1493 matches found
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: telegraf, kots, fscrypt, nerdctl, kubernetes-dashboard, containerd, kyverno, spire-server, kaf, knative-serving, helm, mattermost, podman, kubernetes, opentelemetry-collector, aactl, cilium, cert-manager, external-dns, minio, vitess, loki, buildah, prometheus,...
GO-2026-5710 Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus
Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus...
GO-2026-5662 Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus
Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this...
GO-2026-5381 Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display in github.com/prometheus/prometheus
Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display in github.com/prometheus/prometheus...
GO-2026-5264 Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus
Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus...
CVE-2026-40011
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
CVE-2026-40011 Prometheus denial of service via crafted DNS queries
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
CVE-2026-40011
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
EUVD-2026-39346
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
CVE-2026-40011
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...
CVE-2026-40011
CVE-2026-40011 describes a denial-of-service condition where sending a large number of crafted DNS queries can cause a dynamic block to be inserted with a value that yields invalid output on the Prometheus endpoint. The Prometheus data may then be rejected by the scraper until the dynamic block e...
OPENSUSE-SU-2026:21157-1 Security update for golang-github-prometheus-alertmanager
This update for golang-github-prometheus-alertmanager fixes the following issues: Changes in golang-github-prometheus-alertmanager: - CVE-2026-39821: Fix validation bypass and privilege escalation by updating golang.org/x/net to version 0.55.0 bsc1266615...
CVE-2026-41579 vulnerabilities
Vulnerabilities for packages: buildah, gpu-operator, sriov-network-device-plugin-fips, prometheus-podman-exporter-fips, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, k8s-device-plugin, node-feature-discovery, podman, buildah-fips, podman-fips, nvidia-container-toolkit,...
GHSA-XJVP-4FHW-GC47 vulnerabilities
Vulnerabilities for packages: buildah, gpu-operator, sriov-network-device-plugin-fips, prometheus-podman-exporter-fips, sriov-network-device-plugin, k8s-device-plugin-fips, rancher-agent, k8s-device-plugin, node-feature-discovery, podman, buildah-fips, podman-fips, nvidia-container-toolkit,...
[SECURITY] Fedora 44 Update: prometheus-3.12.0-1.fc44
The Prometheus monitoring system and time series database...
[SECURITY] Fedora 43 Update: prometheus-3.12.0-1.fc43
The Prometheus monitoring system and time series database...
Important: Red Hat Security Advisory: Cost Management Metrics Operator Update
Cost Management Metrics Operator version 4.4.1 release. The Cost Management Metrics Operator is a component of the Red Hat Cost Managment service for Openshift. The operator runs on the latest supported versions of Openshift. This operator obtains OpenShift usage data by querying Prometheus every...
Fedora 44 : prometheus (2026-ebaf2bfd71)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ebaf2bfd71 advisory. Update to 3.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
Fedora 43 : prometheus (2026-dfc0e362e6)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dfc0e362e6 advisory. Update to 3.12.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...
ROOT-APP-GOBINARY-CVE-2026-42154 CVE-2026-42154 in rootio-github.com/prometheus/prometheus - Patched by Root
Root has patched CVE-2026-42154 in the rootio-github.com/prometheus/prometheus package for Root:Go. Multiple fixed versions available...