21 matches found
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: gh, step-issuer, cilium-cli, pulumi-language-dotnet, pulumi-language-java, crossplane-provider-azure-storage, ko, rancher, istio, docker-cli-buildx, syft, trivy, ksops, kyverno, tekton-chains, splunk-otel-collector, tkn, prometheus, tflint, k3s, cloud-provider-aws,...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: jaeger-operator, ingress-nginx-controller, bento, trillian, bank-vaults, restic, goreleaser, jitsucom-bulker, k8ssandra-client, cadvisor, opentelemetry-collector-contrib, conftest, knative-operator, cert-manager-webhook-pdns, step-issuer, argo-rollouts, net-kourier,...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: authentik, prometheus, gotrue, crossplane-provider-aws-ec2-fips, newrelic-infrastructure-agent, crossplane-provider-aws-kms-fips, crossplane-provider-aws-scheduler-fips, grafana-mimir-fips, k6-fips, trillian-fips, coredns-fips, cluster-api-provider-vsphere,...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: authentik, prometheus, gotrue, crossplane-provider-aws-ec2-fips, newrelic-infrastructure-agent, crossplane-provider-aws-kms-fips, crossplane-provider-aws-scheduler-fips, grafana-mimir-fips, k6-fips, trillian-fips, coredns-fips, cluster-api-provider-vsphere,...
GHSA-9H8M-3FM2-QJRQ vulnerabilities
Vulnerabilities for packages: prometheus, k6-fips, trillian-fips, coredns-fips, cluster-api-provider-vsphere, beats-fips, cert-manager-webhook-pdns, sftpgo-plugin-pubsub, datadog-operator, beats, k8s-agents-operator-fips, kubevela, ratify, skaffold-fips, grype, kyverno-notation-aws-fips, tfsec,...
CVE-2026-24051 vulnerabilities
Vulnerabilities for packages: prometheus, k6-fips, trillian-fips, coredns-fips, cluster-api-provider-vsphere, beats-fips, cert-manager-webhook-pdns, sftpgo-plugin-pubsub, datadog-operator, beats, k8s-agents-operator-fips, kubevela, ratify, skaffold-fips, grype, kyverno-notation-aws-fips, tfsec,...
GHSA-FW7P-63QQ-7HPR vulnerabilities
Vulnerabilities for packages: sqlexporter, fulcio-fips, spire-server-fips, cerbos, kyverno-policy-reporter-fips, kyverno-fips, gitea-fips, percona-xtradb-cluster-operator, loki, keda-fips, trillian-fips, kine, openfga-fips, sqlexporter-fips, terragrunt, beats-fips, amass, nuclei, vault,...
CVE-2025-27144 vulnerabilities
Vulnerabilities for packages: bank-vaults, goreleaser, step-issuer, grafana-alloy, vexctl, ko, undock, istio, trivy, ksops, gitsign, tekton-chains, sftpgo-plugin-kms, splunk-otel-collector, tkn, tflint, k3s, kiali, pulumi, traefik, policy-controller, cert-manager-istio-csr, spiffe-helper,...
GHSA-C6GW-W398-HV78 vulnerabilities
Vulnerabilities for packages: bank-vaults, goreleaser, step-issuer, grafana-alloy, vexctl, ko, undock, istio, trivy, ksops, gitsign, tekton-chains, sftpgo-plugin-kms, splunk-otel-collector, tkn, tflint, k3s, kiali, pulumi, traefik, policy-controller, cert-manager-istio-csr, spiffe-helper,...
GHSA-C6GW-W398-HV78 vulnerabilities
Vulnerabilities for packages: falcoctl, fulcio-fips, spire-server-fips, rancher-agent, kyverno-policy-reporter-fips, istio-cni, kyverno-fips, rook, ko-fips, grafana-mimir-fips, boring-registry, harbor-fips, keda-fips, splunk-otel-collector-fips, tekton-chains-fips, spire-controller-manager,...
OPENSUSE-SU-2025:14612-1 sops-3.9.3-1.1 on GA media
These are all security issues fixed in the sops-3.9.3-1.1 package on the GA media of openSUSE Tumbleweed...
GHSA-32GQ-X56H-299C vulnerabilities
Vulnerabilities for packages: litestream, age, ksops, flux-kustomize-controller, age-fips, grafana, sops, sops-fips, chezmoi, flux-kustomize-controller-fips, grafana-fips...
GO-2022-0410 Local directory executable lookup in sops (Windows-only) in go.mozilla.org/sops
Local directory executable lookup in sops Windows-only in go.mozilla.org/sops...
OPENSUSE-SU-2024:14104-1 sops-3.9.0-1.1 on GA media
These are all security issues fixed in the sops-3.9.0-1.1 package on the GA media of openSUSE Tumbleweed...
GHSA-C5Q2-7R4C-MV6G vulnerabilities
Vulnerabilities for packages: falcoctl, fulcio-fips, kubernetes-dashboard, spire-server-fips, rancher-agent, rook, ko-fips, keda-fips, temporal-fips, cert-manager-fips, neuvector-fips, terragrunt, vault, falcoctl-fips, gitsign, temporal-ui-server-fips, aactl, vault-csi-provider, zarf, cosign,...
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: cosign-fips, melange, crossplane-provider-aws-kms, flux-kustomize-controller, pulumi-language-yaml, cosign, flux-source-controller, terraform-provider-google, spire-server-fips, crossplane-provider-aws-kinesis, wolfictl, gomplate, pulumi-language-dotnet, vexctl, tkn,...
Malicious code in helm-secrets-sops-driver (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 90757472cd29931d6c7fbc69f6821bd0be3b056fdf34c1d231e3c4ad896f2f54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-X5C7-X7M2-RHMF Local directory executable lookup in sops (Windows-only)
Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...
Local directory executable lookup in sops (Windows-only)
Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...
Local directory executable lookup in sops (Windows-only)
Impact Windows users using the sops direct editor option sops file.yaml can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As...