44 matches found
CVE-2025-32387 vulnerabilities
Vulnerabilities for packages: helm-docs, flux-helm-controller, cluster-api-helm-controller, teleport, chartmuseum, k8ssandra-client, kots, rancher-helm, k9s, kubescape, cert-manager-cmctl, cilium-cli, chart-testing, helm-operator, helm-push, trivy, consul-k8s, tw, zot, flux, pluto,...
GHSA-4HFP-H4CW-HJ8P vulnerabilities
Vulnerabilities for packages: helm-docs, flux-helm-controller, cluster-api-helm-controller, teleport, chartmuseum, k8ssandra-client, kots, rancher-helm, k9s, kubescape, cert-manager-cmctl, cilium-cli, chart-testing, helm-operator, helm-push, trivy, consul-k8s, tw, zot, flux, pluto,...
CVE-2025-32386 vulnerabilities
Vulnerabilities for packages: helm-docs, flux-helm-controller, cluster-api-helm-controller, teleport, chartmuseum, k8ssandra-client, kots, rancher-helm, k9s, kubescape, cert-manager-cmctl, cilium-cli, chart-testing, helm-operator, helm-push, trivy, consul-k8s, tw, zot, flux, pluto,...
GHSA-5XQW-8HWV-WG92 vulnerabilities
Vulnerabilities for packages: helm-docs, flux-helm-controller, cluster-api-helm-controller, teleport, chartmuseum, k8ssandra-client, kots, rancher-helm, k9s, kubescape, cert-manager-cmctl, cilium-cli, chart-testing, helm-operator, helm-push, trivy, consul-k8s, tw, zot, flux, pluto,...
GHSA-265R-HFXG-FHMG vulnerabilities
Vulnerabilities for packages: flux-helm-controller, fuse-overlayfs-snapshotter, k3s, buildkitd, cluster-api-helm-controller, teleport, skaffold, wolfictl, chartmuseum, neuvector-scanner, grype, kaniko, k8ssandra-client, kubevela, kots, docker-cli-buildx, spegel, melange,...
CVE-2024-40635 vulnerabilities
Vulnerabilities for packages: helm-operator-fips, spegel, consul-k8s-fips, k3s, trivy, cert-manager-fips, cert-manager-cmctl, helm-operator, kargo, opa-envoy, k8ssandra-client, helm, neuvector-scanner-fips, newrelic-infrastructure-agent, docker-cli-buildx-fips, k8ssandra-client-fips, skaffold,...
GHSA-265R-HFXG-FHMG vulnerabilities
Vulnerabilities for packages: helm-operator-fips, spegel, consul-k8s-fips, k3s, trivy, cert-manager-fips, cert-manager-cmctl, helm-operator, kargo, opa-envoy, k8ssandra-client, helm, neuvector-scanner-fips, newrelic-infrastructure-agent, docker-cli-buildx-fips, k8ssandra-client-fips, skaffold,...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: sigstore-scaffolding, rook, trino, bank-vaults, external-dns, buildkitd, goreleaser, hugo-extended, opentelemetry-collector-contrib, rekor, cosign, grafana-mimir, fulcio, tekton-chains, teleport, argo-workflows, restic, falcoctl, grafana-agent-operator, hugo,...
GO-2024-2859 source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller
source-controller leaks Azure Storage SAS token into logs in github.com/fluxcd/source-controller...
CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...
CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...
CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...
Source controller 安全漏洞
Source controller is a component of the Flux project. A security vulnerability exists in source-controller versions prior to 1.2.5. An attacker can exploit this vulnerability to gain access to Azure Blob Storage...
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: kots, cert-manager-fips, kubevela, zot, helm-operator, k9s, zarf, cilium-cli, cert-manager, helm-push, trivy, up, k8sgpt, eksctl, kubescape, flux-source-controller, chartmuseum, flux-helm-controller...
GHSA-V53G-5GJP-272R vulnerabilities
Vulnerabilities for packages: trivy, zot, flux-helm-controller, kubescape, flux-source-controller, k9s, kubevela, eksctl, kots, cilium-cli, helm-operator, up, helm-push, k8sgpt, zarf, chartmuseum...
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: kots, cert-manager-fips, kubevela, zot, helm-operator, k9s, zarf, cilium-cli, cert-manager, helm-push, trivy, up, k8sgpt, eksctl, kubescape, flux-source-controller, chartmuseum, flux-helm-controller...
GHSA-VFP6-JRW2-99G9 vulnerabilities
Vulnerabilities for packages: tekton-chains, skaffold, spire-server-fips, aactl, apko, melange, slsa-verifier, cosign, spire-server, ko, tkn, kubescape, flux-source-controller, policy-controller, falcoctl-fips, falco...
CVE-2023-46737 vulnerabilities
Vulnerabilities for packages: tekton-chains, skaffold, spire-server-fips, aactl, apko, melange, slsa-verifier, cosign, spire-server, ko, tkn, kubescape, flux-source-controller, policy-controller, falcoctl-fips, falco...
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: scorecard, aactl, k3s, ctop, rancher-agent, kubescape, k3d, spire-server-fips, bom, falcoctl-fips, falco, kpt, slsa-verifier, cert-manager, paranoia, tekton-chains, chartmuseum, skaffold, up...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: cortex, prometheus-blackbox-exporter, kubescape, slsa-verifier, buildkitd, aactl, kubevela, scorecard, dgraph, src, terraform-provider-sendgrid, spark-operator, kubeflow, up, falco, ipfs, k3d...