44 matches found
Source controller: Improper path handling allows traversal
Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...
GHSA-JJRM-HR5F-673X Source controller: Improper path handling allows traversal
Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...
PT-2026-47088
Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...
FlexRIC security vulnerabilities
FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability arises from trusting the xappid field in the trust E42 message without binding it to the sender’s SCTP association. As a result, remote...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: gitlab-runner, trufflehog, gitaly, src-fingerprint, gomplate, goreleaser, grafana, crossplane, trivy-operator, cerbos, teleport, pulumi-language-yaml, skaffold, wolfictl, argo-workflows, gitea, gitsign, act, grype, kaniko, apko, external-secrets-operator, kubevela,...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: scorecard, zarf-fips, trivy, gitaly-fips, cg, kargo, k9s, pulumi-kubernetes-operator, chainloop-cli, nemo, pulumi, gomplate, guac, trufflehog, trufflehog-fips, gitlab-rails-ce, packer-fips, act, skaffold, rancher-fleet, chainctl, nuclei, goreleaser, kyverno,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: gitlab-runner, ko, goreleaser, buildkitd, rekor, crossplane, cosign, trivy-operator, tekton-chains, teleport, skaffold, gitsign, falcoctl, vexctl, docker-cli-buildx, guac, kyverno, kyverno-notation-aws, policy-controller, kubescape, dagger, aactl, gh,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: falcoctl, zarf-fips, trivy, policy-controller-fips, policy-controller, kyverno-notation-aws-fips, cg, chainloop-cli, gh, tkn-fips, ratify-fips, spire-server, tkn, rekor-fips, guac, tekton-chains-fips, docker-cli-buildx-fips, skaffold, chainctl, goreleaser, kyverno,...
GHSA-XM5M-WGH2-RRG3 vulnerabilities
Vulnerabilities for packages: ko, sigstore-scaffolding, goreleaser, buildkitd, crossplane, cosign, trivy-operator, tekton-chains, skaffold, gitsign, falcoctl, vexctl, docker-cli-buildx, kyverno, kyverno-notation-aws, policy-controller, kubescape, aactl, gh, neuvector-sigstore-interface, witness,...
CVE-2026-39984 vulnerabilities
Vulnerabilities for packages: ko, sigstore-scaffolding, goreleaser, buildkitd, crossplane, cosign, trivy-operator, tekton-chains, skaffold, gitsign, falcoctl, vexctl, docker-cli-buildx, kyverno, kyverno-notation-aws, policy-controller, kubescape, aactl, gh, neuvector-sigstore-interface, witness,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: newrelic-infra-operator, stakater-reloader, flux-helm-controller, tailscale, aws-network-policy-agent, actions-runner-controller, goreleaser, rabbitmq-messaging-topology-operator, local-path-provisioner, omnibump, malcontent, mariadb-operator, nova,...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: cloud-sql-proxy, kubeflow-katib, cluster-api, contour, cloud-provider-vsphere, db-operator, rancher-helm, trivy-operator, kwok, pulumi-language-yaml, splunk-otel-collector, volume-modifier-for-k8s, cue, aws-flb-cloudwatch, chartmuseum, minio-object-browser, gitsign,...
GHSA-J5W8-Q4QC-RX2X vulnerabilities
Vulnerabilities for packages: cloud-provider-gcp-cloud-controller-manager, temporal-server, actions-runner-controller, crossplane-provider-aws-route53, src, crossplane-provider-aws-eks, infinispan-operator, ipfs-cluster, kaf, tekton-pipelines, swagger, crossplane-provider-azure-authorization,...
GHSA-F6X5-JH6R-WRFV vulnerabilities
Vulnerabilities for packages: cloud-provider-gcp-cloud-controller-manager, temporal-server, actions-runner-controller, crossplane-provider-aws-route53, src, crossplane-provider-aws-eks, spqr, infinispan-operator, ipfs-cluster, kaf, tekton-pipelines, crossplane-provider-azure-authorization, minio,...
CVE-2025-47914 vulnerabilities
Vulnerabilities for packages: cloud-provider-gcp-cloud-controller-manager, temporal-server, actions-runner-controller, crossplane-provider-aws-route53, src, crossplane-provider-aws-eks, spqr, infinispan-operator, ipfs-cluster, kaf, tekton-pipelines, crossplane-provider-azure-authorization, minio,...
CVE-2025-58181 vulnerabilities
Vulnerabilities for packages: cloud-provider-gcp-cloud-controller-manager, temporal-server, actions-runner-controller, crossplane-provider-aws-route53, src, crossplane-provider-aws-eks, infinispan-operator, ipfs-cluster, kaf, tekton-pipelines, swagger, crossplane-provider-azure-authorization,...
CVE-2025-9148 CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed...
PT-2025-33817 · Unknown · Codephiliax Chat2Db
Name of the Vulnerable Software and Affected Versions: CodePhiliaX Chat2DB versions through 0.3.7 Description: A SQL injection issue exists in the JDBC Connection Handler component of CodePhiliaX Chat2DB. The issue affects an unknown function within the...
GHSA-J5PM-7495-QMR3 vulnerabilities
Vulnerabilities for packages: custom-pod-autoscaler-fips, secrets-store-csi-driver-provider-azure-fips, kubernetes-dashboard-web, spegel, consul-k8s-fips, k3s, crossplane-provider-sql-fips, kbld-fips, rook, policy-controller, cert-manager-fips, nerdctl-fips, keda, spire-server,...
CVE-2024-31216
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...