128 matches found
CVE-2026-48758 vulnerabilities
Vulnerabilities for packages: pulumi...
GHSA-JFC7-64V2-MR8C vulnerabilities
Vulnerabilities for packages: pulumi...
CVE-2026-48758 vulnerabilities
Vulnerabilities for packages: pulumi...
GHSA-JFC7-64V2-MR8C vulnerabilities
Vulnerabilities for packages: pulumi...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-powerbidedicated, tekton-chains, agentbeat, chainloop-control-plane-fips, sealed-secrets, scorecard, buildah-fips, crossplane-provider-azure-servicebus, tkn, crossplane-provider-aws-elbv2, amazon-ssm-agent, kueue-fips,...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-powerbidedicated, tekton-chains, agentbeat, chainloop-control-plane-fips, sealed-secrets, scorecard, buildah-fips, crossplane-provider-azure-servicebus, tkn, crossplane-provider-aws-elbv2, amazon-ssm-agent, kueue-fips,...
GHSA-VGWF-H737-FF37 vulnerabilities
Vulnerabilities for packages: cloudbeat-fips, opentofu, redpanda-console, gitlab-runner-fips, scorecard, drone, flux-fips, rancher-agent, amazon-ssm-agent, zarf-fips, terragrunt, tigera-operator, elastic-agent-fips, kube-state-metrics, chainctl-fips, containerd, frankenphp-8.5, packer,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: tkn, witness, cluster-api-azure-controller, fscrypt, crossplane-provider-azure-storage, crossplane-provider-azure-sql, guac, flux-operator, melange, dagger, aactl, rancher-agent, vault-benchmark, argocd-image-updater, nerdctl, gitlab-kas, neuvector-sigstore-interface...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: tkn, witness, crossplane-provider-aws-ec2, cluster-api-azure-controller, docker-machine-driver-linode, crossplane-provider-azure-storage, fscrypt, terraform-provider-acme, crossplane-provider-aws-memorydb, crossplane-provider-azure-sql, guac, flux-operator, melange,...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: flux, kyverno, witness, zot, kine, fscrypt, argo-events, prometheus, osv-scanner, apko, terragrunt, guac, zarf, wolfictl, opentelemetry-collector, melange, gptscript, dagger, telegraf, podman, kubescape, aactl, cilium-cli, cloud-provider-aws, splunk-otel-collector,...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: witness, fscrypt, guac, melange, dagger, aactl, rancher-agent, argocd-image-updater, nerdctl, gitlab-kas, opentofu, flux-image-automation-controller, k3s, gitea, external-dns, go-discover, minio, kots, helm, gomplate, cert-manager, kubernetes, chezmoi, rancher, caddy...
GHSA-RHGJ-6G2C-FRMM @hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...
@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-693 Protection Mechanism Failure Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain hulumi:baseline:aws:SecureBucket$aws:s3/bucketV2:BucketV2 and the logical name the develope...
PT-2026-48479
Affected: @hulumi/baseline 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-693 Protection Mechanism Failure Summary AccountFoundation can either create AWS detective services GuardDuty for threat detection, Security Hub for compliance dashboards or reuse pre-existing ones via opt-in flags. The...
Malicious code in pulumi-vcd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...
MAL-2026-4763 Malicious code in pulumi-vcd (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08bbc8be2cfa9a85473b0287e3c327b16c3f9e15886869bd9e2188a323448fd9 Package pulumivcd is published with metadata mimicking an official Pulumi SDK Homepage https://www.pulumi.com, tfgen-style auto-generated bindings bu...
GHSA-2PR8-PHX7-X9H3 vulnerabilities
Vulnerabilities for packages: vitess, renovate, kubeflow-centraldashboard, pulumi...
CVE-2026-44290 vulnerabilities
Vulnerabilities for packages: vitess, renovate, kubeflow-centraldashboard, pulumi...
CVE-2026-44293 vulnerabilities
Vulnerabilities for packages: vitess, renovate, kubeflow-centraldashboard, pulumi...
CVE-2026-44291 vulnerabilities
Vulnerabilities for packages: vitess, renovate, kubeflow-centraldashboard, pulumi...