106 matches found
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: cloudbeat-fips, opentofu, drone, flux-fips, rancher-agent, zarf-fips, tigera-operator, elastic-agent-fips, kube-state-metrics, containerd, frankenphp-8.5, kubernetes-dashboard, frankenphp-8.4, coder-fips, gitlab-workhorse-ce-fips, trivy-operator, knative-eventing-fip...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: cloudbeat-fips, opentofu, redpanda-console, scorecard, flux-fips, rancher-agent, amazon-ssm-agent, zarf-fips, terragrunt, tigera-operator, elastic-agent-fips, kube-state-metrics, chainctl-fips, containerd, frankenphp-8.5, packer, kubernetes-dashboard, frankenphp-8.4,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: cloudbeat-fips, opentofu, drone, flux-fips, rancher-agent, zarf-fips, tigera-operator, elastic-agent-fips, kube-state-metrics, containerd, frankenphp-8.5, kubernetes-dashboard, frankenphp-8.4, coder-fips, gitlab-workhorse-ce-fips, trivy-operator, knative-eventing-fip...
GHSA-9M57-25V3-79X9 vulnerabilities
Vulnerabilities for packages: opentofu, buildah-fips, rancher-agent, tigera-operator, elastic-agent-fips, kube-state-metrics, containerd, frankenphp-8.5, packer, kubernetes-dashboard, frankenphp-8.4, gitlab-workhorse-ce-fips, terraform-fips, knative-eventing-fips, prometheus-elasticsearch-exporte...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: teleport, cloudbeat-fips, crossplane-provider-azure-powerbidedicated, opentofu, redpanda-console, tekton-chains, terraform-provider-tls-fips, gitlab-runner-fips, scorecard, buildah-fips, crossplane-provider-azure-servicebus, crossplane-provider-azure-notificationhubs...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: tkn, witness, cluster-api-azure-controller, fscrypt, crossplane-provider-azure-storage, crossplane-provider-azure-sql, guac, flux-operator, melange, dagger, aactl, rancher-agent, vault-benchmark, argocd-image-updater, nerdctl, gitlab-kas, neuvector-sigstore-interface...
GHSA-Q7J3-V8QV-22VQ OpenTofu: Possible arbitrary file read during certain git operations via a maliciously crafted URL
Impact Possible data exposure. Summary While downloading packages from a maliciously crafted URL, some git operations against that URL could allow arbitrary file read. This might allow disclosure of confidential information. Details OpenTofu relies on go-getter for downloading packages like...
GHSA-PXH5-6RRC-8RJV vulnerabilities
Vulnerabilities for packages: opentofu...
GHSA-PXH5-6RRC-8RJV vulnerabilities
Vulnerabilities for packages: opentofu-fips, opentofu...
GHSA-PXH5-6RRC-8RJV OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server
Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...
OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server
Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...
CLEANSTART-2026-CN84623 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-GY48351 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-MI12470 Within HostnameError
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...
CLEANSTART-2026-SO13464 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the opentofu-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...
CVE-2026-32952 vulnerabilities
Vulnerabilities for packages: yunikorn-k8shim, flux, grafana, rclone, kyverno, zot, spqr, rancher-webhook, xeol, seaweedfs, terraform, kyverno-notation-aws, telegraf, frp, gitlab-runner, rancher-agent, cert-manager-csi-driver, dex, harbor, cert-manager-istio-csr, juicefs, opentofu,...
GHSA-PJCQ-XVWQ-HHPJ vulnerabilities
Vulnerabilities for packages: yunikorn-k8shim, flux, grafana, rclone, kyverno, zot, spqr, rancher-webhook, xeol, seaweedfs, terraform, kyverno-notation-aws, telegraf, frp, gitlab-runner, rancher-agent, cert-manager-csi-driver, dex, harbor, cert-manager-istio-csr, juicefs, opentofu,...
OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses
Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or deadlock when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...
GHSA-92MM-2PJQ-R785 vulnerabilities
Vulnerabilities for packages: zot, xeol, tfsec, task, zarf, terragrunt, wolfictl, terraform, kubescape, conftest, steampipe, tflint, opentofu, kots, k9s, trivy, snyk-cli, trivy-operator, grype, syft...
CVE-2026-4660 vulnerabilities
Vulnerabilities for packages: zot, xeol, tfsec, task, zarf, terragrunt, wolfictl, terraform, kubescape, conftest, steampipe, tflint, opentofu, kots, k9s, trivy, snyk-cli, trivy-operator, grype, syft...