54 matches found
GHSA-F5MR-Q85P-6HH6 vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, kubescape, tekton-chains, aactl, skopeo, gitsign, undock, zarf, kyverno, witness, flux-source-controller, podman...
CVE-2026-49478 vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, kubescape, tekton-chains, aactl, skopeo, gitsign, undock, zarf, kyverno, witness, flux-source-controller, podman...
GHSA-F5MR-Q85P-6HH6 vulnerabilities
Vulnerabilities for packages: flux-source-controller, podman, prometheus-podman-exporter-fips, podman-fips, portieris-fips, kyverno-notation-aws-fips, kyverno, chainctl-fips, skopeo, kubescape-server, aactl, gitsign, zarf-fips, undock, buildah-fips, kyverno-fips, falcoctl-fips,...
CVE-2026-49478 vulnerabilities
Vulnerabilities for packages: flux-source-controller, podman, prometheus-podman-exporter-fips, podman-fips, portieris-fips, kyverno-notation-aws-fips, kyverno, chainctl-fips, skopeo, kubescape-server, aactl, gitsign, zarf-fips, undock, buildah-fips, kyverno-fips, falcoctl-fips,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: seaweedfs-rocksdb-fips, frankenphp-8.5, osv-scanner, containerd, cloud-provider-aws, prometheus-operator, telegraf, gitlab-workhorse-ce-fips, k9s-fips, kubescape-server, trivy-operator, knative-kafka-broker, coder-fips, aactl, drone, k3s, calico-fips, zarf-fips,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: seaweedfs-rocksdb-fips, frankenphp-8.5, osv-scanner, containerd, cloud-provider-aws, prometheus-operator, telegraf, gitlab-workhorse-ce-fips, k9s-fips, kubescape-server, trivy-operator, knative-kafka-broker, coder-fips, aactl, drone, k3s, calico-fips, zarf-fips,...
GHSA-78MQ-XCR3-XM33 vulnerabilities
Vulnerabilities for packages: terragrunt, amazon-ssm-agent, podman, pulumi, wolfictl, grype-db, prometheus-podman-exporter-fips, podman-fips, pulumi-kubernetes-operator, frankenphp-8.5, osv-scanner, containerd, cloud-provider-aws, prometheus-operator, telegraf, gitlab-workhorse-ce-fips, k9s-fips,...
GHSA-QPW4-5X99-6VJP vulnerabilities
Vulnerabilities for packages: seaweedfs-rocksdb-fips, terragrunt, amazon-ssm-agent, podman, pulumi, wolfictl, peerdb-flow, grype-db, prometheus-podman-exporter-fips, podman-fips, pulumi-kubernetes-operator, frankenphp-8.5, osv-scanner, containerd, cloud-provider-aws, prometheus-operator, telegraf...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-network, seaweedfs-rocksdb-fips, terraform-provider-azurerm, crossplane-provider-azure-servicefabric, terragrunt, amazon-ssm-agent, crossplane-provider-azure-servicelinker, podman, pulumi, wolfictl, peerdb-flow, grype-db,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, rootlesskit, gomplate, opentelemetry-collector, loki, pulumi, grype, chisel, pulumi-language-yaml, docker-cli-buildx, flux-kustomize-controller, policy-controller, eksctl, glab, kargo, tekton-chains, gitea, minio, kaf, ko, atlantis, kyvern...
GHSA-JJRM-HR5F-673X Source controller: Improper path handling allows traversal
Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...
Source controller: Improper path handling allows traversal
Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...
PT-2026-47088
Name of the Vulnerable Software and Affected Versions source-controller versions prior to 1.8.5 Description Improper path handling allows for path traversal in two scenarios. First, an actor capable of influencing the contents of a bucket referenced by a Bucket resource can force the...
FlexRIC 安全漏洞
FlexRIC is an open-source RAN intelligent controller developed by Mosaic5G. The FlexRIC v2.0.0 version contains a security vulnerability. This vulnerability arises from trusting the xappid field in the trust E42 message without binding it to the sender’s SCTP association. As a result, remote...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: osv-scanner, pulumi-kubernetes-operator, dagger, gomplate, grafana-alloy, grafana, teleport, flux-source-controller, pulumi, grype, xeol, trufflehog, argo-workflows, nfpm, syft, trivy, argo-cd, pulumi-language-yaml, kaniko, apko, bom, gitaly, steampipe, skaffold, zar...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: argo-workflows, terragrunt, amazon-ssm-agent, wolfictl, pulumi, grype-db, pulumi-kubernetes-operator, osv-scanner, bom, k9s-fips, kubescape-server, trivy-operator, coder-fips, gitaly, grafana-alloy-fips, zarf-fips, gitea-fips, kyverno-fips, kaniko, scorecard,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: cosign, dagger, docker, ratify, slsa-verifier, flux-source-controller, teleport, tkn, rekor, trivy, vexctl, docker-cli-buildx, bom, policy-controller, zarf, skaffold, kyverno-notation-aws, trivy-operator, tekton-chains, aactl, gitsign, ko, kyverno, buildkitd, guac,...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: bom, kubescape-server, trivy-operator, docker-cli-buildx, cosign, chainloop-control-plane, aactl, spire-server-fips, docker-compose, chainloop-control-plane-fips, zarf-fips, kyverno-fips, buildkitd-fips, kyverno-notation-aws, tekton-chains-fips, goreleaser,...
CVE-2026-39984 vulnerabilities
Vulnerabilities for packages: cosign, docker, teleport, flux-source-controller, tkn, trivy, vexctl, docker-cli-buildx, policy-controller, zarf, skaffold, kyverno-notation-aws, trivy-operator, tekton-chains, aactl, gitsign, ko, kyverno, witness, sigstore-scaffolding, buildkitd, kubescape, zot, gh,...
GHSA-XM5M-WGH2-RRG3 vulnerabilities
Vulnerabilities for packages: cosign, docker, teleport, flux-source-controller, tkn, trivy, vexctl, docker-cli-buildx, policy-controller, zarf, skaffold, kyverno-notation-aws, trivy-operator, tekton-chains, aactl, gitsign, ko, kyverno, witness, sigstore-scaffolding, buildkitd, kubescape, zot, gh,...