CLEANSTART-2026-NT30039 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2025-61732, CVE-2025-68121, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-33811, CVE-2026-33814, CVE-2026-33816, CVE-2026-34986, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-41889, CVE-2026-42499, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-4659, CVE-2026-46595, CVE-2026-46597, ghsa-273p-m2cw-6833, ghsa-4c4x-jm2x-pf9j, ghsa-4qg8-fj49-pxjh, ghsa-846p-jg2w-w324, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-whqx-f9j3-ch6m, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.13.3-r0, 1.14.1-r0, 1.14.1-r1, 1.14.1-r2, 1.14.5-r0, 1.14.5-r1

Multiple security vulnerabilities affect the spire-server-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: pgtimetable, gitness, cerbos, pgwatch, spire-server-fips, certificate-transparency-fips, dapr, hydra, amass, ferretdb, sftpgo, step-ca, falcosidekick, rke2-runtime, bento, telegraf, peerdb-flow, ldap2pg, azure-service-operator, ory-kratos-fips, jitsucom-bulker,...

GHSA-HFVC-G4FC-PQHX vulnerabilities

Vulnerabilities for packages: containerd, secrets-store-csi-driver-provider-gcp, secrets-store-csi-driver, cluster-api-azure-controller, kaniko, bento, gomplate, kyverno, spire-server, distribution, trivy-operator, cluster-api-provider-vsphere, envoy-gateway, istio, datadog-agent,...

CVE-2026-39883 vulnerabilities

Vulnerabilities for packages: fulcio-fips, opentofu-fips, gatekeeper-fips, opentelemetry-collector, newrelic-infrastructure-agent, agentbeat, chaos-mesh-fips, kubernetes, tfsec, ceph-csi-operator-fips, cilium-fips, crossplane-provider-azure-authorization, prometheus-alertmanager-fips,...

CLEANSTART-2026-PJ76318 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, ghsa-273p-m2cw-6833, ghsa-4c4x-jm2x-pf9j, ghsa-4qg8-fj49-pxjh, ghsa-846p-jg2w-w324, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-whqx-f9j3-ch6m applied in versions: 1.14.1-r0, 1.14.1-r1, 1.14.1-r2, 1.14.1-r3

Multiple security vulnerabilities affect the spire-server package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-FW7P-63QQ-7HPR vulnerabilities

Vulnerabilities for packages: kots, fulcio, dex, nri-mysql, splunk-otel-collector, wolfictl, minio, jitsucom-bulker, rekor, kyverno, spire-server, terragrunt, kyverno-policy-reporter, witness, kubeflow-pipelines, certificate-transparency, envoy-gateway, dgraph, apko, grafana-alloy, ksops, hydra,...

CLEANSTART-2026-XO49545 Within HostnameError

Multiple security vulnerabilities affect the spire-server-fips package. Within HostnameError. See references for individual vulnerability details...

CLEANSTART-2026-UI65993 Within HostnameError

Multiple security vulnerabilities affect the spire-server-fips package. Within HostnameError. See references for individual vulnerability details...

CVE-2025-47907 vulnerabilities

Vulnerabilities for packages: helm, nfs-subdir-external-provisioner, secrets-store-csi-driver-provider-gcp, glab, logstash-exporter, gops, kube-metrics-adapter, steampipe, nuclei, kubernetes-csi-driver-hostpath, kubecolor, kine, nri-kafka, sftpgo-plugin-eventstore, crossplane-provider-sql,...

CVE-2021-27098

In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: fulcio-fips, trivy, spire-server-fips, opentelemetry-collector, prometheus, up, falcoctl, druid, cluster-autoscaler, restic-fips, boring-registry, terragrunt, hugo, step-ca, restic, sigstore-scaffolding, trivy-fips, k8sgpt, thanos, bank-vaults, policy-controller-fips...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: flyte, fulcio, sigstore-scaffolding, secrets-store-csi-driver-provider-azure, py3-cassandra-medusa, rekor, py3-azure-identity, spire-server, tempo, terragrunt, trivy, airflow, zarf, zot, datadog-agent, ksops, kubescape, wal-g, fluent-bit-plugin-loki,...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: spire-server-fips, vexctl, chainctl, falcoctl, aactl, spire-server, policy-controller, falco, zot, slsa-verifier, tekton-chains, ko-fips, ko, neuvector-sigstore-interface, kubescape, tkn-fips, wolfictl, policy-controller-fips, gitsign, falcoctl-fips, tkn, goreleaser,...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: melange, falco, wolfictl, spire-server, zot, zarf, skaffold, apko, kubescape, gitsign, aactl, slsa-verifier, falcoctl, neuvector-sigstore-interface, tkn, goreleaser, policy-controller, ko, flux-source-controller, tekton-chains, vexctl...

GHSA-88JX-383Q-W4QC vulnerabilities

Vulnerabilities for packages: melange, falco, wolfictl, spire-server, zot, zarf, skaffold, apko, kubescape, gitsign, aactl, slsa-verifier, falcoctl, neuvector-sigstore-interface, tkn, goreleaser, policy-controller, ko, flux-source-controller, tekton-chains, vexctl...

CVE-2024-29903 vulnerabilities

Vulnerabilities for packages: spire-server-fips, vexctl, chainctl, falcoctl, aactl, spire-server, policy-controller, falco, zot, slsa-verifier, tekton-chains, ko-fips, ko, neuvector-sigstore-interface, kubescape, tkn-fips, wolfictl, policy-controller-fips, gitsign, falcoctl-fips, tkn, goreleaser,...

CVE-2024-29903 vulnerabilities

Vulnerabilities for packages: melange, falco, wolfictl, spire-server, zot, zarf, skaffold, apko, kubescape, gitsign, aactl, slsa-verifier, falcoctl, neuvector-sigstore-interface, tkn, goreleaser, policy-controller, ko, flux-source-controller, tekton-chains, vexctl...

CVE-2024-29902 vulnerabilities

Vulnerabilities for packages: spire-server-fips, vexctl, chainctl, falcoctl, aactl, spire-server, policy-controller, falco, zot, slsa-verifier, tekton-chains, ko-fips, ko, neuvector-sigstore-interface, kubescape, tkn-fips, wolfictl, policy-controller-fips, gitsign, falcoctl-fips, tkn, goreleaser,...

CVE-2024-29902 vulnerabilities

Vulnerabilities for packages: melange, falco, wolfictl, spire-server, zot, zarf, skaffold, apko, kubescape, gitsign, aactl, slsa-verifier, falcoctl, neuvector-sigstore-interface, tkn, goreleaser, policy-controller, ko, flux-source-controller, tekton-chains, vexctl...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: kaniko, trivy, buf, spire-server-fips, ctop, prometheus, grype, up, aactl, kargo, crossplane, spire-server, syft, docker-compose, conftest, zot, loki, dagger, cilium-cli, ko, wolfictl, kubescape, tkn, cadvisor, conftest-fips, buildkitd, melange, cadvisor-fips,...