OSV - Open Source Vulnerabilities

MINI-xxgc-4mvf-3m7m

MinimOS/contour-1.32

See record for full details

3 days ago

No fix available

MINI-2995-4ff3-cp4p

MinimOS/contour-1.31

See record for full details

3 days ago

No fix available

CLEANSTART-2026-BM78291

CleanStart/dex

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU

11 Jun

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-SQ76279

CleanStart/dex

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU

11 Jun

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-XC13942

CleanStart/mountpoint-s3-csi-driver

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service

11 Jun

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-VN16911

CleanStart/wave

ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label

10 Jun

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-CP20786

CleanStart/nats-streaming

Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU

10 Jun

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-GZ11549

CleanStart/certificate-transparency-trillian-ctserver

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations

10 Jun

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-EU52554

CleanStart/gostatsd

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files

10 Jun

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-RF77222

CleanStart/wave

ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label

10 Jun

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-LA96053

CleanStart/wave

ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label

10 Jun

Fix available
Severity - 9.8 (Critical)

MINI-6fg3-q8f7-wfq7

MinimOS/logto-1.39

See record for full details

09 Jun

No fix available

CLEANSTART-2026-NT30039

CleanStart/spire-server-fips

Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2025-61732, CVE-2025-68121, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-33811, CVE-2026-33814, CVE-2026-33816, CVE-2026-34986, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-41889, CVE-2026-42499, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-4659, CVE-2026-46595, CVE-2026-46597, ghsa-273p-m2cw-6833, ghsa-4c4x-jm2x-pf9j, ghsa-4qg8-fj49-pxjh, ghsa-846p-jg2w-w324, ghsa-fcv2-xgw5-pqxf, ghsa-fphv-w9fq-2525, ghsa-jqc5-w2xx-5vq4, ghsa-whqx-f9j3-ch6m, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.13.3-r0, 1.14.1-r0, 1.14.1-r1, 1.14.1-r2, 1.14.5-r0, 1.14.5-r1

08 Jun

Fix available

CLEANSTART-2026-VX15911

CleanStart/kube-state-metrics

Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2

08 Jun

Fix available

CLEANSTART-2026-YG71543

CleanStart/vault

Security fixes for CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-32952, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-33816, CVE-2026-34040, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39883, CVE-2026-41602, CVE-2026-41889, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-44503, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-7j59-v9qr-6fq9, ghsa-j88v-2chj-qfwx, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-wf45-q9ch-q8gh, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.21.4-r0, 1.21.4-r1, 1.21.4-r2, 1.21.4-r3, 1.21.4-r4, 1.21.4-r5

08 Jun

Fix available

CLEANSTART-2026-XV65906

CleanStart/kube-state-metrics

08 Jun

Fix available