25 matches found
GHSA-MPWR-8VM7-H73F vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-servicenetworking, x509-certificate-exporter-fips, crossplane-provider-family-azure, x509-certificate-exporter, crossplane-provider-azure-servicebus, crossplane-provider-azure-operationsmanagement, crossplane-provider-azure-relay, grafana,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: src, argo-events-fips, crossplane-provider-aws-directconnect, crossplane-provider-aws-cloudwatchevents, crossplane-provider-azure-synapse, flux-image-automation-controller, agentbeat, crossplane-provider-aws-emr-fips, loki, gomplate, docker-machine-driver-linode,...
GHSA-MPWR-8VM7-H73F vulnerabilities
Vulnerabilities for packages: cert-manager, crossplane-provider-azure-managedidentity, x509-certificate-exporter, crossplane-provider-family-azure, nfpm, external-secrets-operator, grafana, goreleaser, nuclei, splunk-otel-collector, gobuster, crossplane-provider-azure-authorization,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: kyverno, guac, flux-image-automation-controller, terragrunt, k3s, tkn, dagger, nfpm, falcoctl, atlantis, containerd, cilium-cli, step-issuer, step-kms-plugin, loki, policy-controller, crossplane-provider-family-azure, argocd-image-updater, pulumi-language-java,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: postgres-operator, flux-image-automation-controller, k3s, terraform-provider-random, volume-modifier-for-k8s, delve, sftpgo-plugin-geoipfilter, go, trillian, multus-cni, atlantis, jitsucom-bulker, vault-k8s, migrate, yunikorn-web,...
CVE-2026-32285 vulnerabilities
Vulnerabilities for packages: ollama, rclone, terragrunt, k3s, dagger, opentelemetry-collector, nfpm, grafana, goreleaser, gitlab-runner, kubevela, teleport, tempo, datadog-agent, opentelemetry-collector-contrib, loki, witness, prometheus, mcp-grafana, grafana-alloy, lazygit, weaviate, minio,...
GHSA-GM2X-2G9H-CCM8 vulnerabilities
Vulnerabilities for packages: syft, pulumi-language-dotnet, argo-events-fips, flux-fips, grafana, flux-source-controller-fips, trivy-fips, flux-image-automation-controller, gitaly-fips, cerbos, kyverno-fips, gomplate, dagger, osv-scanner, cerbos-fips, grype, guac, xeol, grafana-fips, syft-fips,...
CVE-2026-34165 vulnerabilities
Vulnerabilities for packages: syft, pulumi-language-dotnet, argo-events-fips, flux-fips, grafana, flux-source-controller-fips, trivy-fips, flux-image-automation-controller, gitaly-fips, cerbos, kyverno-fips, gomplate, dagger, osv-scanner, cerbos-fips, grype, guac, xeol, grafana-fips, syft-fips,...
CVE-2026-33762 vulnerabilities
Vulnerabilities for packages: syft, pulumi-language-dotnet, argo-events-fips, flux-fips, grafana, flux-source-controller-fips, trivy-fips, flux-image-automation-controller, gitaly-fips, cerbos, kyverno-fips, gomplate, dagger, osv-scanner, cerbos-fips, grype, guac, xeol, grafana-fips, syft-fips,...
CVE-2026-33762 vulnerabilities
Vulnerabilities for packages: kyverno, guac, snyk-cli, pulumi, flux-image-automation-controller, gptscript, rancher-fleet, zot, dagger, gitsign, chezmoi, gitea, pulumi-language-dotnet, nfpm, external-secrets-operator, grafana, flux, gitlab-runner, kubevela, teleport, syft, argo-workflows, melange...
GHSA-JHF3-XXHW-2WPP vulnerabilities
Vulnerabilities for packages: kyverno, guac, snyk-cli, pulumi, flux-image-automation-controller, gptscript, rancher-fleet, zot, dagger, gitsign, chezmoi, gitea, pulumi-language-dotnet, nfpm, external-secrets-operator, grafana, flux, gitlab-runner, kubevela, teleport, syft, argo-workflows, melange...
CVE-2026-34165 vulnerabilities
Vulnerabilities for packages: kyverno, guac, snyk-cli, pulumi, flux-image-automation-controller, gptscript, rancher-fleet, zot, dagger, gitsign, chezmoi, gitea, pulumi-language-dotnet, nfpm, external-secrets-operator, grafana, flux, gitlab-runner, kubevela, teleport, syft, argo-workflows, melange...
EUVD-2023-1637
Malicious code in bioql PyPI...
Information Disclosure
github.com/goreleaser/nfpm is vulnerable to Information Disclosure. The vulnerability exists due to improper permission configuration in files and folders which allows an attacker access to the package on the file system...
CVE-2023-32698
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...
CVE-2023-32698
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...
Code injection
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...
CVE-2023-32698 nfpm vulnerable to Incorrect Default Permissions
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...
CVE-2023-32698 nfpm vulnerable to Incorrect Default Permissions
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...
CVE-2023-32698 nfpm vulnerable to Incorrect Default Permissions
nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...