Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
CLEANSTART-2026-WB12909
  • CleanStart/kyverno-policy-reporter-kyverno-plugin-fips
 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions 16 Apr
  • Fix available
  • Severity - 9.8 (Critical)
CLEANSTART-2026-GK29346
  • CleanStart/kyverno-policy-reporter-kyverno-plugin-fips
 Security fixes for CVE-2025-15558, CVE-2025-47907, CVE-2025-66564, CVE-2026-1229, CVE-2026-22039, CVE-2026-22703, CVE-2026-22772, CVE-2026-23831, CVE-2026-23881, CVE-2026-24051, CVE-2026-24117, CVE-2026-24137, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-29wx-vh33-7x7r, ghsa-2x5j-vhc8-9cwm, ghsa-459x-q9hg-4gpq, ghsa-4qg8-fj49-pxjh, ghsa-4vq8-7jfc-9cvp, ghsa-6m8w-jc87-6cr7, ghsa-88jx-383q-w4qc, ghsa-95pr-fxf5-86gv, ghsa-c5q2-7r4c-mv6g, ghsa-c6gw-w398-hv78, ghsa-c77r-fh37-x2px, ghsa-f83f-xpx7-ffpw, ghsa-fv92-fjc5-jj9h, ghsa-jrr2-x33p-6hvc, ghsa-mh63-6h87-95cp, ghsa-mqqf-5wvp-8fh8, ghsa-p77j-4mvh-x3m3, ghsa-qjvc-p88j-j9rm, ghsa-r5p3-955p-5ggq, ghsa-v23v-6jw2-98fq, ghsa-v6v8-xj6m-xwqh, ghsa-xw73-rw38-6vjc applied in versions: 1.4.2-r2, 1.4.2-r4, 1.4.2-r6, 1.4.2-r7 01 Apr
  • Fix available
CLEANSTART-2026-PD17156
  • CleanStart/kyverno-policy-reporter-kyverno-plugin-fips
 Cancelling a query (e 30 Jan
  • Fix available
  • Severity - 9.8 (Critical)
GO-2024-2718
  • Go/github.com/sigstore/cosign
  • Go/github.com/sigstore/cosign/v2
 Cosign malicious attachments can cause system-wide denial of service in github.com/sigstore/cosign 05 Jun 2024
  • Fix available
BIT-cosign-2024-29902
  • Bitnami/cosign
 Cosign vulnerable to system-wide denial of service via malicious attachments 12 Apr 2024
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-88jx-383q-w4qc
  • Go/github.com/sigstore/cosign
  • Go/github.com/sigstore/cosign/v2
 Cosign malicious attachments can cause system-wide denial of service 11 Apr 2024
  • Fix available
  • Severity - 4.2 (Medium)
CVE-2024-29902
  • github.com/sigstore/cosign
 Cosign vulnerable to system-wide denial of service via malicious attachments 10 Apr 2024
  • Fix available
  • Severity - 4.2 (Medium)