99 matches found
GHSA-PXH5-6RRC-8RJV vulnerabilities
Vulnerabilities for packages: opentofu...
GHSA-PXH5-6RRC-8RJV vulnerabilities
Vulnerabilities for packages: opentofu-fips, opentofu...
GHSA-PXH5-6RRC-8RJV OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server
Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...
OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server
Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...
CLEANSTART-2026-CN84623 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-GY48351 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-MI12470 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-SO13464 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the opentofu-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: harbor, xeol, seaweedfs, yunikorn-k8shim, kyverno-notation-aws, ratify, cert-manager-istio-csr, flux, rancher-webhook, frp, gitlab-runner, kyverno, sftpgo-plugin-auth, terraform, nuclei, cert-manager-cmctl, minio, rclone, trufflehog, zot, dex, rancher, spqr, opentofu...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: harbor, xeol, seaweedfs, yunikorn-k8shim, kyverno-notation-aws, ratify, cert-manager-istio-csr, flux, rancher-webhook, frp, gitlab-runner, kyverno, sftpgo-plugin-auth, terraform, nuclei, cert-manager-cmctl, minio, rclone, trufflehog, zot, dex, rancher, spqr, opentofu...
OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses
Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or deadlock when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...
CVE-2026-4660 vulnerabilities
Vulnerabilities for packages: grype, xeol, terragrunt, snyk-cli, trivy, conftest, zarf, syft, k9s, kubescape, terraform, tflint, zot, kots, steampipe, opentofu, wolfictl, tfsec, trivy-operator, task...
GHSA-92MM-2PJQ-R785 vulnerabilities
Vulnerabilities for packages: grype, xeol, terragrunt, snyk-cli, trivy, conftest, zarf, syft, k9s, kubescape, terraform, tflint, zot, kots, steampipe, opentofu, wolfictl, tfsec, trivy-operator, task...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: hubble-ui, sftpgo-plugin-eventstore, terraform-provider-pagerduty, step-kms-plugin, cis-operator, kaf, spiffe-helper, aws-efs-csi-driver, cue, docker-credential-gcr, external-dns, flannel, kube-fluentd-operator, kubernetes-csi-driver-hostpath,...
CVE-2026-39882 vulnerabilities
Vulnerabilities for packages: falcosidekick, gatekeeper-fips, buildkitd, ory-kratos, terraform, terraform-mcp-server, elastic-agent, containerd-fips, k6-operator-fips, aws-otel-collector-fips, keda, loki, bento, octo-sts, grafana-rollout-operator, caddy-fips, opentelemetry-collector,...
GHSA-W8RR-5GCM-PP58 vulnerabilities
Vulnerabilities for packages: falcosidekick, gatekeeper-fips, buildkitd, ory-kratos, terraform, terraform-mcp-server, elastic-agent, containerd-fips, k6-operator-fips, aws-otel-collector-fips, keda, loki, bento, octo-sts, grafana-rollout-operator, caddy-fips, opentelemetry-collector,...
CLEANSTART-2026-AD71344 Security fixes for CVE-2024-10005, CVE-2024-10006, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.10.7-r1, 1.10.9-r0, 1.10.9-r1, 1.10.9-r2, 1.10.9-r3, 1.9.4-r0
Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-DP35743 Security fixes for CVE-2024-10005, CVE-2024-10006, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24051, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.7.10-r0, 1.7.10-r1, 1.7.10-r2, 1.7.10-r3, 1.9.4-r0
Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-OM95908 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-qxp5-gwg8-xv66, ghsa-r92c-9c7f-3pj8, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.10.7-r1, 1.11.4-r0, 1.11.5-r0, 1.11.5-r1, 1.11.5-r2, 1.9.4-r0
Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-GU55430 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-9h8m-3fm2-qjrq, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.9.4-r0, 1.9.4-r1, 1.9.4-r2, 1.9.4-r3
Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details...