Openshift dev spaces

This hub aggregates every CVE we track for Openshift dev spaces, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Openshift dev spaces.

• CVE-2026-43512Apache Tomcat: Digest authenticator will authenticate any unknown user9.8May 12, 2026
• CVE-2026-32281Inefficient policy validation in crypto/x5097.5Apr 8, 2026
• CVE-2026-32280Unexpected work during chain building in crypto/x5097.5Apr 8, 2026
• CVE-2026-32283Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls7.5Apr 8, 2026
• CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar5.5Apr 8, 2026
• CVE-2026-32289JsBraceDepth Context Tracking Bugs (XSS) in html/template6.1Apr 8, 2026
• CVE-2026-33748BuildKit Git URL subdir component can cause access to restricted files7.5Mar 27, 2026
• CVE-2026-33433Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField8.8Mar 27, 2026
• CVE-2026-33747BuildKit vulnerable to malicious frontend causing file escape outside of storage root8.4Mar 27, 2026
• CVE-2026-31802node-tar Symlink Path Traversal via Drive-Relative Linkpath5.5Mar 9, 2026
• CVE-2026-27903minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments7.5Feb 26, 2026
• CVE-2026-25727time affected by a stack exhaustion denial of service attack6.5Feb 6, 2026
• CVE-2026-1761Libsoup: stack-based buffer overflow in libsoup multipart response parsingmultipart http response8.6Feb 2, 2026
• CVE-2026-1299email BytesGenerator header injection due to unquoted newlines7.1Jan 23, 2026
• CVE-2025-12781base64.b64decode() always accepts "+/" characters, despite setting altchars5.3Jan 21, 2026