344 matches found
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: cilium-cli, fscrypt, rancher-agent, coder, kube-state-metrics, knative-serving-fips, keda-fips, argo-workflows-fips, minio-fips, upwind-agent, kube-arangodb-fips, trivy, spire-server, tekton-pipelines-fips, trivy-operator-fips, gitlab-rails-ce, telegraf, cert-manager...
GHSA-9M57-25V3-79X9 vulnerabilities
Vulnerabilities for packages: cilium-cli, fscrypt, rancher-agent, kube-state-metrics, knative-serving-fips, keda-fips, argo-workflows-fips, docker-cli-buildx, upwind-agent, kube-arangodb-fips, spire-server, podman-fips, tekton-pipelines-fips, docker-cli-buildx-fips, gitlab-rails-ce, telegraf,...
GHSA-89GR-R52H-F8RX vulnerabilities
Vulnerabilities for packages: ollama-fips, falcoctl, chainloop-cli, cilium-cli, fscrypt, coder, k8sgpt, rancher-agent, ksops, rootlesskit-fips, docker-fips, flux-kustomize-controller, kube-state-metrics, wal-g, knative-serving-fips, helmfile, gatus-fips, keda-fips, argo-workflows-fips, minio-fips...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: chainloop-cli, cilium-cli, fscrypt, rancher-agent, kube-state-metrics, knative-serving-fips, keda-fips, argo-workflows-fips, minio-fips, upwind-agent, kube-arangodb-fips, trivy, spire-server, argo-events-fips, podman-fips, tekton-pipelines-fips, terragrunt,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: cilium-cli, fscrypt, rancher-agent, coder, kube-state-metrics, knative-serving-fips, keda-fips, argo-workflows-fips, minio-fips, upwind-agent, kube-arangodb-fips, trivy, spire-server, tekton-pipelines-fips, trivy-operator-fips, gitlab-rails-ce, telegraf, cert-manager...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: chainloop-cli, cilium-cli, fscrypt, rancher-agent, kube-state-metrics, knative-serving-fips, keda-fips, argo-workflows-fips, docker-cli-buildx, upwind-agent, kube-arangodb-fips, trivy, spire-server, argo-events-fips, podman-fips, tekton-pipelines-fips, go-discover,...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: falcoctl, coder, rootlesskit-fips, docker-fips, keda-fips, minio-fips, crossplane-provider-aws-scheduler, upwind-agent, trivy, spire-server, crossplane-provider-azure-managedidentity, crossplane-provider-aws-backup, crossplane-provider-aws-ec2-fips,...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: falcoctl, coder, rootlesskit-fips, docker-fips, keda-fips, minio-fips, crossplane-provider-aws-scheduler, upwind-agent, trivy, spire-server, crossplane-provider-azure-managedidentity, crossplane-provider-aws-backup, crossplane-provider-aws-ec2-fips,...
GHSA-VGWF-H737-FF37 vulnerabilities
Vulnerabilities for packages: longhorn-manager-fips, chainloop-cli, cilium-cli, fscrypt, coder, rancher-agent, rootlesskit-fips, wal-g, docker-fips, kube-state-metrics, knative-serving-fips, gatus-fips, keda-fips, argo-workflows-fips, minio-fips, docker-cli-buildx, upwind-agent, kube-arangodb-fip...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: ollama-fips, falcoctl, chainloop-cli, cilium-cli, fscrypt, coder, k8sgpt, rancher-agent, ksops, rootlesskit-fips, docker-fips, flux-kustomize-controller, kube-state-metrics, wal-g, knative-serving-fips, helmfile, gatus-fips, keda-fips, argo-workflows-fips, minio-fips...
GHSA-QPW4-5X99-6VJP vulnerabilities
Vulnerabilities for packages: longhorn-manager-fips, chainloop-cli, cilium-cli, fscrypt, coder, rancher-agent, rootlesskit-fips, wal-g, docker-fips, kube-state-metrics, knative-serving-fips, gatus-fips, keda-fips, argo-workflows-fips, minio-fips, docker-cli-buildx, upwind-agent, kube-arangodb-fip...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: cilium-cli, fscrypt, rancher-agent, kube-state-metrics, knative-serving-fips, keda-fips, argo-workflows-fips, docker-cli-buildx, upwind-agent, kube-arangodb-fips, spire-server, podman-fips, tekton-pipelines-fips, docker-cli-buildx-fips, gitlab-rails-ce, telegraf,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: zarf, cilium, kubescape, cilium-cli, chisel, kyverno, trivy, kaf, kubernetes-dashboard, spire-server, containerd, aactl, k3s, helm, knative-serving, flux-source-controller, prometheus-operator, cloud-provider-aws, cert-manager, minio, loki, argo-cd,...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: zarf, go-discover, kyverno, trivy, kubernetes-dashboard, containerd, pulumi-kubernetes-operator, flux-source-controller, prometheus-operator, argo-cd, flux-image-automation-controller, trivy-operator, act, k9s, podman, kubernetes, apko, rancher-agent, scorecard,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: zarf, cilium, kubescape, cilium-cli, chisel, kyverno, trivy, kaf, kubernetes-dashboard, spire-server, containerd, aactl, k3s, helm, knative-serving, flux-source-controller, prometheus-operator, cloud-provider-aws, cert-manager, minio, loki, argo-cd,...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: grype, zarf, cilium, kubescape, cilium-cli, opentofu, kyverno, trivy, kaf, kubernetes-dashboard, spire-server, containerd, aactl, k3s, helm, pulumi-kubernetes-operator, knative-serving, nfpm, flux-source-controller, chezmoi, cloud-provider-aws, prometheus-operator,...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: cilium, cilium-cli, buildah, kyverno, kaf, kubernetes-dashboard, spire-server, containerd, aactl, k3s, helm, knative-serving, prometheus-operator, cloud-provider-aws, teleport, cert-manager, minio, loki, argo-cd, gitlab-kas, mattermost, flux, snyk-cli,...
CVE-2025-71379
vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...
EUVD-2025-210290
vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...
vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving
Summary Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via torch::empty uninitialized memory, but the dequantize CUDA kernel processes only a truncated...