Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-MH63-6H87-95CP
Vulnerability from github – Published: 2025-03-21 22:04 – Updated: 2025-04-10 13:02Summary
Function parse.ParseUnverified currently splits (via a call to strings.Split) its argument (which is untrusted data) on periods.
As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: CWE-405: Asymmetric Resource Consumption (Amplification)
Details
Impact
Excessive memory allocation
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/golang-jwt/jwt/v5"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0-rc.1"
},
{
"fixed": "5.2.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/golang-jwt/jwt/v4"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/golang-jwt/jwt"
},
"ranges": [
{
"events": [
{
"introduced": "3.2.0"
},
{
"last_affected": "3.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-30204"
],
"database_specific": {
"cwe_ids": [
"CWE-405"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-21T22:04:00Z",
"nvd_published_at": "2025-03-21T22:15:26Z",
"severity": "HIGH"
},
"details": "### Summary\n\nFunction [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods.\n\nAs a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html)\n\n### Details\n\nSee [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) \n\n### Impact\n\nExcessive memory allocation",
"id": "GHSA-mh63-6h87-95cp",
"modified": "2025-04-10T13:02:34Z",
"published": "2025-03-21T22:04:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"type": "WEB",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"type": "WEB",
"url": "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb"
},
{
"type": "PACKAGE",
"url": "https://github.com/golang-jwt/jwt"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250404-0002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "jwt-go allows excessive memory allocation during header parsing"
}
cleanstart-2026-nt80635
Vulnerability from cleanstart
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-cd-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.7-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-NT80635",
"modified": "2026-05-11T04:36:10Z",
"published": "2026-05-18T13:32:10.824900Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-NT80635.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-29181"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34165"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-35469"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39883"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41506"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2v5j-vhc3-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2vgg-9h3w-qbr4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2xsj-vh29-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3wgm-2mw2-vh5m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3xc5-wrhm-f963"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4x4m-3c2p-qppc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-92cp-5422-2m47"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-93mq-9ffx-83m2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gm2x-2g9h-ccm8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hfvc-g4fc-pqhx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hj2p-8wj8-pfq4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jhf3-xxhw-2wpp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh2q-q3fh-2475"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh63-6h87-95cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mw99-9chc-xw7r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pc3f-x583-g7j2"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29181"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34165"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35469"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39883"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41506"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, CVE-2026-29181, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, CVE-2026-35469, CVE-2026-39883, CVE-2026-41506, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-3xc5-wrhm-f963, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-gm2x-2g9h-ccm8, ghsa-hfvc-g4fc-pqhx, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-jhf3-xxhw-2wpp, ghsa-mh2q-q3fh-2475, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-pc3f-x583-g7j2 applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0, 3.3.2-r1, 3.3.3-r0, 3.3.4-r0, 3.3.7-r0",
