Red hat openshift gitops

This hub aggregates every CVE we track for Red hat openshift gitops, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat openshift gitops.

• CVE-2026-33812Excessive memory allocation when decoding malicious SFNT in golang.org/x/image6.1Apr 21, 2026
• CVE-2026-6388Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation9.1Apr 15, 2026
• CVE-2026-32281Inefficient policy validation in crypto/x5097.5Apr 8, 2026
• CVE-2026-32280Unexpected work during chain building in crypto/x5097.5Apr 8, 2026
• CVE-2026-32283Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls7.5Apr 8, 2026
• CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar5.5Apr 8, 2026
• CVE-2026-32289JsBraceDepth Context Tracking Bugs (XSS) in html/template6.1Apr 8, 2026
• CVE-2026-33810Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x5098.2Apr 8, 2026
• CVE-2026-33748BuildKit Git URL subdir component can cause access to restricted files7.5Mar 27, 2026
• CVE-2026-33747BuildKit vulnerable to malicious frontend causing file escape outside of storage root8.4Mar 27, 2026
• CVE-2026-32285Denial of service in github.com/buger/jsonparser7.5Mar 26, 2026
• CVE-2025-11065Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure5.3Jan 26, 2026
• CVE-2025-13888Openshift-gitops-operator: openshift gitops: namespace admin cluster takeover via privileged jobs9.1Dec 15, 2025
• CVE-2025-66471urllib3 Streaming API improperly handles highly compressed data7.5Dec 5, 2025
• CVE-2025-66418urllib3 allows an unbounded number of links in the decompression chain7.5Dec 5, 2025