44 matches found
Source controller: Improper path handling allows traversal
Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...
GHSA-JJRM-HR5F-673X Source controller: Improper path handling allows traversal
Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...
PT-2026-47088
Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...
FlexRIC security vulnerabilities
FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability arises from trusting the xappid field in the trust E42 message without binding it to the sender’s SCTP association. As a result, remote...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: trufflehog, steampipe, pulumi-language-yaml, kots, wolfictl, tfsec, bom, pulumi-language-java, grafana-alloy, argo-cd, argo-workflows, act, external-secrets-operator, gitaly, gptscript, nfpm, gitlab-runner, gitsign, kubevela, gitea, src-fingerprint, xeol, skaffold,...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: cloudbeat, kaniko, cerbos, packer, external-secrets-operator-fips, gitsign, cloudbeat-fips, trivy-fips, apko, chainloop-cli-fips, grype, pulumi-language-java, flux-image-automation-controller, argo-workflows, src-fingerprint-fips, zot, tfsec, grafana-alloy, nuclei,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: tflint, bom, neuvector-sigstore-interface, spire-server, docker-compose, vexctl, gitlab-runner, gitsign, zot, ko, skaffold, goreleaser, slsa-verifier, gh, docker-cli-buildx, tkn, tekton-chains, zarf, falcoctl, trivy, kubescape, aactl, docker, kyverno-notation-aws,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: cloudbeat, ratify-fips, gitsign, cosign, cloudbeat-fips, trivy-fips, chainloop-cli-fips, docker, slsa-verifier, zot, skaffold, buildkitd, bom, kyverno-policy-reporter-plugins-kyverno, kyverno, docker-fips, ko, kyverno-notation-aws-fips, kubescape-server,...
GHSA-XM5M-WGH2-RRG3 vulnerabilities
Vulnerabilities for packages: tflint, neuvector-sigstore-interface, spire-server, vexctl, gitsign, zot, ko, skaffold, goreleaser, gh, docker-cli-buildx, tkn, tekton-chains, zarf, sigstore-scaffolding, witness, falcoctl, trivy, kubescape, aactl, kyverno-notation-aws, policy-controller, docker,...
CVE-2026-39984 vulnerabilities
Vulnerabilities for packages: tflint, neuvector-sigstore-interface, spire-server, vexctl, gitsign, zot, ko, skaffold, goreleaser, gh, docker-cli-buildx, tkn, tekton-chains, zarf, sigstore-scaffolding, witness, falcoctl, trivy, kubescape, aactl, kyverno-notation-aws, policy-controller, docker,...
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: omnibump, flux-helm-controller, tailscale, kubewatch, external-secrets-operator, flux-operator, spire-server, dataplaneapi, aws-network-policy-agent, newrelic-infra-operator, nfs-subdir-external-provisioner, polaris, flux-image-reflector-controller, dbmate, gorelease...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: fscrypt, rancher-machine, task, minio-object-browser, tailscale, cloud-provider-vsphere, cert-manager-cmctl, kubernetes-csi-external-attacher, argo-cd, weaviate, delve, kube-vip, spire-server, dataplaneapi, falco-exporter, grafana-agent-operator, vexctl, go-discover,...
GHSA-J5W8-Q4QC-RX2X vulnerabilities
Vulnerabilities for packages: hugo, metrics-server, tailscale, gptscript, weaviate, crossplane-provider-aws-kinesis, goreleaser, frp, docker-cli-buildx, oauth2-proxy, zarf, kubeflow-katib, prometheus-blackbox-exporter, kargo, openbao, ksops, trivy, cadvisor, gcp-compute-persistent-disk-csi-driver...
GHSA-F6X5-JH6R-WRFV vulnerabilities
Vulnerabilities for packages: hugo, metrics-server, gptscript, weaviate, crossplane-provider-aws-kinesis, goreleaser, docker-cli-buildx, oauth2-proxy, zarf, rqlite, kubeflow-katib, prometheus-blackbox-exporter, kargo, ksops, temporal-ui-server, cadvisor, gcp-compute-persistent-disk-csi-driver,...
CVE-2025-47914 vulnerabilities
Vulnerabilities for packages: hugo, metrics-server, gptscript, weaviate, crossplane-provider-aws-kinesis, goreleaser, docker-cli-buildx, oauth2-proxy, zarf, rqlite, kubeflow-katib, prometheus-blackbox-exporter, kargo, ksops, temporal-ui-server, cadvisor, gcp-compute-persistent-disk-csi-driver,...
CVE-2025-58181 vulnerabilities
Vulnerabilities for packages: hugo, metrics-server, tailscale, gptscript, weaviate, crossplane-provider-aws-kinesis, goreleaser, frp, docker-cli-buildx, oauth2-proxy, zarf, kubeflow-katib, prometheus-blackbox-exporter, kargo, openbao, ksops, trivy, cadvisor, gcp-compute-persistent-disk-csi-driver...
CVE-2025-9148 CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed...
PT-2025-33817 · Unknown · Codephiliax Chat2Db
Name of the Vulnerable Software and Affected Versions: CodePhiliaX Chat2DB versions through 0.3.7 Description: A SQL injection issue exists in the JDBC Connection Handler component of CodePhiliaX Chat2DB. The issue affects an unknown function within the...
GHSA-J5PM-7495-QMR3 vulnerabilities
Vulnerabilities for packages: logstash-exporter, cilium-fips, swagger, cluster-api-helm-controller-fips, aws-flb-cloudwatch-fips, x509-certificate-exporter-fips, cloudnative-pg-fips, grpcurl, eck-operator, flux-helm-controller, argo-workflows, zot, spegel, kbld, temporal-fips, kube-rbac-proxy, yt...
CVE-2024-31216
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...