"upstream": [
"CVE-2025-55190",
"CVE-2025-55191",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-59537",
"CVE-2025-59538",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"CVE-2026-1229",
"CVE-2026-24051",
"CVE-2026-25934",
"CVE-2026-29181",
"CVE-2026-33186",
"CVE-2026-33762",
"CVE-2026-34165",
"CVE-2026-35469",
"CVE-2026-39883",
"CVE-2026-41506",
"ghsa-2v5j-vhc3-9cwm",
"ghsa-2vgg-9h3w-qbr4",
"ghsa-2xsj-vh29-9cwm",
"ghsa-37cx-329c-33x3",
"ghsa-3wgm-2mw2-vh5m",
"ghsa-3xc5-wrhm-f963",
"ghsa-4x4m-3c2p-qppc",
"ghsa-6v2p-p543-phr9",
"ghsa-92cp-5422-2m47",
"ghsa-93mq-9ffx-83m2",
"ghsa-f6x5-jh6r-wrfv",
"ghsa-gm2x-2g9h-ccm8",
"ghsa-hfvc-g4fc-pqhx",
"ghsa-hj2p-8wj8-pfq4",
"ghsa-j5w8-q4qc-rx2x",
"ghsa-jhf3-xxhw-2wpp",
"ghsa-mh2q-q3fh-2475",
"ghsa-mh63-6h87-95cp",
"ghsa-mw99-9chc-xw7r",
"ghsa-pc3f-x583-g7j2"
]
}
cleanstart-2026-nv34418
Vulnerability from cleanstart
Multiple security vulnerabilities affect the argo-cd-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-cd-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.8.-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-cd-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-NV34418",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T16:04:54.566695Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-NV34418"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2X5J-VHC8-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-3WGM-2GW2-VH5M"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-92CP-5422-2M47"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-C6GW-W398-HV78"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-JGFP-53C3-624W"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-PWHC-RPQ9-4C8W"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-VV39-3W5Q-974Q"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate",
"upstream": [
"CVE-2025-55190",
"CVE-2025-55191",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-59537",
"CVE-2025-59538",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"GHSA-2V5J-VHC3-9CWM",
"GHSA-2VGG-9H3W-QBR4",
"GHSA-2X5J-VHC8-9CWM",
"GHSA-2XSJ-VH29-9CWM",
"GHSA-3WGM-2GW2-VH5M",
"GHSA-3WGM-2MW2-VH5M",
"GHSA-4X4M-3C2P-QPPC",
"GHSA-6V2P-P543-PHR9",
"GHSA-92CP-5422-2M47",
"GHSA-93MQ-9FFX-83M2",
"GHSA-C6GW-W398-HV78",
"GHSA-F6X5-JH6R-WRFV",
"GHSA-J5W8-Q4QC-RX2X",
"GHSA-JGFP-53C3-624W",
"GHSA-MH63-6H87-95CP",
"GHSA-MW99-9CHC-XW7R",
"GHSA-PWHC-RPQ9-4C8W",
"GHSA-VV39-3W5Q-974Q"
]
}
cleanstart-2026-oa33370
Vulnerability from cleanstart
Multiple security vulnerabilities affect the argo-cd-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-cd-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.9-r4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-cd-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-OA33370",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T15:57:24.977544Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-OA33370"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate",
"upstream": [
"CVE-2025-55190",
"CVE-2025-55191",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-59537",
"CVE-2025-59538",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"GHSA-2V5J-VHC3-9CWM",
"GHSA-2XSJ-VH29-9CWM",
"GHSA-4X4M-3C2P-QPPC",
"GHSA-6V2P-P543-PHR9",
"GHSA-93MQ-9FFX-83M2",
"GHSA-F6X5-JH6R-WRFV",
"GHSA-J5W8-Q4QC-RX2X",
"GHSA-MH63-6H87-95CP"
]
}
cleanstart-2026-oi08379
Vulnerability from cleanstart
Multiple security vulnerabilities affect the harbor-fips package. Cancelling a query (e. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "harbor-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.12.4-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the harbor-fips package. Cancelling a query (e. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-OI08379",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T15:32:54.729863Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-OI08379"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-9H84-QMV7-982P"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-RQ77-P4H8-4CRW"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-VVGC-356P-C3XW"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Cancelling a query (e",
