185 matches found
CVE-2026-46203 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange...
GHSA-J454-PVHH-FCMQ vulnerabilities
Vulnerabilities for packages: linux-qemu-melange...
CVE-2025-71289 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange...
GHSA-644J-VC34-VF98 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange...
GHSA-JR63-V3PM-7XVJ vulnerabilities
Vulnerabilities for packages: linux-qemu-melange...
CVE-2026-31420 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange...
GHSA-47JG-VQRV-5F8V vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-gcp, linux-vmware, linux-qemu, linux-aws, linux-azure...
CVE-2026-46300 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-gcp, linux-vmware, linux-qemu, linux-aws, linux-azure...
CLEANSTART-2026-LR89498 Security fixes for CVE-2026-34986, ghsa-3xc5-wrhm-f963, ghsa-78h2-9frx-2jm8 applied in versions: 0.48.1-r0, 0.49.0-r0
Multiple security vulnerabilities affect the melange package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-VB45003 Security fixes for CVE-2026-34986, ghsa-78h2-9frx-2jm8 applied in versions: 0.48.1-r0
Multiple security vulnerabilities affect the melange package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-43500 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-gcp, linux-vmware, linux-qemu, linux-aws, linux-qemu-rc, linux-azure...
GHSA-8P2W-G92W-F4X3 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-gcp, linux-vmware, linux-qemu, linux-aws, linux-qemu-rc, linux-azure...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: kyverno, nfpm, trivy, dagger, tfsec, kaniko, kots, kubevela, trivy-operator, wolfictl, osv-scanner, grafana-alloy, gitaly, argocd-image-updater, flux-image-automation-controller, teleport, zot, gitlab-runner, goreleaser, argo-events, guac, cerbos, xeol, gomplate,...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: melange, kubescape-server-fips, trivy-operator, flux-source-controller, redpanda-console, amazon-ssm-agent, nemo, coder-fips, gitaly-fips, gitlab-rails-ce, chainctl, argo-events, nuclei, src-fingerprint-fips, scorecard, pulumi-language-dotnet, kyverno, grype, xeol,...
GHSA-G4P6-4X9W-QFQ5 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-azure...
CVE-2026-43228 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-azure...
GHSA-W5VP-HVM6-339G vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-gcp, linux-vmware, linux-qemu, linux-aws, linux-qemu-rc, linux-azure...
CVE-2026-31574 vulnerabilities
Vulnerabilities for packages: linux-qemu-melange, linux-gcp, linux-vmware, linux-qemu, linux-aws, linux-qemu-rc, linux-azure...
CVE-2026-29050
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...
CVE-2026-29050
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...