fips, docker-machine-driver-harvester, loki-3.6, terraform-provider-azuread, elastic-agent, kube-state-metrics, kapp-controller-fips, ollama-fips, envoy-gateway-fips, git-lfs, fq...

GHSA-W32M-9786-JP63 vulnerabilities

Vulnerabilities for packages: opentelemetry-operator, seaweedfs, nerdctl, kube-bench, prometheus-alertmanager, glab, nri-prometheus, kubeadm-bootstrap-controller, cilium-cli, velero, pluto, local-path-provisioner, victoriametrics, opensearch-k8s-operator, fulcio, volume-modifier-for-k8s,...

GO-2024-3212 AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller

AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers in sigs.k8s.io/aws-load-balancer-controller. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module...

AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers

Summary The AWS Load Balancer Controller includes an optional, default-enabled feature that manages WAF WebACLs on Application Load Balancers ALBs on your behalf. In versions 2.8.1 and earlier, if the WebACL annotation 1 alb.ingress.kubernetes.io/wafv2-acl-arn or...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: aws-efs-csi-driver, caddy, kube-logging-logging-operator, newrelic-infrastructure-agent, atlantis, terraform-provider-sendgrid-fips, runc, aactl, kaf, kube-state-metrics, prometheus-adapter-fips, external-dns, kubescape, git-lfs, buildkitd,...