1430 matches found
GHSA-XJVP-4FHW-GC47 vulnerabilities
Vulnerabilities for packages: k8s-device-plugin, prometheus-podman-exporter, sriov-network-device-plugin-fips, k8s-device-plugin-fips, node-feature-discovery, rancher-agent, sriov-network-device-plugin, podman-fips, nvidia-container-toolkit, buildah-fips...
CVE-2026-41579 vulnerabilities
Vulnerabilities for packages: k8s-device-plugin, prometheus-podman-exporter, sriov-network-device-plugin-fips, k8s-device-plugin-fips, node-feature-discovery, rancher-agent, sriov-network-device-plugin, podman-fips, nvidia-container-toolkit, buildah-fips...
Prometheus - Open Redirect
Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to 2.27.0, the default UI was changed to the new UI with a URL prefixed by /new redirect to /. Due to a bug in the code, an attacker can redirect a user to a malicious site and...
Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
Prometheus Blackbox Exporter through 0.17.0 contains a server-side request forgery caused by unsanitized target parameter in /probe, letting attackers perform SSRF attacks, exploit requires sending crafted target parameter. id: CVE-2020-16248 info: name: Prometheus Blackbox Exporter - Server-Side...
Important: Red Hat Security Advisory: Cost Management Metrics Operator Update
Cost Management Metrics Operator version 4.4.1 release. The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every...
ROOT-APP-GOBINARY-CVE-2026-42154 CVE-2026-42154 in rootio-github.com/prometheus/prometheus - Patched by Root
Root has patched CVE-2026-42154 in the rootio-github.com/prometheus/prometheus package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-44903 CVE-2026-44903 in rootio-github.com/prometheus/prometheus - Patched by Root
Root has patched CVE-2026-44903 in the rootio-github.com/prometheus/prometheus package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-40179 CVE-2026-40179 in rootio-github.com/prometheus/prometheus - Patched by Root
Root has patched CVE-2026-40179 in the rootio-github.com/prometheus/prometheus package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-CVE-2026-42151 CVE-2026-42151 in rootio-github.com/prometheus/prometheus - Patched by Root
Root has patched CVE-2026-42151 in the rootio-github.com/prometheus/prometheus package for Root:Go. Multiple fixed versions available...
ROOT-APP-GOBINARY-GHSA-FW8G-CG8F-9J28 GHSA-fw8g-cg8f-9j28 in rootio-github.com/prometheus/prometheus - Patched by Root
Root has patched GHSA-fw8g-cg8f-9j28 in the rootio-github.com/prometheus/prometheus package for Root:Go. Multiple fixed versions available...
OPENSUSE-SU-2026:11011-1 golang-github-prometheus-alertmanager-0.32.2-2.1 on GA media
These are all security issues fixed in the golang-github-prometheus-alertmanager-0.32.2-2.1 package on the GA media of openSUSE Tumbleweed...
golang-github-prometheus-prometheus-3.12.0-2.1 on GA media (moderate)
golang-github-prometheus-prometheus-3.12.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10997-1 Rating: moderate Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2026-39821 SUSE : 9.1...
OPENSUSE-SU-2026:11012-1 golang-github-prometheus-node_exporter-1.11.1-2.1 on GA media
These are all security issues fixed in the golang-github-prometheus-nodeexporter-1.11.1-2.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2026:10997-1 golang-github-prometheus-prometheus-3.12.0-2.1 on GA media
These are all security issues fixed in the golang-github-prometheus-prometheus-3.12.0-2.1 package on the GA media of openSUSE Tumbleweed...
OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arbitrary local file and sends contents as bearer auth
Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...
PT-2026-48539
Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator TargetAllocator Companion: Prometheus Operator API types CRDs Summary OpenTelemetry Operator's TargetAllocator watches ServiceMonitor resources via the Prometheus Operator CR watcher and converts...
CLEANSTART-2026-QU97327 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.5.1-r0, 1.5.1-r1
Multiple security vulnerabilities affect the nginx-prometheus-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-PQ10269 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.5.1-r0, 1.5.1-r1, 1.5.1-r2
Multiple security vulnerabilities affect the nginx-prometheus-exporter package. These issues are resolved in later releases. See references for individual vulnerability details...
OPENSUSE-SU-2026:10971-1 prometheus-blackbox_exporter-0.26.0-6.1 on GA media
These are all security issues fixed in the prometheus-blackboxexporter-0.26.0-6.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-44902
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...