54 matches found
CVE-2026-49478 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kyverno, aactl, falcoctl, buildah, gitsign, undock, kyverno-notation-aws, witness, zarf, kubescape, tekton-chains, podman, skopeo, slsa-verifier, kots, ratify...
GHSA-F5MR-Q85P-6HH6 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kyverno, aactl, falcoctl, buildah, gitsign, undock, kyverno-notation-aws, witness, zarf, kubescape, tekton-chains, podman, skopeo, slsa-verifier, kots, ratify...
GHSA-F5MR-Q85P-6HH6 vulnerabilities
Vulnerabilities for packages: podman, ratify, buildah, gitsign, kots, falcoctl, flux-source-controller-fips, witness, buildah-fips, aactl, tekton-chains, skopeo-fips, skopeo, flux-source-controller, kubescape-server, kyverno, zarf, kubescape, podman-fips, prometheus-podman-exporter-fips,...
CVE-2026-49478 vulnerabilities
Vulnerabilities for packages: podman, ratify, buildah, gitsign, kots, falcoctl, flux-source-controller-fips, witness, buildah-fips, aactl, tekton-chains, skopeo-fips, skopeo, flux-source-controller, kubescape-server, kyverno, zarf, kubescape, podman-fips, prometheus-podman-exporter-fips,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, kots, argo-cd-fips, frankenphp-8.3, flux-source-controller-fips, gitea-fips, flux, spire-server, tigera-operator, knative-eventing-fips, aactl, coder, opentofu, zitadel, commercial-grafana, prometheus, flux-fips, omnictl-multiarch,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, buildah, crossplane-provider-azure-synapse, gh, kots, argo-cd-fips, falcoctl, frankenphp-8.3, flux-source-controller-fips, ko-fips, chezmoi, gitea-fips, flux, spire-server, tigera-operator, knative-eventing-fips,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, kots, argo-cd-fips, frankenphp-8.3, flux-source-controller-fips, gitea-fips, flux, spire-server, tigera-operator, knative-eventing-fips, aactl, coder, opentofu, zitadel, commercial-grafana, prometheus, flux-fips, omnictl-multiarch,...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, kots, argo-cd-fips, frankenphp-8.3, flux-source-controller-fips, chezmoi, gitea-fips, flux, spire-server, tigera-operator, knative-eventing-fips, nuclei, aactl, syft-fips, grype-fips, dagger, opentofu, zitadel, commercial-grafana,...
GHSA-QPW4-5X99-6VJP vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, gh, kots, argo-cd-fips, frankenphp-8.3, flux-source-controller-fips, chezmoi, gitea-fips, flux, spire-server, tigera-operator, knative-eventing-fips, nuclei, aactl, syft-fips, grype-fips, coder, dagger, opentofu, zitadel,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: chisel, grype, gitea, flux, kubescape, zot, helm, argocd-image-updater, syft, pulumi-language-yaml, docker-cli-buildx, external-dns, cert-manager, pulumi-language-java, mods, kots, flux-source-controller, gatus, flux-image-automation-controller, kubernetes, kargo,...
GHSA-JJRM-HR5F-673X Source controller: Improper path handling allows traversal
Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...
Source controller: Improper path handling allows traversal
Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...
PT-2026-47088
Name of the Vulnerable Software and Affected Versions source-controller versions prior to 1.8.5 Description Improper path handling allows for path traversal in two scenarios. First, an actor capable of influencing the contents of a bucket referenced by a Bucket resource can force the...
FlexRIC 安全漏洞
FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability arises from trusting the xappid field in the trust E42 message without binding it to the sender’s SCTP association. As a result, remote...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: rancher-fleet, external-secrets-operator, grype, nfpm, gitea, flux, xeol, zarf, kubescape, grafana-alloy, zot, syft, gitlab-runner, argocd-image-updater, trivy-operator, wolfictl, gitaly, apko, kubevela, src-fingerprint, crossplane, bom, tfsec, steampipe,...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: external-secrets-operator-fips, kots, argo-cd-fips, gitea-fips, flux, nuclei, syft-fips, grype-fips, coder, dagger, grafana, tfsec, packer-fips, flux-fips, grafana-alloy-fips, terragrunt, gitlab-rails-ce, zarf-fips, kyverno-fips, k9s-fips, grafana-alloy, gitaly,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: docker-compose, kyverno-notation-aws, zarf, kubescape, zot, trivy-operator, gitlab-runner, slsa-verifier, gh, tkn, aactl, docker-cli-buildx, crossplane, bom, tekton-chains, dagger, flux-source-controller, trivy, spire-server, goreleaser, buildkitd, ko,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: gh, falcoctl, ko-fips, flux-source-controller-fips, spire-server, chainloop-control-plane, aactl, tekton-chains, dagger, kyverno-notation-aws, docker-compose-fips, zarf-fips, policy-controller-fips, kyverno-fips, slsa-verifier, kyverno-notation-aws-fips, tflint,...
CVE-2026-39984 vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, sigstore-scaffolding, zarf, kubescape, zot, trivy-operator, slsa-verifier, gh, tkn, aactl, docker-cli-buildx, crossplane, tekton-chains, flux-source-controller, trivy, spire-server, goreleaser, buildkitd, ko, policy-controller, teleport, vexctl,...
GHSA-XM5M-WGH2-RRG3 vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, sigstore-scaffolding, zarf, kubescape, zot, trivy-operator, slsa-verifier, gh, tkn, aactl, docker-cli-buildx, crossplane, tekton-chains, flux-source-controller, trivy, spire-server, goreleaser, buildkitd, ko, policy-controller, teleport, vexctl,...