GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: drone-fips, kyverno, cilium, flux-source-controller-fips, gitea, knative-kafka-broker-fips, nemo, drone, opentofu, fscrypt, prometheus, prometheus-mongodb-exporter, argocd-image-updater-fips, opentofu-fips, frankenphp-8.5, rancher-agent, seaweedfs-rocksdb-fips,...

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: drone-fips, kyverno, cilium, flux-source-controller-fips, gitea, knative-kafka-broker-fips, nemo, docker-machine-driver-harvester, drone, opentofu, fscrypt, prometheus, prometheus-mongodb-exporter, argocd-image-updater-fips, opentofu-fips, frankenphp-8.5,...

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: trivy, aactl, argo-cd, cert-manager, prometheus, fscrypt, cloud-provider-aws, prometheus-operator, k3s, opentelemetry-collector, zot, kubernetes-dashboard, zarf, nerdctl, gitea, kaf, minio, snyk-cli, rancher-agent, k9s, external-dns, kine, cilium, kubernetes, loki,...

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: aactl, argo-cd, cert-manager, podman, prometheus, fscrypt, cloud-provider-aws, prometheus-operator, k3s, opentelemetry-collector, zot, kubernetes-dashboard, nerdctl, kaf, minio, snyk-cli, rancher-agent, external-dns, kine, cilium, kubernetes, loki, istio,...

CLEANSTART-2026-TL66481 Security fixes for CVE-2024-24786, CVE-2024-35255, CVE-2025-22868, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 0.69.1-r0, 0.69.1-r1, 0.87.1-r0, 0.89.0-r0

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-MV81821 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-mh2q-q3fh-2475, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 0.87.1-r0, 0.87.1-r1, 0.87.1-r2, 0.87.1-r3

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-LG79681 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475 applied in versions: 0.87.1-r0, 0.89.0-r0, 0.89.0-r1

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-OD56729 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-mh2q-q3fh-2475 applied in versions: 0.87.1-r0, 0.88.1-r0, 0.89.0-r0

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-CH40794 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 0.87.1-r0, 0.89.0-r0, 0.90.1-r0

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-HO21235 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.87.1-r0, 0.89.0-r0

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-RA52239 url

Multiple security vulnerabilities affect the prometheus-operator package. url. See references for individual vulnerability details...

CLEANSTART-2026-TI57220 url

Multiple security vulnerabilities affect the prometheus-operator package. url. See references for individual vulnerability details...

CLEANSTART-2026-HX94762 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing

Multiple security vulnerabilities affect the prometheus-operator package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...

CLEANSTART-2026-KT25851 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2025-61732, CVE-2025-68121, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.87.0-r0, 0.87.0-r1, 0.88.0-r1

Multiple security vulnerabilities affect the prometheus-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-BB17877 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.87.1-r0, 0.89.0-r0

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-BP32212 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2025-61732, CVE-2025-68121, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.87.0-r0, 0.87.0-r1, 0.88.0-r0

Multiple security vulnerabilities affect the prometheus-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-RD09851 net/url package does not set a limit on the number of query parameters in a query

Multiple security vulnerabilities affect the prometheus-operator package. The net/url package does not set a limit on the number of query parameters in a query. See references for individual vulnerability details...

CLEANSTART-2026-TR92727 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ...

Multiple security vulnerabilities affect the prometheus-operator-fips package. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should ha...

CLEANSTART-2026-IA26094 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the prometheus-operator-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

CLEANSTART-2026-DO68350 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the prometheus-operator-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...