Action not permitted
Modal body text goes here.
Modal Title
Modal Body
GHSA-6V2P-P543-PHR9
Vulnerability from github – Published: 2025-07-18 17:27 – Updated: 2025-07-18 17:27An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/oauth2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.27.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-22868"
],
"database_specific": {
"cwe_ids": [
"CWE-1286"
],
"github_reviewed": true,
"github_reviewed_at": "2025-07-18T17:27:22Z",
"nvd_published_at": "2025-02-26T08:14:24Z",
"severity": "HIGH"
},
"details": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"id": "GHSA-6v2p-p543-phr9",
"modified": "2025-07-18T17:27:22Z",
"published": "2025-07-18T17:27:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"type": "WEB",
"url": "https://go.dev/cl/652155"
},
{
"type": "WEB",
"url": "https://go.dev/issue/71490"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability"
}
cleanstart-2026-qc30410
Vulnerability from cleanstart
Multiple security vulnerabilities affect the argo-cd-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-cd-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-cd-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-QC30410",
"modified": "2026-02-26T12:09:56Z",
"published": "2026-02-27T01:01:12.325618Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-QC30410"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-37CX-329C-33X3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-92CP-5422-2M47"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-CFPF-HRX2-8RV6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate",
"upstream": [
"CVE-2025-55190",
"CVE-2025-55191",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-59537",
"CVE-2025-59538",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"GHSA-2V5J-VHC3-9CWM",
"GHSA-2VGG-9H3W-QBR4",
"GHSA-2XSJ-VH29-9CWM",
"GHSA-37CX-329C-33X3",
"GHSA-3WGM-2MW2-VH5M",
"GHSA-4X4M-3C2P-QPPC",
"GHSA-6V2P-P543-PHR9",
"GHSA-92CP-5422-2M47",
"GHSA-93MQ-9FFX-83M2",
"GHSA-CFPF-HRX2-8RV6",
"GHSA-F6X5-JH6R-WRFV",
"GHSA-HJ2P-8WJ8-PFQ4",
"GHSA-J5W8-Q4QC-RX2X",
"GHSA-MH63-6H87-95CP",
"GHSA-MW99-9CHC-XW7R"
]
}
cleanstart-2026-qf85840
Vulnerability from cleanstart
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-cd-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.9-r4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-QF85840",
"modified": "2026-03-02T11:48:00Z",
"published": "2026-04-01T10:09:04.049698Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-QF85840.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61732"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2v5j-vhc3-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2vgg-9h3w-qbr4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2x5j-vhc8-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2xsj-vh29-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3wgm-2mw2-vh5m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4x4m-3c2p-qppc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-92cp-5422-2m47"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-93mq-9ffx-83m2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hj2p-8wj8-pfq4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh63-6h87-95cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mw99-9chc-xw7r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r6j8-c6r2-37rr"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61732, CVE-2025-68121, CVE-2026-1229, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2x5j-vhc8-9cwm, ghsa-2xsj-vh29-9cwm, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r, ghsa-r6j8-c6r2-37rr applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.0.22-r0, 3.0.22-r1, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4",
"upstream": [
"CVE-2025-55190",
"CVE-2025-55191",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-59537",
"CVE-2025-59538",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"CVE-2025-61732",
"CVE-2025-68121",
"CVE-2026-1229",
"CVE-2026-25934",
"ghsa-2v5j-vhc3-9cwm",
"ghsa-2vgg-9h3w-qbr4",
"ghsa-2x5j-vhc8-9cwm",
"ghsa-2xsj-vh29-9cwm",
"ghsa-3wgm-2mw2-vh5m",
"ghsa-4x4m-3c2p-qppc",
"ghsa-6v2p-p543-phr9",
"ghsa-92cp-5422-2m47",
"ghsa-93mq-9ffx-83m2",
"ghsa-f6x5-jh6r-wrfv",
"ghsa-hj2p-8wj8-pfq4",
"ghsa-j5w8-q4qc-rx2x",
"ghsa-mh63-6h87-95cp",
"ghsa-mw99-9chc-xw7r",
"ghsa-r6j8-c6r2-37rr"
]
}
cleanstart-2026-qk02462
Vulnerability from cleanstart
Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-cd-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.7-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-QK02462",
"modified": "2026-03-13T12:42:57Z",
"published": "2026-04-01T09:54:36.812395Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-QK02462.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2v5j-vhc3-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2vgg-9h3w-qbr4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2xsj-vh29-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3wgm-2mw2-vh5m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4x4m-3c2p-qppc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-92cp-5422-2m47"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-93mq-9ffx-83m2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hj2p-8wj8-pfq4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh63-6h87-95cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mw99-9chc-xw7r"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0, 3.2.7-r1",
"upstream": [
"CVE-2025-55190",
"CVE-2025-55191",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-59537",
"CVE-2025-59538",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"CVE-2026-1229",
"CVE-2026-24051",
"CVE-2026-25934",
"ghsa-2v5j-vhc3-9cwm",
"ghsa-2vgg-9h3w-qbr4",
"ghsa-2xsj-vh29-9cwm",
"ghsa-37cx-329c-33x3",
"ghsa-3wgm-2mw2-vh5m",
"ghsa-4x4m-3c2p-qppc",
"ghsa-6v2p-p543-phr9",
"ghsa-92cp-5422-2m47",
"ghsa-93mq-9ffx-83m2",
"ghsa-f6x5-jh6r-wrfv",
"ghsa-hj2p-8wj8-pfq4",
"ghsa-j5w8-q4qc-rx2x",
"ghsa-mh63-6h87-95cp",
"ghsa-mw99-9chc-xw7r"
]
}
cleanstart-2026-qo30809
Vulnerability from cleanstart
Multiple security vulnerabilities affect the wave-fips package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "wave-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.0-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the wave-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-QO30809",
"modified": "2026-05-15T06:43:16Z",
"published": "2026-05-18T13:04:16.405944Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-QO30809.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32280"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32282"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32289"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-4v7x-pqxf-cx7m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qxp5-gwg8-xv66"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vvgc-356p-c3xw"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-4v7x-pqxf-cx7m, ghsa-6v2p-p543-phr9, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw applied in versions: 0.9.0-r1, 0.9.0-r3",
"upstream": [
"CVE-2025-61726",
"CVE-2025-61727",
"CVE-2025-61728",
"CVE-2025-61729",
"CVE-2025-61730",
"CVE-2025-68121",
"CVE-2026-25679",
"CVE-2026-27139",
"CVE-2026-27142",
"CVE-2026-32280",
"CVE-2026-32281",
"CVE-2026-32282",
"CVE-2026-32283",
"CVE-2026-32289",
"CVE-2026-33811",
"CVE-2026-33814",
"CVE-2026-39820",
"CVE-2026-39823",
"CVE-2026-39825",
"CVE-2026-39826",
"CVE-2026-39836",
"CVE-2026-42499",
"ghsa-4v7x-pqxf-cx7m",
"ghsa-6v2p-p543-phr9",
"ghsa-qxp5-gwg8-xv66",
"ghsa-vvgc-356p-c3xw"
]
}
cleanstart-2026-qz16523
Vulnerability from cleanstart
Multiple security vulnerabilities affect the modelmesh-runtime-adapter package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "modelmesh-runtime-adapter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.0-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the modelmesh-runtime-adapter package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-QZ16523",
"modified": "2026-04-13T06:46:20Z",
"published": "2026-04-14T00:44:44.379807Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-QZ16523.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-hcg3-q754-cr77"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh63-6h87-95cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qxp5-gwg8-xv66"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-v778-237x-gjrc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-vvgc-356p-c3xw"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate",
"upstream": [
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"ghsa-6v2p-p543-phr9",
"ghsa-f6x5-jh6r-wrfv",
"ghsa-hcg3-q754-cr77",
"ghsa-j5w8-q4qc-rx2x",
"ghsa-mh63-6h87-95cp",
"ghsa-qxp5-gwg8-xv66",
"ghsa-v778-237x-gjrc",
"ghsa-vvgc-356p-c3xw"
]
}
cleanstart-2026-qz70444
Vulnerability from cleanstart
Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details.