"upstream": [
"CVE-2025-4673",
"CVE-2025-47907",
"GHSA-9H84-QMV7-982P",
"GHSA-MH63-6H87-95CP",
"GHSA-RQ77-P4H8-4CRW",
"GHSA-VVGC-356P-C3XW"
]
}
cleanstart-2026-om95908
Vulnerability from cleanstart
Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "opentofu-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.4-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the opentofu-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-OM95908",
"modified": "2026-03-20T04:48:45Z",
"published": "2026-04-01T09:38:28.220463Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-OM95908.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47913"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47914"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58181"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2464-8j7c-4cjm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2x5j-vhc8-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c6gw-w398-hv78"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fv92-fjc5-jj9h"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hcg3-q754-cr77"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jc7w-c686-c4v9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh63-6h87-95cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qxp5-gwg8-xv66"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r92c-9c7f-3pj8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vvgc-356p-c3xw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-wjrx-6529-hcj3"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-1229, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-2464-8j7c-4cjm, ghsa-2x5j-vhc8-9cwm, ghsa-6v2p-p543-phr9, ghsa-c6gw-w398-hv78, ghsa-fv92-fjc5-jj9h, ghsa-hcg3-q754-cr77, ghsa-jc7w-c686-c4v9, ghsa-mh63-6h87-95cp, ghsa-p77j-4mvh-x3m3, ghsa-qxp5-gwg8-xv66, ghsa-r92c-9c7f-3pj8, ghsa-vvgc-356p-c3xw, ghsa-wjrx-6529-hcj3 applied in versions: 1.10.7-r0, 1.10.7-r1, 1.11.4-r0, 1.11.5-r0, 1.11.5-r1, 1.11.5-r2, 1.9.4-r0",
"upstream": [
"CVE-2025-47913",
"CVE-2025-47914",
"CVE-2025-58181",
"CVE-2025-61727",
"CVE-2025-61729",
"CVE-2026-1229",
"CVE-2026-24051",
"CVE-2026-25679",
"CVE-2026-27139",
"CVE-2026-27142",
"CVE-2026-33186",
"ghsa-2464-8j7c-4cjm",
"ghsa-2x5j-vhc8-9cwm",
"ghsa-6v2p-p543-phr9",
"ghsa-c6gw-w398-hv78",
"ghsa-fv92-fjc5-jj9h",
"ghsa-hcg3-q754-cr77",
"ghsa-jc7w-c686-c4v9",
"ghsa-mh63-6h87-95cp",
"ghsa-p77j-4mvh-x3m3",
"ghsa-qxp5-gwg8-xv66",
"ghsa-r92c-9c7f-3pj8",
"ghsa-vvgc-356p-c3xw",
"ghsa-wjrx-6529-hcj3"
]
}
cleanstart-2026-ox06978
Vulnerability from cleanstart
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-cd-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.1-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-OX06978",
"modified": "2026-03-13T12:42:57Z",
"published": "2026-04-01T09:53:21.567659Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-OX06978.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2v5j-vhc3-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2vgg-9h3w-qbr4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2xsj-vh29-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3wgm-2mw2-vh5m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4x4m-3c2p-qppc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-92cp-5422-2m47"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-93mq-9ffx-83m2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hj2p-8wj8-pfq4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh63-6h87-95cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mw99-9chc-xw7r"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0, 3.3.1-r1",
"upstream": [
"CVE-2025-55190",
"CVE-2025-55191",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-59537",
"CVE-2025-59538",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"CVE-2026-1229",
"CVE-2026-24051",
"CVE-2026-25934",
"ghsa-2v5j-vhc3-9cwm",
"ghsa-2vgg-9h3w-qbr4",
"ghsa-2xsj-vh29-9cwm",
"ghsa-37cx-329c-33x3",
"ghsa-3wgm-2mw2-vh5m",
"ghsa-4x4m-3c2p-qppc",
"ghsa-6v2p-p543-phr9",
"ghsa-92cp-5422-2m47",
"ghsa-93mq-9ffx-83m2",
"ghsa-f6x5-jh6r-wrfv",
"ghsa-hj2p-8wj8-pfq4",
"ghsa-j5w8-q4qc-rx2x",
"ghsa-mh63-6h87-95cp",
"ghsa-mw99-9chc-xw7r"
]
}
cleanstart-2026-pd17156
Vulnerability from cleanstart
Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. Cancelling a query (e. See references for individual vulnerability details.
