CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: step-issuer, azure-service-operator, keda, pgtimetable, gitaly, spqr, opentelemetry-collector-contrib, teleport, kuma, gitness, sqlexporter, steampipe, step, juicefs, hydra, sftpgo-plugin-eventstore, spire-server, wal-g, flyte, grafana, jitsucom-bulker, openbao,...

CVE-2025-63811 vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, splunk-otel-collector, grafana-alloy, bento, argo-events, opentelemetry-collector-contrib, dapr, sqlexporter, telegraf, cluster-api-aws-controller...

GHSA-9MJ6-HXHV-W67J vulnerabilities

Vulnerabilities for packages: argo-events-fips, splunk-otel-collector, dapr-fips, cluster-api-aws-controller, jitsucom-bulker, bento, grafana-alloy, splunk-otel-collector-fips, sqlexporter-fips, vault-fips, cluster-api-aws-controller-fips, sqlexporter, vault, argo-events, dapr, telegraf,...

GHSA-79JV-5226-783F OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand

Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...