Lucene search
K

25 matches found

Chainguard
Chainguard
added 6 days ago6 views

GHSA-MPWR-8VM7-H73F vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-servicenetworking, x509-certificate-exporter-fips, crossplane-provider-family-azure, x509-certificate-exporter, crossplane-provider-azure-servicebus, crossplane-provider-azure-operationsmanagement, crossplane-provider-azure-relay, grafana,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 days ago5 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: src, argo-events-fips, crossplane-provider-aws-directconnect, crossplane-provider-aws-cloudwatchevents, crossplane-provider-azure-synapse, flux-image-automation-controller, agentbeat, crossplane-provider-aws-emr-fips, loki, gomplate, docker-machine-driver-linode,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 6 days ago5 views

GHSA-MPWR-8VM7-H73F vulnerabilities

Vulnerabilities for packages: cert-manager, crossplane-provider-azure-managedidentity, x509-certificate-exporter, crossplane-provider-family-azure, nfpm, external-secrets-operator, grafana, goreleaser, nuclei, splunk-otel-collector, gobuster, crossplane-provider-azure-authorization,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 6 days ago6 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: kyverno, guac, flux-image-automation-controller, terragrunt, k3s, tkn, dagger, nfpm, falcoctl, atlantis, containerd, cilium-cli, step-issuer, step-kms-plugin, loki, policy-controller, crossplane-provider-family-azure, argocd-image-updater, pulumi-language-java,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.11 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: postgres-operator, flux-image-automation-controller, k3s, terraform-provider-random, volume-modifier-for-k8s, delve, sftpgo-plugin-geoipfilter, go, trillian, multus-cni, atlantis, jitsucom-bulker, vault-k8s, migrate, yunikorn-web,...

7.5CVSS7.1AI score0.00349EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/31 1:48 p.m.16 views

CVE-2026-32285 vulnerabilities

Vulnerabilities for packages: ollama, rclone, terragrunt, k3s, dagger, opentelemetry-collector, nfpm, grafana, goreleaser, gitlab-runner, kubevela, teleport, tempo, datadog-agent, opentelemetry-collector-contrib, loki, witness, prometheus, mcp-grafana, grafana-alloy, lazygit, weaviate, minio,...

7.5CVSS6.6AI score0.0075EPSS
Exploits1
Chainguard
Chainguard
added 2026/03/31 7:55 a.m.6 views

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: syft, pulumi-language-dotnet, argo-events-fips, flux-fips, grafana, flux-source-controller-fips, trivy-fips, flux-image-automation-controller, gitaly-fips, cerbos, kyverno-fips, gomplate, dagger, osv-scanner, cerbos-fips, grype, guac, xeol, grafana-fips, syft-fips,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/03/31 7:55 a.m.7 views

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: syft, pulumi-language-dotnet, argo-events-fips, flux-fips, grafana, flux-source-controller-fips, trivy-fips, flux-image-automation-controller, gitaly-fips, cerbos, kyverno-fips, gomplate, dagger, osv-scanner, cerbos-fips, grype, guac, xeol, grafana-fips, syft-fips,...

5CVSS5.8AI score0.00147EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/31 7:55 a.m.19 views

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: syft, pulumi-language-dotnet, argo-events-fips, flux-fips, grafana, flux-source-controller-fips, trivy-fips, flux-image-automation-controller, gitaly-fips, cerbos, kyverno-fips, gomplate, dagger, osv-scanner, cerbos-fips, grype, guac, xeol, grafana-fips, syft-fips,...

2.8CVSS5.8AI score0.00153EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/31 7:48 a.m.14 views

CVE-2026-33762 vulnerabilities

Vulnerabilities for packages: kyverno, guac, snyk-cli, pulumi, flux-image-automation-controller, gptscript, rancher-fleet, zot, dagger, gitsign, chezmoi, gitea, pulumi-language-dotnet, nfpm, external-secrets-operator, grafana, flux, gitlab-runner, kubevela, teleport, syft, argo-workflows, melange...

2.8CVSS5.8AI score0.00153EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/31 7:48 a.m.10 views

GHSA-JHF3-XXHW-2WPP vulnerabilities

Vulnerabilities for packages: kyverno, guac, snyk-cli, pulumi, flux-image-automation-controller, gptscript, rancher-fleet, zot, dagger, gitsign, chezmoi, gitea, pulumi-language-dotnet, nfpm, external-secrets-operator, grafana, flux, gitlab-runner, kubevela, teleport, syft, argo-workflows, melange...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2026/03/31 7:48 a.m.12 views

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: kyverno, guac, snyk-cli, pulumi, flux-image-automation-controller, gptscript, rancher-fleet, zot, dagger, gitsign, chezmoi, gitea, pulumi-language-dotnet, nfpm, external-secrets-operator, grafana, flux, gitlab-runner, kubevela, teleport, syft, argo-workflows, melange...

5CVSS5.8AI score0.00147EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1637

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00384EPSS
Exploits1References5
Veracode
Veracode
added 2023/06/02 12:10 p.m.28 views

Information Disclosure

github.com/goreleaser/nfpm is vulnerable to Information Disclosure. The vulnerability exists due to improper permission configuration in files and folders which allows an attacker access to the package on the file system...

7.1CVSS6.6AI score0.00384EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/05/30 4:15 a.m.32 views

CVE-2023-32698

nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...

7.1CVSS7.1AI score0.00384EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2023/05/30 4:15 a.m.25 views

CVE-2023-32698

nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...

7.1CVSS7AI score0.00384EPSS
Exploits1
Prion
Prion
added 2023/05/30 4:15 a.m.22 views

Code injection

nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...

3.2CVSS6.9AI score0.00384EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/05/30 3:56 a.m.42 views

CVE-2023-32698 nfpm vulnerable to Incorrect Default Permissions

nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...

7.1CVSS7.1AI score0.00384EPSS
Exploits1References3
OSV
OSV
added 2023/05/30 3:56 a.m.22 views

CVE-2023-32698 nfpm vulnerable to Incorrect Default Permissions

nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...

7.1CVSS6.9AI score0.00384EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/05/30 3:56 a.m.13 views

CVE-2023-32698 nfpm vulnerable to Incorrect Default Permissions

nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files without extra config for enforcing it’s own permissions files could go out with bad permissions chmod 666 or 777. Anyone using nfpm for creating packages without...

7.1CVSS6.8AI score0.00384EPSS
Exploits1References3
Rows per page
Query Builder