Openshift developer tools and services
This hub aggregates every CVE we track for Openshift developer tools and services, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
47
CVEs tracked
6
Critical
20
High
1
In CISA KEV
Severity distribution
HIGH20MEDIUM18CRITICAL6LOW3
Monthly trend
0
1
0
4
0
0
2
0
1
0
0
0
1
0
0
0
0
3
0
0
2
5
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Openshift developer tools and services.
- CVE-2026-32280Unexpected work during chain building in crypto/x5097.5
- CVE-2026-32288Unbounded allocation for old GNU sparse in archive/tar5.5
- CVE-2026-32283Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls7.5
- CVE-2026-33810Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x5098.2
- CVE-2026-32289JsBraceDepth Context Tracking Bugs (XSS) in html/template6.1
- CVE-2026-33748BuildKit Git URL subdir component can cause access to restricted files7.5
- CVE-2026-33747BuildKit vulnerable to malicious frontend causing file escape outside of storage root8.4
- CVE-2024-29371In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this tok...7.5
- CVE-2025-67639A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.3.5
- CVE-2025-67636A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.4.3
- CVE-2024-9453Jenkins-image: sensitive data disclosure when using openshift jenkins image6.5
- CVE-2025-27623Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing `config.xml` of views via REST API or CLI, allowing attackers with View/Read permission...4.3
- CVE-2025-21614go-git clients vulnerable to DoS via maliciously crafted Git server replies7.5
- CVE-2025-21613go-git has an Argument Injection via the URL field9.8
- CVE-2024-9676Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos)6.5
Product normalization is registry-driven with AI assist and human review. How it works