OSV - Open Source Vulnerabilities

CLEANSTART-2026-PO27799

CleanStart/keycloak

Security fixes for CVE-2017-12158, CVE-2017-12159, CVE-2025-59250, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cbdj-484d-3x9q, ghsa-cm33-6792-r9fm, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.5.0-r2, 26.5.6-r3, 26.5.7-r0

18 May

Fix available

CLEANSTART-2026-VJ37814

CleanStart/keycloak

Security fixes for CVE-2025-59250, CVE-2026-1002, CVE-2026-33870, CVE-2026-33871, CVE-2026-39852, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cm33-6792-r9fm, ghsa-cphf-4846-3xx9, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.4.11-r0, 26.4.11-r2

18 May

Fix available

CLEANSTART-2026-DV49899

CleanStart/logstash-fips

Security fixes for CVE-2024-45993, CVE-2025-31344, CVE-2025-48924, CVE-2026-26740, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33210, CVE-2026-33810, CVE-2026-33870, ghsa-33mh-2634-fwr2, ghsa-3m6g-2423-7cp3, ghsa-72hv-8253-57qq, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-pwqr-wmgm-9rr8, ghsa-wx95-c6cv-8532 applied in versions: 9.3.0-r1, 9.3.0-r2, 9.3.1-r0, 9.3.2-r0

18 May

Fix available

CLEANSTART-2026-RN56220

CleanStart/stargate

Security fixes for CVE-2015-3254, CVE-2018-10237, CVE-2018-11798, CVE-2018-1320, CVE-2018-20200, CVE-2019-0205, CVE-2020-8908, CVE-2021-0341, CVE-2021-41973, CVE-2022-1471, CVE-2022-24823, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-41881, CVE-2023-2976, CVE-2023-34462, CVE-2023-44487, CVE-2023-46120, CVE-2024-13009, CVE-2024-29025, CVE-2024-40094, CVE-2024-47535, CVE-2024-6763, CVE-2024-7254, CVE-2025-11143, CVE-2025-25193, CVE-2025-46392, CVE-2025-48734, CVE-2025-48924, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2026-1225, CVE-2026-21452, CVE-2026-27315, CVE-2026-32588, CVE-2026-33870, CVE-2026-33871, CVE-2026-41409, CVE-2026-41417, CVE-2026-41635, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42586, CVE-2026-42587, CVE-2026-42778, CVE-2026-42779, CVE-2026-44248, ghsa-269q-hmxg-m83q, ghsa-389x-839f-4rhx, ghsa-38f8-5428-x5cv, ghsa-3cqm-mf7h-prrj, ghsa-3p8m-j85q-pgmj, ghsa-45q3-82m4-75jr, ghsa-4gg5-vx3j-xwc7, ghsa-57rv-r2g8-2cj3, ghsa-5jpm-x58v-624v, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-72hv-8253-57qq, ghsa-735f-pc8j-v9w8, ghsa-7g45-4rm6-3mm3, ghsa-8297-v2rf-2p32, ghsa-84h7-rjj3-6jx4, ghsa-995c-6rp3-4m4x, ghsa-cm33-6792-r9fm, ghsa-cw39-r4h6-8j3x, ghsa-f2wh-grmh-r6jm, ghsa-f6hv-jmp6-3vwv, ghsa-fghv-69vj-qj49, ghsa-fh34-c629-p8xj, ghsa-fx2c-96vj-985v, ghsa-g5ww-5jh7-63cx, ghsa-h4h5-3hr4-j3g2, ghsa-h9mq-f6q5-6c8m, ghsa-j288-q9x7-2f5v, ghsa-jfg9-48mv-9qgx, ghsa-jq43-27x9-3v86, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-mjmj-j48q-9wg2, ghsa-mm8h-8587-p46h, ghsa-mvr2-9pj6-7w5j, ghsa-prj3-ccx8-p6x4, ghsa-pvp8-3xj6-8c6x, ghsa-pwqr-wmgm-9rr8, ghsa-qffm-gf3j-6mvg, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-rgrr-p7gp-5xj7, ghsa-rj7p-rfgp-852x, ghsa-v8h7-rr48-vmmv, ghsa-vf5j-865m-mq7c, ghsa-vx85-mj8c-4qm6, ghsa-w33c-445m-f8w7, ghsa-w9fj-cfpg-grvv, ghsa-wjpw-4j6x-6rwh, ghsa-wjxj-f8rg-99wx, ghsa-wxr5-93ph-8wr9, ghsa-xpw8-rcwv-8f8p, ghsa-xq3w-v528-46rv, ghsa-xwmg-2g98-w7v9, ghsa-xxqh-mfjm-7mv9 applied in versions: 2.0.44-r4, 2.0.44-r5, 2.0.44-r6

