20/11-2024
Cert-Manager
Potential slowdown / DoS when parsing specially crafted PEM inputs
Low
18/10-2024
Keycloak
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
High
1/10-2024
Go-TUF
Incorrect delegation lookups can make go-tuf download the wrong artifact
High
30/9-2024
expressjs/basic-auth-connect
basic-auth-connect's callback uses time unsafe string comparison
Low
10/9-2024
expressjs/body-parser
body-parser vulnerable to denial of service when url encoding is enabled
High
10/9-2024
Express.js
express vulnerable to XSS via response.redirect()
Low
10/9-2024
pillarjs/send
send vulnerable to template injection that can lead to XSS
Low
4/9-2024
Sigstore-go
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Low
18/6-2024
Minder
Minder affected by denial of service from maliciously configured Git repository
Moderate
27/5-2024
Minder
Denial of service of Minder Server from maliciously crafted GitHub attestations
Moderate
20/5-2024
Minder
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Moderate
16/5-2024
Minder
Denial of service of Minder Server with attacker-controlled REST endpoint
Moderate
15/5-2024
fastify-secure-session
@fastify/secure-session: Reuse of destroyed secure session cookie
High
7/5-2024
Minder
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
10/4-2024
Sigstore Cosign
Cosign malicious attachments can cause system-wide denial of service
Moderate
10/4-2024
Sigstore Cosign
Cosign malicious artifacts can cause machine-wide DoS
Moderate
3/1-2024
CubeFS
Authenticated users can crash the CubeFS servers with maliciously crafted requests
High
3/1-2024
CubeFS
CubeFS timing attack can leak user passwords
High
3/1-2024
CubeFS
Insecure random string generator used for sensitive data
High
3/1-2024
CubeFS
CubeFS leaks magic secret key when starting Blobstore access service
High
3/1-2024
CubeFS
CubeFS leaks users key in logs
Moderate
27/11-2023
Knative Serving
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Moderate
13/11-2023
Kyverno
Attacker can cause Kyverno user to unintentionally consume insecure image
High
7/11-2023
Sigstore Cosign
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Low
7/11-2023
Crossplane
Possible image tampering from missing image validation for Packages
High
29/9-2023
Apache Avro Java SDK
Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK
High
27/7-2023
Crossplane
Denial of service from large image
Low
16/7-2023
Avro
avro vulnerable to denial of service via attacker-controlled parameter
High
13/07-2023
Istio
Unauthenticated control plane denial of service attack in Istio
High
6/6-2023
Notation
Notation vulnerable to denial of service from high number of artifact signatures
Moderate
6/6-2023
Notation
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Moderate
6/6-2023
Notation-go
notation-go's verification bypass can cause users to verify the wrong artifact
Moderate
11/5-2023
Vitess
VTAdmin users that can create shards can deny access to other functions
Moderate
3/5-2023
Rekor
Rekor's compressed archives can result in OOM conditions
High
11/4-2023
Vitess
Vitess allows users to create keyspaces that can deny access to already existing keyspaces
Moderate
9/3-2023
Crossplane-runtime
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
Moderate
9/3-2023
Crossplane
Crossplane-runtime contains Improper Input Validation via Compositions
Moderate
20/2-2023
Helm
notation-go has excessive memory allocation on verification
High
16/2-2023
containerd
OCI image importer memory exhaustion
Moderate
27/1-2023
ArgoCD
Argo CD certificate verification is skipped for connections to OIDC providers
High
14/12-2022
Helm
Helm vulnerable to denial of service through string value parsing
Moderate
14/12-2022
Helm
Helm vulnerable to denial of service through through repository index file
Moderate
14/12-2022
Helm
Helm vulnerable to denial of service through schema file
Moderate
14/10-2022
Golang
Reader.Read does not set a limit on the maximum size
High
14/10-2022
Golang
golang.org/x/text/language Denial of service via crafted Accept-Language header
High
3/10-2022
Jackson-Databind
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
24/8-2022
Helm
Helm Vulnerable to denial of service through string value parsing
Moderate
24/8-2022
Jackson-Databind
Uncontrolled Resource Consumption in Jackson-databind
High
12/7-2022
ArgoCD
Argo CD SSO users vulnerable to Cross-site Scripting
Low
13/7-2022
containerd
Insecure path traversal in Git Trigger Source can lead to arbitrary file read
High
11/7-2022
KubeEdge
KubeEdge Edge ServiceBus module DoS
Moderate
11/7-2022
KubeEdge
KubeEdge Cloud AdmissionController component DoS
Moderate
11/7-2022
KubeEdge
KubeEdge DoS when signing the CSR from EdgeCore
Moderate
11/7-2022
KubeEdge
KubeEdge CloudCore Router memory exhaustion vulnerability
Moderate
11/7-2022
KubeEdge
KubeEdge Cloud Stream and Edge Stream DoS from large stream message
Moderate
11/7-2022
KubeEdge
DoS in KubeEdge's Websocket Client in package Viaduct
Moderate
26/6-2022
KubeEdge
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server
Moderate
24/6-2022
KubeEdge
CloudCore UDS Server: Malicious Message can crash CloudCore
Moderate
21/6-2022
ArgoCD
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
High
21/6-2022
ArgoCD
Argo CD's external URLs for Deployments can include JavaScript
Critical
21/6-2022
ArgoCD
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
21/6-2022
ArgoCD
DoS through large manifest files in Argo CD
Moderate
6/6-2022
cri-o
Node DOS by way of memory exhaustion through ExecSync request in CRI-O
High
6/6-2022
containerd
containerd CRI plugin: Host memory exhaustion through ExecSync
Moderate
11/11-2021
FluxCD kustomize-controller
Privilege escalation to cluster admin on multi-tenant environments
High