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kyverno-policy-reporter-kyverno-plugin-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.2-r4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. Cancelling a query (e. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-PD17156",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T15:00:22.872625Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PD17156"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2464-8J7C-4CJM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-29WX-VH33-7X7R"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2X5J-VHC8-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-459X-Q9HG-4GPQ"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-4QG8-FJ49-PXJH"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-4VQ8-7JFC-9CVP"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6M8W-JC87-6CR7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-88JX-383Q-W4QC"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-C5Q2-7R4C-MV6G"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-C6GW-W398-HV78"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-C77R-FH37-X2PX"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-F83F-XPX7-FFPW"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-FV92-FJC5-JJ9H"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-JRR2-X33P-6HVC"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-QJVC-P88J-J9RM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-R5P3-955P-5GGQ"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Cancelling a query (e",
"upstream": [
"CVE-2025-47907",
"GHSA-2464-8J7C-4CJM",
"GHSA-29WX-VH33-7X7R",
"GHSA-2X5J-VHC8-9CWM",
"GHSA-459X-Q9HG-4GPQ",
"GHSA-4QG8-FJ49-PXJH",
"GHSA-4VQ8-7JFC-9CVP",
"GHSA-6M8W-JC87-6CR7",
"GHSA-88JX-383Q-W4QC",
"GHSA-C5Q2-7R4C-MV6G",
"GHSA-C6GW-W398-HV78",
"GHSA-C77R-FH37-X2PX",
"GHSA-F83F-XPX7-FFPW",
"GHSA-FV92-FJC5-JJ9H",
"GHSA-JRR2-X33P-6HVC",
"GHSA-MH63-6H87-95CP",
"GHSA-QJVC-P88J-J9RM",
"GHSA-R5P3-955P-5GGQ"
]
}
cleanstart-2026-pg91940
Vulnerability from cleanstart
Multiple security vulnerabilities affect the harbor-registry package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "harbor-registry"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.0.1-r2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the harbor-registry package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-PG91940",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T15:31:24.365282Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PG91940"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-HCG3-Q754-CR77"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-QXP5-GWG8-XV66"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-VVGC-356P-C3XW"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines",
"upstream": [
"CVE-2025-22871",
"CVE-2025-4673",
"CVE-2025-47907",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"CVE-2025-61727",
"CVE-2025-61729",
"GHSA-F6X5-JH6R-WRFV",
"GHSA-HCG3-Q754-CR77",
"GHSA-J5W8-Q4QC-RX2X",
"GHSA-MH63-6H87-95CP",
"GHSA-QXP5-GWG8-XV66",
"GHSA-VVGC-356P-C3XW"
]
}
cleanstart-2026-pn58989
Vulnerability from cleanstart
Multiple security vulnerabilities affect the argo-cd package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-cd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-cd package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-PN58989",
"modified": "2026-02-23T12:58:32Z",
"published": "2026-02-24T00:45:20.977848Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-PN58989"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-37CX-329C-33X3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-92CP-5422-2M47"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate",
"upstream": [
"CVE-2025-55190",
"CVE-2025-55191",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-59537",
"CVE-2025-59538",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"GHSA-2V5J-VHC3-9CWM",
"GHSA-2VGG-9H3W-QBR4",
"GHSA-2XSJ-VH29-9CWM",
"GHSA-37CX-329C-33X3",
"GHSA-3WGM-2MW2-VH5M",
"GHSA-4X4M-3C2P-QPPC",
"GHSA-6V2P-P543-PHR9",
"GHSA-92CP-5422-2M47",
"GHSA-93MQ-9FFX-83M2",
"GHSA-F6X5-JH6R-WRFV",
"GHSA-HJ2P-8WJ8-PFQ4",
"GHSA-J5W8-Q4QC-RX2X",
"GHSA-MH63-6H87-95CP",
"GHSA-MW99-9CHC-XW7R"
]
}
cleanstart-2026-qb67682
Vulnerability from cleanstart
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-cd-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-QB67682",
"modified": "2026-03-19T07:11:57Z",
"published": "2026-04-01T09:43:42.917590Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-QB67682.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2v5j-vhc3-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2vgg-9h3w-qbr4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2xsj-vh29-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3wgm-2mw2-vh5m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4x4m-3c2p-qppc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-92cp-5422-2m47"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-93mq-9ffx-83m2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hj2p-8wj8-pfq4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh63-6h87-95cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mw99-9chc-xw7r"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0, 3.3.2-r1, 3.3.3-r0",
"upstream": [
"CVE-2025-55190",
"CVE-2025-55191",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-59537",
"CVE-2025-59538",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"CVE-2026-1229",
"CVE-2026-24051",
"CVE-2026-25934",
"ghsa-2v5j-vhc3-9cwm",
"ghsa-2vgg-9h3w-qbr4",
"ghsa-2xsj-vh29-9cwm",
"ghsa-37cx-329c-33x3",
"ghsa-3wgm-2mw2-vh5m",
"ghsa-4x4m-3c2p-qppc",
"ghsa-6v2p-p543-phr9",
"ghsa-92cp-5422-2m47",
"ghsa-93mq-9ffx-83m2",
"ghsa-f6x5-jh6r-wrfv",
"ghsa-hj2p-8wj8-pfq4",
"ghsa-j5w8-q4qc-rx2x",
"ghsa-mh63-6h87-95cp",
"ghsa-mw99-9chc-xw7r"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.