107 matches found
CLEANSTART-2026-QU97327 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.5.1-r0, 1.5.1-r1
Multiple security vulnerabilities affect the nginx-prometheus-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-PQ10269 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.5.1-r0, 1.5.1-r1, 1.5.1-r2
Multiple security vulnerabilities affect the nginx-prometheus-exporter package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-44902
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
GHSA-W2Q5-6Q6X-X959 vulnerabilities
Vulnerabilities for packages: azcopy-fips, helm-diff, secretgen-controller-fips, kyverno-policy-reporter-plugins-trivy, terraform-provider-pagerduty-fips, google-osconfig-agent, gitsign, nrdot-collector-k8s, terraform-provider-pagerduty, oauth2-proxy, rabbitmq-cluster-operator,...
GHSA-7CWM-FPFH-RRCH Ironic Standalone Operator's prometheus metrics exporter bound to all interfaces
Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...
PT-2026-47556
Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. The Prometheus metrics exporter binds to 0.0.0.0 all network interfaces by default with no authentication. The default config is disabled. If enabled, this exposes operational metrics to any ho...
CVE-2026-44902
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902
Summary: CVE-2026-44902 affects the OpenTelemetry JS client, specifically the Prometheus exporter in opentelemetry-js prior to 0.217.0. A single malformed HTTP request to the default metrics endpoint (0.0.0.0:9464) has no URL parsing error handling, causing an uncaught TypeError that crashes the ...
EUVD-2026-32538
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902 opentelemetry-js: Prometheus exporter process crash via malformed HTTP request
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
CVE-2026-44902 opentelemetry-js: Prometheus exporter process crash via malformed HTTP request
opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid...
opentelemetry-js 安全漏洞
opentelemetry-js is an open-source framework from OpenTelemetry - CNCF, designed for collecting traces, metrics, and logs from applications. Versions of opentelemetry-js prior to 0.217.0 contained a security vulnerability. This vulnerability stemmed from improper error handling in the URL parsing...
OpenTelemetry eBPF Instrumentation: Unbounded BPF internal metrics replay can exhaust CPU
Summary OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can become very large, causing the metrics exporter to spend excessive CPU time in a tight loop every collection interval. Details The vulnerable loop is in...
PT-2026-41785
Name of the Vulnerable Software and Affected Versions OpenTelemetry eBPF Instrumentation versions prior to 0.9.0 Description OpenTelemetry eBPF Instrumentation OBI replays BPF probe hits into histogram observations by looping once per recorded run count. On busy systems, the run-count delta can...
Prometheus exporter process crash via malformed HTTP request
Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...
Improper Handling of Exceptional Conditions
Overview @opentelemetry/exporter-prometheus is an OpenTelemetry Exporter Prometheus provides a metrics endpoint for Prometheus Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the PrometheusExporter process. An attacker can cause the process to...
GHSA-Q7RR-3CGH-J5R3 Prometheus exporter process crash via malformed HTTP request
Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...
PT-2026-39676
Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint default 0.0.0.0:9464 has no error handling around URL parsing, so a request with an invalid URI causes an uncaught TypeError that terminates the process. You...
CLEANSTART-2026-VD84830 Security fixes for CVE-2025-61732, CVE-2025-68121 applied in versions: 1.10.0-r0
Multiple security vulnerabilities affect the prometheus-elasticsearch-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...