CLEANSTART-2026-PV93827 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.25.4-r0, 1.25.4-r1, 1.25.4-r2

Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-6RXQ-Q92G-4RMF kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories

kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A tar entry like ../outside.txt escapes the extraction root and writes files outside the destination directory. In environments with registry authentication, this ca...

CVE-2026-28406 kaniko has tar archive path traversal in build context extraction allows writing files outside destination directory

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper verification of repository context during the deletion process. An attacker can remove attachments they previously uploaded to a repository, even after losing access to that...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of project ownership during organization project operations. An attacker can modify projects belonging to a different organization by leveraging project write acce...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the web interface when canceling scheduled auto-merges. An attacker can terminate auto-merges scheduled by other users by leveraging read access to pull requests. Remediation Upgrade...

Authorization Bypass Through User-Controlled Key

Overview code.gitea.io/gitea/modules/git is a Go module to access Git through shell commands. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of repository ownership in the delete process for Git LFS locks. An attacker c...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the stopwatch API. An attacker can access issue titles and repository names of private repositories by continuing to use previously started stopwatches after their access has been revoked. Remediation Upgrade...

Fedora 43 : migrate (2025-427af3b610)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-427af3b610 advisory. - Update to 4.19.0 - Address CVEs by rebuilding with Go 1.25.4 Tenable has extracted the preceding description block directly from the Fedora securi...

170051277-trab-final-gces (>=0.3.0 <=0.5.0), 2022-2-gces-ifpf (=0.3.0) +10956 more potentially affected by CVE-2021-33503 via urllib3 (>=1.25.4 <=1.26.4)

urllib3 PYPI version =1.25.4, =0.3.0, =0.0.1a0, =2.3.84, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.1.0, =0.1.0, =1.0.28, =0.6.0, =0.8.0 and more Source cves: CVE-2021-33503 Source advisory: OSV:GHSA-Q2Q7-5PP4-W6PG...

openSUSE Security Update : mpg123 (openSUSE-2017-1035)

This update for mpg123 fixes the following issues : - Update to version 1.25.6 - Hotfix for bug 255: Overflow reading frame data bits in layer II decoding. Now, all-zero data is returned if the frame data is exhausted. This might have a slight impact on performance, but not easily measurable so...