21 matches found
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: trivy, datadog-agent, influxd, caddy, commercial-chainloop-backend, ingress-nginx-controller, elastic-agent, rabbitmq-messaging-topology-operator, kube-state-metrics, rclone-fips, snyk-cli, gatekeeper-fips, ko-fips, gitaly, juicefs, rke2-runtime, sonobuoy, kyverno,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: trivy, datadog-agent, influxd, caddy, commercial-chainloop-backend, ingress-nginx-controller, elastic-agent, rabbitmq-messaging-topology-operator, kube-state-metrics, rclone-fips, snyk-cli, gatekeeper-fips, ko-fips, gitaly, juicefs, rke2-runtime, sonobuoy, kyverno,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, prometheus-pushgateway-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller,...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-managedidentity, custom-pod-autoscaler-fips, ingress-nginx-controller, crossplane-provider-aws-sqs-fips, rabbitmq-messaging-topology-operator, goose, git-lfs, pvc-autoresizer, newrelic-nri-statsd, gitaly, thanos-receive-controller-fips,...
GHSA-59JP-PJ84-45MR vulnerabilities
Vulnerabilities for packages: zarf, sigstore-scaffolding, gitsign, skopeo, kots, aactl, tekton-chains, vexctl, slsa-verifier, cosign, falcoctl, falco-no-driver, kubescape, witness...
CVE-2026-22772 vulnerabilities
Vulnerabilities for packages: zarf, sigstore-scaffolding, gitsign, skopeo, kots, aactl, tekton-chains, vexctl, slsa-verifier, cosign, falcoctl, falco-no-driver, kubescape, witness...
CVE-2026-22772 vulnerabilities
Vulnerabilities for packages: podman-fips, vexctl, chainctl, flux-source-controller-fips, kyverno-policy-reporter-plugins-kyverno-fips, falco-no-driver, zarf, aactl, skopeo, slsa-verifier, kubescape, witness, falcoctl-fips, kots, gitsign, sigstore-scaffolding, tekton-chains, cosign, image-factory...
GHSA-3WHM-J4XM-RV8X vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, gptscript, kubernetes-dashboard-metrics-scraper, vcluster, eksctl, mc, wolfictl, pulumi-language-dotnet, kserve-modelmesh-serving, newrelic-nri-statsd, gatekeeper, metrics-server, kubernetes-dashboard-web, argocd-image-updater,...
GHSA-4F8R-QQR9-FQ8J vulnerabilities
Vulnerabilities for packages: gh, vexctl, slsa-verifier, kubescape, wolfictl, policy-controller, trivy, falcoctl, rekor, sigstore-scaffolding, gitsign, apko, neuvector-sigstore-interface, zot, spire-server, zarf, aactl, tekton-chains, tkn, cosign...
CVE-2024-47534 vulnerabilities
Vulnerabilities for packages: gh, vexctl, slsa-verifier, kubescape, wolfictl, policy-controller, trivy, falcoctl, rekor, sigstore-scaffolding, gitsign, apko, neuvector-sigstore-interface, zot, spire-server, zarf, aactl, tekton-chains, tkn, cosign...
CVE-2024-45395 vulnerabilities
Vulnerabilities for packages: cosign, slsa-verifier, gh, cosign-fips...
CVE-2024-45395 vulnerabilities
Vulnerabilities for packages: cosign, gh, slsa-verifier...
GHSA-CQ38-JH5F-37MQ vulnerabilities
Vulnerabilities for packages: cosign, slsa-verifier, gh, cosign-fips...
GHSA-CQ38-JH5F-37MQ vulnerabilities
Vulnerabilities for packages: cosign, gh, slsa-verifier...
GO-2023-2188 slsa-verifier vulnerable to mproper validation of npm's publish attestations in github.com/slsa-framework/slsa-verifier
slsa-verifier vulnerable to mproper validation of npm's publish attestations in github.com/slsa-framework/slsa-verifier...
GHSA-R2XV-VPR2-42M9 slsa-verifier vulnerable to mproper validation of npm's publish attestations
Summary slsa-verifier attestationstampered.json 5. SLSAVERIFIEREXPERIMENTAL=1 slsa-verifier verify-npm-package supreme-goggles.tgz --attestations-path attestationstampered.json --builder-id "https://github.com/actions/runner/github-hosted" --package-name "@trishankatdatadog/supreme-goggles"...
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: cert-manager, falco, spire-server-fips, k3d, k3s, scorecard, rancher-agent, kpt, aactl, ctop, skaffold, slsa-verifier, kubescape, falcoctl-fips, paranoia, bom, tekton-chains, chartmuseum, up...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: dgraph, kubeflow, aactl, terraform-provider-sendgrid, up, slsa-verifier, spark-operator, falco, scorecard, buildkitd, k3d, cortex, kubescape, prometheus-blackbox-exporter, src, kubevela...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: falco, k3d, kube-oidc-proxy, terraform-provider-sendgrid-fips, scorecard, kubernetes-csi-livenessprobe, volume-modifier-for-k8s-fips, vault-csi-provider, cortex, aactl, bank-vaults-fips, kubernetes-csi-livenessprobe-fips, prometheus-adapter-fips, src, slsa-verifier,...
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: aws-efs-csi-driver, caddy, kube-logging-logging-operator, newrelic-infrastructure-agent, atlantis, terraform-provider-sendgrid-fips, runc, aactl, kaf, kube-state-metrics, prometheus-adapter-fips, external-dns, kubescape, git-lfs, buildkitd,...