Openshift pipelines

This hub aggregates every CVE we track for Openshift pipelines, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Openshift pipelines.

• CVE-2026-10840Openshift-pipelines-operator-rh: openshift-pipelines-operator: tekton-scheduler-rolebinding grants system:authenticated write access to kueue and cert-manager resources7.1Jun 4, 2026
• CVE-2026-32281Inefficient policy validation in crypto/x5097.5Apr 8, 2026
• CVE-2026-32280Unexpected work during chain building in crypto/x5097.5Apr 8, 2026
• CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar5.5Apr 8, 2026
• CVE-2026-33810Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x5098.2Apr 8, 2026
• CVE-2026-32289JsBraceDepth Context Tracking Bugs (XSS) in html/template6.1Apr 8, 2026
• CVE-2026-27903minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments7.5Feb 26, 2026
• CVE-2025-11065Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure5.3Jan 26, 2026
• CVE-2025-69413In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.5.3Jan 1, 2026
• CVE-2025-68938Gitea before 1.25.2 mishandles authorization for deletion of releases.4.3Dec 26, 2025
• CVE-2025-66471urllib3 Streaming API improperly handles highly compressed data7.5Dec 5, 2025
• CVE-2025-66418urllib3 allows an unbounded number of links in the decompression chain7.5Dec 5, 2025
• CVE-2025-11621Vault AWS auth method bypass due to AWS client cache8.1Oct 23, 2025
• CVE-2025-8556Github.com/cloudflare/circl: circl-fourq: missing and wrong validation can lead to incorrect results3.7Aug 6, 2025
• CVE-2025-50182urllib3 does not control redirects in browsers and Node.js5.3Jun 19, 2025