128 matches found
CVE-2026-48758 vulnerabilities
Vulnerabilities for packages: pulumi...
GHSA-JFC7-64V2-MR8C vulnerabilities
Vulnerabilities for packages: pulumi...
GHSA-JFC7-64V2-MR8C vulnerabilities
Vulnerabilities for packages: pulumi...
CVE-2026-48758 vulnerabilities
Vulnerabilities for packages: pulumi...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: datadog-agent-fips, longhorn-cli-fips, crossplane, nuclei, neuvector-sigstore-interface-fips, kueue, terraform-provider-tls-fips, cluster-api-azure-controller-fips, crossplane-provider-aws-autoscaling-fips, prometheus-fips, crossplane-provider-aws-macie2-fips,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: datadog-agent-fips, longhorn-cli-fips, crossplane, nuclei, neuvector-sigstore-interface-fips, kueue, terraform-provider-tls-fips, cluster-api-azure-controller-fips, crossplane-provider-aws-autoscaling-fips, prometheus-fips, crossplane-provider-aws-macie2-fips,...
GHSA-VGWF-H737-FF37 vulnerabilities
Vulnerabilities for packages: zot, datadog-agent-fips, frankenphp-8.2, juicefs, longhorn-cli-fips, cilium, gatekeeper-fips, seaweedfs-rocksdb, kubescape-server-fips, nuclei, trivy-operator-fips, kubernetes, argocd-image-updater-fips, syft, gatus, argo-cd-fips, chainloop-cli-fips, loki, zitadel,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: apko, witness, pulumi-kubernetes-operator, gomplate, go-discover, flux-kustomize-controller, kubernetes, tkn, flux-notification-controller, tekton-chains, vault-benchmark, osv-scanner, zot, gatus, dagger, kine, hcloud, k9s, openbao, docker, opentelemetry-collector,...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: apko, witness, pulumi-kubernetes-operator, gomplate, go-discover, flux-kustomize-controller, crossplane-provider-aws-lambda, crossplane-provider-aws-ec2, kubernetes, crossplane-provider-keycloak, tkn, flux-notification-controller, tekton-chains,...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: apko, flux-source-controller, cilium-cli, witness, splunk-otel-collector, pulumi-language-dotnet, cilium, gomplate, pulumi-kubernetes-operator, skaffold, containerd, spire-server, nuclei, loki, act, syft, telegraf, kubernetes, pulumi-language-yaml, cloud-provider-aws...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: apko, witness, pulumi-kubernetes-operator, gomplate, go-discover, kubernetes, zot, osv-scanner, dagger, kine, k9s, openbao, opentelemetry-collector, teleport, caddy, rancher-agent, docker-cli-buildx, skaffold, nuclei, act, pulumi-language-yaml, cloud-provider-aws,...
@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...
GHSA-RHGJ-6G2C-FRMM @hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...
PT-2026-48479
Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-693 Protection Mechanism Failure Summary AccountFoundation can either create AWS detective services GuardDuty for threat detection, Security Hub for compliance dashboards or reuse pre-existing ones via opt-in flags. The...
Malicious code in pulumi-vcd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...
MAL-2026-4763 Malicious code in pulumi-vcd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...
GHSA-Q6X5-8V7M-XCRF vulnerabilities
Vulnerabilities for packages: pulumi, vitess, kubeflow-centraldashboard, renovate...
CVE-2026-44294 vulnerabilities
Vulnerabilities for packages: pulumi, vitess, kubeflow-centraldashboard, renovate...
GHSA-2PR8-PHX7-X9H3 vulnerabilities
Vulnerabilities for packages: pulumi, vitess, kubeflow-centraldashboard, renovate...
GHSA-66FF-XGX4-VCHM vulnerabilities
Vulnerabilities for packages: pulumi, vitess, kubeflow-centraldashboard, renovate...