64 matches found
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: rabbitmq-messaging-topology-operator, sftpgo-plugin-eventsearch, aws-privateca-issuer, flux, volume-modifier-for-k8s, github-mcp-server, grafana-rollout-operator, flux-image-automation-controller, stakater-reloader, secrets-store-csi-driver-provider-aws,...
GHSA-9H8M-3FM2-QJRQ vulnerabilities
Vulnerabilities for packages: rke2-runtime-fips, k8s-agents-operator, kubernetes-csi-external-resizer-fips, buildkitd, cass-operator, kaniko-fips, velero, livekit-server-fips, gitlab-operator-fips, cass-operator-fips, podinfo-fips, cluster-api-gcp-controller-fips, terraform, boring-registry-fips,...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: sqlexporter, glow, goose, k8s-agents-operator, openbao-fips, localstack, gpu-operator, buildtools-fips, crossplane-provider-aws-dynamodb-fips, kubernetes-csi-external-resizer-fips, cass-operator, fzf, spark-operator-fips, vault-csi-provider, terraform-docs, gosu,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: sqlexporter, glow, goose, k8s-agents-operator, openbao-fips, localstack, gpu-operator, crossplane-provider-aws-dynamodb-fips, kubernetes-csi-external-resizer-fips, cass-operator, spark-operator-fips, vault-csi-provider, terraform-docs, gosu, gitsign, podman-fips,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: sqlexporter, glow, goose, k8s-agents-operator, openbao-fips, localstack, gpu-operator, buildtools-fips, crossplane-provider-aws-dynamodb-fips, kubernetes-csi-external-resizer-fips, cass-operator, fzf, spark-operator-fips, vault-csi-provider, terraform-docs, gosu,...
Information Disclosure
sigs.k8s.io/secrets-store-sync-controller is vulnerable to Information Disclosure. The vulnerability is due to improper error handling and service account tokens being logged during parameter marshaling errors, and attackers with log access can use these tokens to retrieve secrets from cloud vaul...
EUVD-2022-0837
Malicious code in bioql PyPI...
EUVD-2023-1539
Malicious code in bioql PyPI...
EUVD-2022-2051
Malicious code in bioql PyPI...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: blobfuse2, modelmesh-runtime-adapter, vault-k8s, secrets-store-csi-driver-provider-aws, kube-vip, git-lfs, checksec, octo-sts, shfmt, mongodb-kubernetes-operator, kuberay-operator, hivemind, bank-vaults, k8sgpt-operator, lvm-driver, knative-serving,...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: blobfuse2, cloud-provider-aws, k8sgpt-operator, prometheus-bind-exporter, azuredisk-csi-fips, terraform-provider-time, shfmt, ctop, gitsign, kuberay-operator, vault-benchmark, custom-pod-autoscaler-operator, addon-resizer, prometheus-nats-exporter, gitlab-runner,...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: blobfuse2, cloud-provider-aws, k8sgpt-operator, prometheus-bind-exporter, azuredisk-csi-fips, terraform-provider-time, shfmt, ctop, gitsign, kuberay-operator, vault-benchmark, custom-pod-autoscaler-operator, addon-resizer, prometheus-nats-exporter, gitlab-runner,...
GO-2025-3939 secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller
secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller...
GHSA-RCW7-PQFP-735X secrets-store-sync-controller discloses service account tokens in logs
Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vau...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the error handling for parameters marshalling. An attacker can obtain sensitive service account tokens sent to the providers by accessing log files containing these credentials...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the error handling for parameters marshalling. An attacker can obtain sensitive service account tokens sent to the providers by accessing log files containing these credentials...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the error handling for parameters marshalling. An attacker can obtain sensitive service account tokens sent to the providers by accessing log files containing these credentials...
CVE-2025-7445
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...
CVE-2025-7445
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...
CVE-2025-7445 Kubernetes secrets-store-sync-controller discloses service account tokens in logs
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...