18 May

Fix available

CLEANSTART-2026-GX01236

CleanStart/keycloak

Security fixes for CVE-2017-12158, CVE-2017-12159, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-4cx2-fc23-5wg6, ghsa-5rfx-cp42-p624, ghsa-72hv-8253-57qq, ghsa-84h7-rjj3-6jx4, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cbdj-484d-3x9q, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-pwqr-wmgm-9rr8, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp applied in versions: 26.1.4-r1, 26.5.0-r0, 26.5.0-r1, 26.5.0-r2, 26.5.5-r0, 26.5.5-r1, 26.5.6-r3

18 May

Fix available

CLEANSTART-2026-GH89210

CleanStart/cassandra-reaper-fips

Security fixes for CVE-2015-0886, CVE-2020-8908, CVE-2022-1471, CVE-2022-24823, CVE-2022-38752, CVE-2022-41854, CVE-2023-2976, CVE-2023-34462, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-47535, CVE-2024-6763, CVE-2024-8184, CVE-2024-9823, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-48734, CVE-2025-48924, CVE-2025-52999, CVE-2025-58057, CVE-2026-1225, CVE-2026-23901, CVE-2026-44431, CVE-2026-44432, ghsa-25qh-j22f-pwp8, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-4g8c-wm8x-jfhw, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-72hv-8253-57qq, ghsa-7g45-4rm6-3mm3, ghsa-9h6p-92jq-888x, ghsa-9w3m-gqgf-c4p9, ghsa-c4qc-4q9p-m9q9, ghsa-g8m5-722r-8whq, ghsa-gc5v-m9x4-r6x2, ghsa-h46c-h94j-95f3, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jc7h-c423-mpjc, ghsa-mf9v-mfxr-j63j, ghsa-mjmj-j48q-9wg2, ghsa-pr98-23f8-jwxv, ghsa-q4rv-gq96-w7c5, ghsa-qccp-gfcp-xxvc, ghsa-qh8g-58pp-2wxh, ghsa-qqpg-mvqg-649v, ghsa-w37g-rhq8-7m4j, ghsa-wjpw-4j6x-6rwh, ghsa-wxr5-93ph-8wr9, ghsa-xq3w-v528-46rv applied in versions: 3.6.1-r0, 3.6.1-r1, 3.6.1-r2, 3.6.1-r3, 3.6.1-r4

18 May

Fix available

MINI-c7m8-ggg3-2j6p

MinimOS/cube-1.4

See record for full details

16 May

No fix available

MINI-x3j7-8gmh-c6pj

MinimOS/cube-1.6

See record for full details

16 May

No fix available

MINI-x9fc-c5p8-vw58

MinimOS/elasticsearch-fips-9.4
MinimOS/elasticsearch-fips-9.4-advanced-compat
MinimOS/elasticsearch-fips-9.4-oci-entrypoint

See record for full details

13 May

No fix available

MINI-g968-h5vf-w82f

MinimOS/elasticsearch-9.4
MinimOS/elasticsearch-9.4-advanced-compat
MinimOS/elasticsearch-9.4-oci-entrypoint

See record for full details

13 May

No fix available

MINI-w7cm-2wjh-q838

MinimOS/celeborn
MinimOS/celeborn-compat

See record for full details

28 Apr

No fix available

MINI-8r82-8hqf-rhg6

MinimOS/trino
MinimOS/trino-config
MinimOS/trino-oci-entrypoint
MinimOS/trino-plugin-ai-functions
MinimOS/trino-plugin-bigquery
... 52 more

See record for full details

27 Apr

No fix available

MINI-rr35-j87x-jv38

MinimOS/trino-fips
MinimOS/trino-fips-config
MinimOS/trino-fips-oci-entrypoint
MinimOS/trino-fips-plugin-ai-functions
MinimOS/trino-fips-plugin-bigquery
... 52 more

See record for full details

26 Apr

No fix available

MINI-w9ch-6rqp-h7fg

MinimOS/kafka-3.8-fips
MinimOS/kafka-3.8-fips-libs

See record for full details

20 Apr

No fix available

MINI-4cwm-p6m9-9jf2

MinimOS/kafka-3.7-fips
MinimOS/kafka-3.7-fips-libs

See record for full details

20 Apr

No fix available

CLEANSTART-2026-FA60324

CleanStart/keycloak

It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session

15 Apr

Fix available
Severity - 9.8 (Critical)