GHSA-MPWR-8VM7-H73F vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-relay, crossplane-provider-azure-powerbidedicated, x509-certificate-exporter, nfpm, telegraf, crossplane-provider-azure-synapse, crossplane-provider-azure-signalrservice, crossplane-provider-azure-netapp,...

GHSA-MPWR-8VM7-H73F vulnerabilities

Vulnerabilities for packages: x509-certificate-exporter, nuclei, cert-manager, nfpm, splunk-otel-collector, goreleaser...

Cross-Site Scripting (XSS)

Vitest is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the otelCarrier query parameter being inserted directly into an inline module script and treated as JavaScript source rather than data, which allows an attacker to craft a malicious browser-runner URL and execute...

Malicious code in @mastra/otel-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 713aa738c88e89dcf078ff056e40389e2e9dc23573efcd4e3eed73533a730d28 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE-SU-2026:21989-1 Security update for google-guest-agent

This update for google-guest-agent fixes the following issues: Update to version 20260430.00 Update THIRDPARTYLICENSES to be package specific location. 608 Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 604...

Cross-site Scripting (XSS)

Overview @vitest/browser is a Browser running for Vitest Affected versions of this package are vulnerable to Cross-site Scripting XSS via the otelCarrier query parameter being directly inserted into an inline script without sanitization. An attacker can execute arbitrary JavaScript in the context...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +23724 more potentially affected by CVE-2026-42585 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2026-6605 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2026-6605 Source advisory: SNYK:PYTHON-AGENTSCOPE-16318345...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: rancher-machine, apisix-ingress-controller, dex, chart-testing, aws-application-networking-k8s, s5cmd, grafana-operator, gcsfuse, gitsign, http-echo, cri-tools, sftpgo-plugin-pubsub, dbmate, amass, promxy, tailscale, kyverno-notation-aws, cert-exporter, kafkaexporter...

GHSA-65XW-VW82-R86X vulnerabilities

Vulnerabilities for packages: amazon-cloudwatch-agent, crossplane-provider-aws-dynamodb, crossplane-provider-keycloak, crossplane-provider-azure-authorization, crossplane-provider-aws-iam, grafana-alloy, aws-otel-collector, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-aws-ec2,...

GHSA-65XW-VW82-R86X vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-ecs, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-azure-authorization, datadog-agent-fips, crossplane-provider-aws-sqs, crossplane-provider-aws-eks-fips, crossplane-provider-aws-s3-fips, crossplane-provider-aws-efs-fips,...

CVE-2026-32287 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-ecs, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-azure-authorization, datadog-agent-fips, crossplane-provider-aws-sqs, crossplane-provider-aws-eks-fips, crossplane-provider-aws-s3-fips, crossplane-provider-aws-efs-fips,...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +151 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (=1.1.0)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.modelcontextprotocol.sdk:mcp-core and may be impacted: - ai.agentican:agentican-framework-core =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1,...

Elastic OTel Java 1.10.0 Security Update (ESA-2026-22 / GHSA-xw7x-h9fj-p2c7)

Dependency on Vulnerable Third-Party Component in Elastic OTel Java Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in Elastic OTel Java via a dependency on OpenTelemetry Java instrumentation library. This vulnerability could allow an attacker to...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +19684 more potentially affected by CVE-2026-33871 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.131.Final)

io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-dynamodb, flux-operator, dex, pulumi-language-yaml, crossplane-provider-aws-iam, zot, pulumi, timoni, crossplane-provider-aws-rds, trivy-operator, crossplane-provider-aws-kms, crossplane-provider-aws-memorydb, emissary, melange,...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-dynamodb, flux-operator, dex, pulumi-language-yaml, crossplane-provider-aws-iam, zot, pulumi, timoni, crossplane-provider-aws-rds, trivy-operator, crossplane-provider-aws-kms, crossplane-provider-aws-memorydb, emissary, melange,...

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-ecs, crossplane-provider-aws-cloudwatchlogs, datadog-agent-fips, gpu-operator, kube-rbac-proxy-fips, crossplane-provider-aws-sqs, terraform-provider-acme, crossplane-provider-aws-eks-fips, cloud-sql-proxy-fips, crossplane-provider-aws-s3-fips,...

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-ecs, crossplane-provider-aws-cloudwatchlogs, datadog-agent-fips, gpu-operator, kube-rbac-proxy-fips, crossplane-provider-aws-sqs, terraform-provider-acme, crossplane-provider-aws-eks-fips, cloud-sql-proxy-fips, crossplane-provider-aws-s3-fips,...

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: rekor-fips, kyverno, thanos, kapp-controller, juicefs, cloudprober-fips, k8s-agents-operator, cass-operator, cluster-api-gcp-controller-fips, spire-server-fips, kyverno-policy-reporter-plugins-kyverno-fips, prometheus-mongodb-exporter,...