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "opentofu-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.4-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-QZ70444",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T17:24:26.605623Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-QZ70444"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47913"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47914"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58181"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2464-8J7C-4CJM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2X5J-VHC8-9CWM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-C6GW-W398-HV78"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-FV92-FJC5-JJ9H"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-HCG3-Q754-CR77"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-JC7W-C686-C4V9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-QXP5-GWG8-XV66"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-VVGC-356P-C3XW"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-WJRX-6529-HCJ3"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Within HostnameError",
"upstream": [
"CVE-2025-47913",
"CVE-2025-47914",
"CVE-2025-58181",
"CVE-2025-61727",
"CVE-2025-61729",
"GHSA-2464-8J7C-4CJM",
"GHSA-2X5J-VHC8-9CWM",
"GHSA-6V2P-P543-PHR9",
"GHSA-C6GW-W398-HV78",
"GHSA-FV92-FJC5-JJ9H",
"GHSA-HCG3-Q754-CR77",
"GHSA-JC7W-C686-C4V9",
"GHSA-MH63-6H87-95CP",
"GHSA-QXP5-GWG8-XV66",
"GHSA-VVGC-356P-C3XW",
"GHSA-WJRX-6529-HCJ3"
]
}
cleanstart-2026-rj88561
Vulnerability from cleanstart
Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "kube-state-metrics-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.14.0-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-RJ88561",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T15:03:53.732429Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-RJ88561"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-HCG3-Q754-CR77"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-QXP5-GWG8-XV66"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-VVGC-356P-C3XW"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate",
"upstream": [
"CVE-2025-61727",
"CVE-2025-61729",
"GHSA-6V2P-P543-PHR9",
"GHSA-HCG3-Q754-CR77",
"GHSA-QXP5-GWG8-XV66",
"GHSA-VVGC-356P-C3XW"
]
}
cleanstart-2026-rr90125
Vulnerability from cleanstart
Multiple security vulnerabilities affect the fluent-operator-fips package. Cancelling a query (e. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "fluent-operator-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.0-r4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the fluent-operator-fips package. Cancelling a query (e. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-RR90125",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T15:32:53.790454Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-RR90125"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Cancelling a query (e",
"upstream": [
"CVE-2025-47907",
"GHSA-6V2P-P543-PHR9"
]
}
cleanstart-2026-ry70255
Vulnerability from cleanstart
Multiple security vulnerabilities affect the stakater-reloader package. These issues are resolved in later releases. See references for individual vulnerability details.
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "stakater-reloader"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.8-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the stakater-reloader package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-RY70255",
"modified": "2026-06-02T10:49:47Z",
"published": "2026-06-08T14:48:49.642573Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-RY70255.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22868"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47911"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47912"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58190"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27137"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-42501"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-22868, CVE-2025-47911, CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6v2p-p543-phr9 applied in versions: 1.1.0-r0, 1.1.0-r1, 1.4.10-r0, 1.4.13-r0, 1.4.14-r0, 1.4.8-r0",
"upstream": [
"CVE-2025-22868",
"CVE-2025-47911",
"CVE-2025-47912",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58186",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-58190",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"CVE-2025-61729",
"CVE-2026-25679",
"CVE-2026-27137",
"CVE-2026-27138",
"CVE-2026-27139",
"CVE-2026-27142",
"CVE-2026-33811",
"CVE-2026-33814",
"CVE-2026-39817",
"CVE-2026-39819",
"CVE-2026-39820",
"CVE-2026-39823",
"CVE-2026-39825",
"CVE-2026-39826",
"CVE-2026-39836",
"CVE-2026-42499",
"CVE-2026-42501",
"ghsa-6v2p-p543-phr9"
]
}
cleanstart-2026-sb25660
Vulnerability from cleanstart
Multiple security vulnerabilities affect the falcosidekick-fips package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "falcosidekick-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.32.0-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the falcosidekick-fips package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-SB25660",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T16:44:27.197226Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-SB25660"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22871"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-265R-HFXG-FHMG"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-4VQ8-7JFC-9CVP"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-CGRX-MC8F-2PRM"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-HCG3-Q754-CR77"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-M6HQ-P25P-FFR2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-PWHC-RPQ9-4C8W"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-QXP5-GWG8-XV66"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-V23V-6JW2-98FQ"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-V778-237X-GJRC"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-VVGC-356P-C3XW"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-X84C-P2G9-RQV9"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines",
"upstream": [
"CVE-2025-22871",
"CVE-2025-4673",
"CVE-2025-47907",
"CVE-2025-58183",
"CVE-2025-58185",
"CVE-2025-58187",
"CVE-2025-58188",
"CVE-2025-58189",
"CVE-2025-61723",
"CVE-2025-61724",
"CVE-2025-61725",
"GHSA-265R-HFXG-FHMG",
"GHSA-4VQ8-7JFC-9CVP",
"GHSA-6V2P-P543-PHR9",
"GHSA-CGRX-MC8F-2PRM",
"GHSA-F6X5-JH6R-WRFV",
"GHSA-HCG3-Q754-CR77",
"GHSA-J5W8-Q4QC-RX2X",
"GHSA-M6HQ-P25P-FFR2",
"GHSA-PWHC-RPQ9-4C8W",
"GHSA-QXP5-GWG8-XV66",
"GHSA-V23V-6JW2-98FQ",
"GHSA-V778-237X-GJRC",
"GHSA-VVGC-356P-C3XW",
"GHSA-X84C-P2G9-RQV9"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.