OSV - Open Source Vulnerabilities

CLEANSTART-2026-OD47693

CleanStart/argo-workflows-fips

Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-35469, ghsa-37cx-329c-33x3, ghsa-3xc5-wrhm-f963, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0, 4.0.4-r0, 4.0.4-r1

18 May

Fix available

CLEANSTART-2026-FH54780

CleanStart/tempo

Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68119, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32285, CVE-2026-32287, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-34986, ghsa-65xw-vw82-r86x, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-cfpf-hrx2-8rv6, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-p77j-4mvh-x3m3 applied in versions: 2.10.3-r0, 2.9.0-r0

18 May

Fix available

MINI-j8p4-wcc5-8vh7

MinimOS/argo-rollouts-fips
MinimOS/kubectl-argo-rollouts-fips

See record for full details

01 May

No fix available

CLEANSTART-2026-KC83705

CleanStart/tempo

During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

15 Apr

Fix available
Severity - 9.8 (Critical)

CLEANSTART-2026-WA84208

CleanStart/tempo

Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery

15 Apr

Fix available
Severity - 9.8 (Critical)

MINI-4vm8-c3wh-cw4r

MinimOS/argo-rollouts
MinimOS/kubectl-argo-rollouts

See record for full details

13 Apr

Fix available

CLEANSTART-2026-MK40719

CleanStart/argo-workflows-fips

Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-27141, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-p84v-gxvw-73pf applied in versions: 3.6.13-r0, 3.6.15-r1, 3.6.18 r0, 3.6.18-r0, 3.7.0-r0, 3.7.3-r0

01 Apr

Fix available

CLEANSTART-2026-FX27781

CleanStart/argo-workflows-fips

Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-27141, ghsa-37cx-329c-33x3, ghsa-9h8m-3fm2-qjrq, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.10-r0, 3.7.10-r1, 3.7.10-r2, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0

01 Apr

Fix available

CLEANSTART-2026-FQ05951

CleanStart/argo-workflows-fips

Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-27141, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-p436-gjf2-799p, ghsa-p84v-gxvw-73pf applied in versions: 3.6.13-r0, 3.6.15-r1, 3.6.18-r0, 3.6.19-r0, 3.6.19-r1, 3.7.0-r0, 3.7.3-r0

01 Apr

Fix available

CLEANSTART-2026-JU62670

CleanStart/argo-cd-fips

Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2x5j-vhc8-9cwm, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2gw2-vh5m, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-c6gw-w398-hv78, ghsa-cfpf-hrx2-8rv6, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-jgfp-53c3-624w, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-pwhc-rpq9-4c8w, ghsa-r6j8-c6r2-37rr, ghsa-vv39-3w5q-974q applied in versions: 2.13.9-r0, 2.14.20-r0, 2.14.20-r1, 3.0.16-r0, 3.0.19-r0, 3.0.20-r2, 3.0.21-r0, 3.0.21-r1, 3.1.4-r0, 3.1.8.-r0

01 Apr

Fix available

CLEANSTART-2026-VJ77782

CleanStart/argo-cd-fips

Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-cfpf-hrx2-8rv6, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.3-r0, 3.2.3-r1

01 Apr

Fix available

CLEANSTART-2026-HK06185

CleanStart/argo-workflows-fips

Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0

01 Apr

Fix available

CLEANSTART-2026-PW57640

CleanStart/grafana-alloy-fips

Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-25934, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-4427, ghsa-37cx-329c-33x3, ghsa-6g7g-w4f8-9c9x, ghsa-9h8m-3fm2-qjrq, ghsa-9mj6-hxhv-w67j, ghsa-cfpf-hrx2-8rv6, ghsa-f6x5-jh6r-wrfv, ghsa-fw7p-63qq-7hpr, ghsa-j5w8-q4qc-rx2x, ghsa-jqcq-xjh3-6g23, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-x6gf-mpr2-68h6 applied in versions: 1.12.1-r0, 1.12.1-r1, 1.12.1-r2

01 Apr

Fix available

CLEANSTART-2026-OW78143

CleanStart/keda

Security fixes for CVE-2025-68156, CVE-2026-24051, CVE-2026-26958, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 2.18.3-r0, 2.18.3-r1

01 Apr

Fix available

CLEANSTART-2026-LD15132

CleanStart/opentelemetry-collector-contrib-fips

Security fixes for CVE-2020-8912, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-6g7g-w4f8-9c9x, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 0.142.0-r0, 0.144.0-r0, 0.144.0-r1, 0.144.0-r2, 0.144.0-r3

01 Apr

Fix available

CLEANSTART-2026-LS30652

CleanStart/argo-workflows-fips

Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-33186, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p436-gjf2-799p, ghsa-p77j-4mvh-x3m3, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.11-r0, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0, 3.7.9-r1, 3.7.9-r2, 4.0.2-r0

01 Apr

Fix available