33 matches found
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: dgraph, flux, apko, malcontent, newrelic-infra-operator, smarter-device-manager, clickhouse-operator, oras, secrets-store-csi-driver-provider-aws, temporal, kubewatch, victoriametrics-cluster, github-mcp-server, envoy-ratelimit, aws-privateca-issuer,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: kubeflow, kaf, mockgen, kubernetes, regclient, consul, k8s-metacollector-fips, gatus-fips, grafana-image-renderer, velero-plugin-for-aws-fips, cluster-proportional-autoscaler, xeol, cilium-certgen, kserve-rest-proxy, step-fips, task-fips, wait-for-port,...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: kubeflow, kaf, mockgen, kubernetes, regclient, consul, k8s-metacollector-fips, gatus-fips, grafana-image-renderer, velero-plugin-for-aws-fips, cluster-proportional-autoscaler, xeol, cilium-certgen, kserve-rest-proxy, step-fips, task-fips, wait-for-port,...
EUVD-2022-0837
Malicious code in bioql PyPI...
EUVD-2023-1539
Malicious code in bioql PyPI...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: kube-vip, gostatsd, docker-credential-ecr-login, kserve-rest-proxy, secrets-store-csi-driver-provider-aws, k8sgpt-operator, pvc-autoresizer, vault-k8s, bank-vaults, confluent-common-docker, ctop, sftpgo-plugin-geoipfilter, rancher-machine, octo-sts,...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: terraform-provider-sendgrid-fips, kube-vip-cloud-provider, kserve-rest-proxy, local-path-provisioner, confluent-common-docker, knative-serving, nemo, secrets-store-csi-driver-fips, sftpgo-plugin-pubsub, blob-csi-fips, kube-logging-operator-custom-runner-fips,...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: terraform-provider-sendgrid-fips, kube-vip-cloud-provider, kserve-rest-proxy, local-path-provisioner, confluent-common-docker, knative-serving, nemo, secrets-store-csi-driver-fips, sftpgo-plugin-pubsub, blob-csi-fips, kube-logging-operator-custom-runner-fips,...
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: grype, vertical-pod-autoscaler, newrelic-infra-operator, nats-server, kube-rbac-proxy, argo-workflows, capslock, docker-credential-ecr-login, k8sgpt, secrets-store-csi-driver-provider-aws, dex, nri-nginx, bom, kubernetes-dashboard, kor, terraform-docs, vite,...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: flux, grafana-agent-operator, argo-workflows, k8sgpt, opentelemetry-collector, buildkitd, ksops, sqlpad, step, py3-azure-identity, zot, py3-cassandra-medusa, datadog-agent, step-ca, falcoctl, kubescape, timestamp-authority, pulumi, thanos, rook, druid, bank-vaults,...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: grype, vertical-pod-autoscaler, newrelic-infra-operator, crossplane-provider-aws-iam, argo-workflows, capslock, crossplane-provider-aws-route53, k8sgpt, kube-fluentd-operator, dex, kubeflow, secrets-store-csi-driver-provider-aws, kubernetes-dashboard, kor,...
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kubeflow, kaf, kubernetes, slsa-verifier, kaniko, cluster-proportional-autoscaler, helm-operator-fips, kubeflow-fips, grpc-health-probe, nfs-subdir-external-provisioner, crossplane-provider-aws-kinesis, ctop, cosign-fips, prometheus-postgres-exporter, eksctl, trillia...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: src, dgraph, up, terraform-provider-sendgrid, buildkitd, falco, kubeflow, kubevela, cortex, k3d, spark-operator, slsa-verifier, kubescape, scorecard, prometheus-blackbox-exporter, aactl...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: kubeflow, conftest-fips, cortex, slsa-verifier, scorecard, buildkitd, prometheus-blackbox-exporter, spark-operator, terraform-provider-sendgrid-fips, timestamp-authority-fips, terraform-provider-sendgrid, metrics-server-fips, kubernetes-csi-livenessprobe-fips,...
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, kaf, flux-notification-controller, kubeflow, runc, slsa-verifier, buildkitd, prometheus-blackbox-exporter, terraform-provider-sendgrid-fips, prometheus-operator, smarter-device-manager-fips, dynamic-localpv-provisioner-fips, kubeflow-fips,...
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: grype, dex, kubeflow, bom, node-problem-detector, nats, coredns, flux-kustomize-controller, oauth2-proxy, terraform, secrets-store-csi-driver-provider-gcp, kubernetes-csi-livenessprobe, nghttp2, amass, hey, atlantis, mc, prometheus-blackbox-exporter, gomplate,...
The vulnerability of the secrets-store-csi-driver driver of the Kubernetes cluster management software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the secrets-store-csi-driver driver in the Kubernetes cluster management software is related to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Insertion Of Sensitive Information Into Log File
sigs.k8s.io/secrets-store-csi-driver is vulnerable to Insertion of Sensitive Information Into Log File. An attacker with access to the driver logs could observe service account tokens due to the NodePublishVolume function of nodeserver.go...
CVE-2023-2878
Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs...
CVE-2023-2878 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver...