Vulnerability-Lookup

CVE-2025-58189 (GCVE-0-2025-58189)

Vulnerability from cvelistv5 – Published: 2025-10-29 22:10 – Updated: 2025-11-04 21:13

Title

ALPN negotiation error contains attacker controlled information in crypto/tls

Summary

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-117 - Improper Output Neutralization for Logs

Assigner

References

5 references

URL	Tags
https://go.dev/cl/707776
https://go.dev/issue/75652
https://groups.google.com/g/golang-announce/c/4Em…
https://pkg.go.dev/vuln/GO-2025-4008
http://www.openwall.com/lists/oss-security/2025/10/08/1

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/tls	Affected: 0 , < 1.24.8 (semver) Affected: 1.25.0 , < 1.25.2 (semver)

Credits

National Cyber Security Centre Finland

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-58189",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-03T19:50:48.668117Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:51:22.704Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:13:39.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/10/08/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "negotiateALPN"
            },
            {
              "name": "Conn.Handshake"
            },
            {
              "name": "Conn.HandshakeContext"
            },
            {
              "name": "Conn.Read"
            },
            {
              "name": "Conn.Write"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialWithDialer"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            },
            {
              "name": "QUICConn.Start"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.2",
              "status": "affected",
              "version": "1.25.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "National Cyber Security Centre Finland"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-117: Improper Output Neutralization for Logs",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T22:10:12.947Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/707776"
        },
        {
          "url": "https://go.dev/issue/75652"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-4008"
        }
      ],
      "title": "ALPN negotiation error contains attacker controlled information in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-58189",
    "datePublished": "2025-10-29T22:10:12.947Z",
    "dateReserved": "2025-08-27T14:50:58.692Z",
    "dateUpdated": "2025-11-04T21:13:39.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-58189",
      "date": "2026-06-28",
      "epss": "0.00443",
      "percentile": "0.35388"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-58189\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-10-29T23:16:19.833\",\"lastModified\":\"2026-06-17T09:44:02.410\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/tls\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/tls\",\"programRoutines\":[{\"name\":\"negotiateALPN\"},{\"name\":\"Conn.Handshake\"},{\"name\":\"Conn.HandshakeContext\"},{\"name\":\"Conn.Read\"},{\"name\":\"Conn.Write\"},{\"name\":\"Dial\"},{\"name\":\"DialWithDialer\"},{\"name\":\"Dialer.Dial\"},{\"name\":\"Dialer.DialContext\"},{\"name\":\"QUICConn.Start\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.24.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.25.0\",\"lessThan\":\"1.25.2\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-11-03T19:50:48.668117Z\",\"id\":\"CVE-2025-58189\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-532\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.8\",\"matchCriteriaId\":\"E1AB9501-4F7D-4E37-BA0A-4E57B082530C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.2\",\"matchCriteriaId\":\"C196D175-EF20-476C-8C64-1B9F5C50AA2D\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/707776\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/75652\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-4008\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/10/08/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/10/08/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:13:39.428Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58189\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-03T19:50:48.668117Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-30T20:34:39.827Z\"}}], \"cna\": {\"title\": \"ALPN negotiation error contains attacker controlled information in crypto/tls\", \"credits\": [{\"lang\": \"en\", \"value\": \"National Cyber Security Centre Finland\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/tls\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0\", \"lessThan\": \"1.25.2\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/tls\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"negotiateALPN\"}, {\"name\": \"Conn.Handshake\"}, {\"name\": \"Conn.HandshakeContext\"}, {\"name\": \"Conn.Read\"}, {\"name\": \"Conn.Write\"}, {\"name\": \"Dial\"}, {\"name\": \"DialWithDialer\"}, {\"name\": \"Dialer.Dial\"}, {\"name\": \"Dialer.DialContext\"}, {\"name\": \"QUICConn.Start\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/707776\"}, {\"url\": \"https://go.dev/issue/75652\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-4008\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-117: Improper Output Neutralization for Logs\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-10-29T22:10:12.947Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-58189\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T21:13:39.428Z\", \"dateReserved\": \"2025-08-27T14:50:58.692Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-10-29T22:10:12.947Z\", \"assignerShortName\": \"Go\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

cleanstart-2026-jy65496

Vulnerability from cleanstart

Published

2026-06-08 14:25

Modified

2026-06-03 09:57

Summary

Security fixes for CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-29181, CVE-2026-33186, CVE-2026-39821, CVE-2026-39824, CVE-2026-39883, CVE-2026-42502, CVE-2026-42506 applied in versions: 0.15.2-r0, 0.15.2-r1, 0.16.1-r1

Details

Multiple security vulnerabilities affect the metallb package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-47912	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58186	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2025-61729	WEB
	https://osv.dev/vulnerability/CVE-2026-25680	WEB
	https://osv.dev/vulnerability/CVE-2026-25681	WEB
	https://osv.dev/vulnerability/CVE-2026-27136	WEB
	https://osv.dev/vulnerability/CVE-2026-29181	WEB
	https://osv.dev/vulnerability/CVE-2026-33186	WEB
	https://osv.dev/vulnerability/CVE-2026-39821	WEB
	https://osv.dev/vulnerability/CVE-2026-39824	WEB
	https://osv.dev/vulnerability/CVE-2026-39883	WEB
	https://osv.dev/vulnerability/CVE-2026-42502	WEB
	https://osv.dev/vulnerability/CVE-2026-42506	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47912	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58186	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25680	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25681	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27136	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-29181	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33186	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39821	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39824	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39883	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42502	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42506	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "metallb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.16.1-r1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the metallb package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-JY65496",
  "modified": "2026-06-03T09:57:06Z",
  "published": "2026-06-08T14:25:54.410319Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-JY65496.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47912"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25680"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25681"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27136"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-29181"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39821"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39883"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42502"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42506"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25680"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25681"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27136"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29181"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39883"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42502"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42506"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-29181, CVE-2026-33186, CVE-2026-39821, CVE-2026-39824, CVE-2026-39883, CVE-2026-42502, CVE-2026-42506 applied in versions: 0.15.2-r0, 0.15.2-r1, 0.16.1-r1",
  "upstream": [
    "CVE-2025-47912",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58186",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2025-61729",
    "CVE-2026-25680",
    "CVE-2026-25681",
    "CVE-2026-27136",
    "CVE-2026-29181",
    "CVE-2026-33186",
    "CVE-2026-39821",
    "CVE-2026-39824",
    "CVE-2026-39883",
    "CVE-2026-42502",
    "CVE-2026-42506"
  ]
}

cleanstart-2026-kc01126

Vulnerability from cleanstart

Published

2026-01-30 14:48

Modified

2026-01-29 18:58

Summary

tar

Details

Multiple security vulnerabilities affect the step-issuer package. tar. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2025-62820	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-62820	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "step-issuer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.9-r1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the step-issuer package. tar. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-KC01126",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T14:48:22.721160Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KC01126"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-62820"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62820"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "tar",
  "upstream": [
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2025-62820"
  ]
}

cleanstart-2026-kk19266

Vulnerability from cleanstart

Published

2026-06-08 14:53

Modified

2026-06-02 10:36

Summary

Security fixes for CVE-2022-46146, CVE-2024-24786, CVE-2025-22871, CVE-2025-22873, CVE-2025-4673, CVE-2025-4674, CVE-2025-47906, CVE-2025-47907, CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6v2p-p543-phr9, ghsa-cgrx-mc8f-2prm, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gwg8-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.11.0-r0, 1.5.0-r0, 1.6.1-r0, 1.8.0-r3

Details

Multiple security vulnerabilities affect the prometheus-node-exporter package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2022-46146	WEB
	https://osv.dev/vulnerability/CVE-2024-24786	WEB
	https://osv.dev/vulnerability/CVE-2025-22871	WEB
	https://osv.dev/vulnerability/CVE-2025-22873	WEB
	https://osv.dev/vulnerability/CVE-2025-4673	WEB
	https://osv.dev/vulnerability/CVE-2025-4674	WEB
	https://osv.dev/vulnerability/CVE-2025-47906	WEB
	https://osv.dev/vulnerability/CVE-2025-47907	WEB
	https://osv.dev/vulnerability/CVE-2025-47912	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58186	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2025-61726	WEB
	https://osv.dev/vulnerability/CVE-2025-61727	WEB
	https://osv.dev/vulnerability/CVE-2025-61728	WEB
	https://osv.dev/vulnerability/CVE-2025-61729	WEB
	https://osv.dev/vulnerability/CVE-2025-61730	WEB
	https://osv.dev/vulnerability/CVE-2025-61731	WEB
	https://osv.dev/vulnerability/CVE-2025-61732	WEB
	https://osv.dev/vulnerability/CVE-2025-68121	WEB
	https://osv.dev/vulnerability/CVE-2026-25679	WEB
	https://osv.dev/vulnerability/CVE-2026-27139	WEB
	https://osv.dev/vulnerability/CVE-2026-27142	WEB
	https://osv.dev/vulnerability/CVE-2026-33811	WEB
	https://osv.dev/vulnerability/CVE-2026-33814	WEB
	https://osv.dev/vulnerability/CVE-2026-39817	WEB
	https://osv.dev/vulnerability/CVE-2026-39819	WEB
	https://osv.dev/vulnerability/CVE-2026-39820	WEB
	https://osv.dev/vulnerability/CVE-2026-39823	WEB
	https://osv.dev/vulnerability/CVE-2026-39825	WEB
	https://osv.dev/vulnerability/CVE-2026-39826	WEB
	https://osv.dev/vulnerability/CVE-2026-39836	WEB
	https://osv.dev/vulnerability/CVE-2026-42499	WEB
	https://osv.dev/vulnerability/CVE-2026-42501	WEB
	https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9	WEB
	https://osv.dev/vulnerability/ghsa-cgrx-mc8f-2prm	WEB
	https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv	WEB
	https://osv.dev/vulnerability/ghsa-hcg3-q754-cr77	WEB
	https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x	WEB
	https://osv.dev/vulnerability/ghsa-qxp5-gwg8-xv66	WEB
	https://osv.dev/vulnerability/ghsa-v778-237x-gjrc	WEB
	https://osv.dev/vulnerability/ghsa-vvgc-356p-c3xw	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-46146	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-24786	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-22871	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-22873	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-4673	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-4674	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47906	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47907	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47912	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58186	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61726	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61727	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61728	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61730	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61731	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61732	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68121	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25679	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27139	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27142	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33811	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33814	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39817	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39819	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39820	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39825	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39826	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39836	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42499	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42501	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "prometheus-node-exporter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.8.0-r3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the prometheus-node-exporter package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-KK19266",
  "modified": "2026-06-02T10:36:25Z",
  "published": "2026-06-08T14:53:05.234304Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KK19266.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-46146"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-24786"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-22871"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-22873"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-4673"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-4674"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47906"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47907"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47912"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61727"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61731"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61732"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33811"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33814"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39817"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39819"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39820"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39825"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39826"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39836"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42499"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42501"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cgrx-mc8f-2prm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hcg3-q754-cr77"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qxp5-gwg8-xv66"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-v778-237x-gjrc"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-vvgc-356p-c3xw"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46146"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4674"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2022-46146, CVE-2024-24786, CVE-2025-22871, CVE-2025-22873, CVE-2025-4673, CVE-2025-4674, CVE-2025-47906, CVE-2025-47907, CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-6v2p-p543-phr9, ghsa-cgrx-mc8f-2prm, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-q754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gwg8-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.11.0-r0, 1.5.0-r0, 1.6.1-r0, 1.8.0-r3",
  "upstream": [
    "CVE-2022-46146",
    "CVE-2024-24786",
    "CVE-2025-22871",
    "CVE-2025-22873",
    "CVE-2025-4673",
    "CVE-2025-4674",
    "CVE-2025-47906",
    "CVE-2025-47907",
    "CVE-2025-47912",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58186",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2025-61726",
    "CVE-2025-61727",
    "CVE-2025-61728",
    "CVE-2025-61729",
    "CVE-2025-61730",
    "CVE-2025-61731",
    "CVE-2025-61732",
    "CVE-2025-68121",
    "CVE-2026-25679",
    "CVE-2026-27139",
    "CVE-2026-27142",
    "CVE-2026-33811",
    "CVE-2026-33814",
    "CVE-2026-39817",
    "CVE-2026-39819",
    "CVE-2026-39820",
    "CVE-2026-39823",
    "CVE-2026-39825",
    "CVE-2026-39826",
    "CVE-2026-39836",
    "CVE-2026-42499",
    "CVE-2026-42501",
    "ghsa-6v2p-p543-phr9",
    "ghsa-cgrx-mc8f-2prm",
    "ghsa-f6x5-jh6r-wrfv",
    "ghsa-hcg3-q754-cr77",
    "ghsa-j5w8-q4qc-rx2x",
    "ghsa-qxp5-gwg8-xv66",
    "ghsa-v778-237x-gjrc",
    "ghsa-vvgc-356p-c3xw"
  ]
}

cleanstart-2026-ku65968

Vulnerability from cleanstart

Published

2026-01-30 16:15

Modified

2026-01-29 18:58

Summary

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Details

Multiple security vulnerabilities affect the argo-cd package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-55190	WEB
	https://osv.dev/vulnerability/CVE-2025-55191	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-59537	WEB
	https://osv.dev/vulnerability/CVE-2025-59538	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4	WEB
	https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M	WEB
	https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC	WEB
	https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9	WEB
	https://osv.dev/vulnerability/GHSA-92CP-5422-2M47	WEB
	https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2	WEB
	https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV	WEB
	https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4	WEB
	https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X	WEB
	https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP	WEB
	https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55190	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55191	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59537	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59538	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "argo-cd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.9-r4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the argo-cd package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-KU65968",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T16:15:25.445497Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KU65968"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-92CP-5422-2M47"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate",
  "upstream": [
    "CVE-2025-55190",
    "CVE-2025-55191",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-59537",
    "CVE-2025-59538",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "GHSA-2V5J-VHC3-9CWM",
    "GHSA-2VGG-9H3W-QBR4",
    "GHSA-2XSJ-VH29-9CWM",
    "GHSA-3WGM-2MW2-VH5M",
    "GHSA-4X4M-3C2P-QPPC",
    "GHSA-6V2P-P543-PHR9",
    "GHSA-92CP-5422-2M47",
    "GHSA-93MQ-9FFX-83M2",
    "GHSA-F6X5-JH6R-WRFV",
    "GHSA-HJ2P-8WJ8-PFQ4",
    "GHSA-J5W8-Q4QC-RX2X",
    "GHSA-MH63-6H87-95CP",
    "GHSA-MW99-9CHC-XW7R"
  ]
}

cleanstart-2026-kv78041

Vulnerability from cleanstart

Published

2026-01-30 14:56

Modified

2026-01-29 18:58

Summary

processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input

Details

Multiple security vulnerabilities affect the step-issuer-fips package. The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-44005	WEB
	https://osv.dev/vulnerability/CVE-2025-47913	WEB
	https://osv.dev/vulnerability/CVE-2025-47914	WEB
	https://osv.dev/vulnerability/CVE-2025-58181	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2025-61727	WEB
	https://osv.dev/vulnerability/CVE-2025-61729	WEB
	https://osv.dev/vulnerability/CVE-2025-62820	WEB
	https://osv.dev/vulnerability/CVE-2025-66406	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-44005	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47913	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47914	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58181	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61727	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-62820	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-66406	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "step-issuer-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.11-r1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the step-issuer-fips package. The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-KV78041",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T14:56:23.125184Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KV78041"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-44005"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47913"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47914"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58181"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61727"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-62820"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-66406"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44005"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62820"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66406"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input",
  "upstream": [
    "CVE-2025-44005",
    "CVE-2025-47913",
    "CVE-2025-47914",
    "CVE-2025-58181",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2025-61727",
    "CVE-2025-61729",
    "CVE-2025-62820",
    "CVE-2025-66406"
  ]
}

cleanstart-2026-kz60560

Vulnerability from cleanstart

Published

2026-01-30 16:19

Modified

2026-01-29 18:58

Summary

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Details

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-55190	WEB
	https://osv.dev/vulnerability/CVE-2025-55191	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-59537	WEB
	https://osv.dev/vulnerability/CVE-2025-59538	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4	WEB
	https://osv.dev/vulnerability/GHSA-2X5J-VHC8-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M	WEB
	https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC	WEB
	https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9	WEB
	https://osv.dev/vulnerability/GHSA-92CP-5422-2M47	WEB
	https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2	WEB
	https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV	WEB
	https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4	WEB
	https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X	WEB
	https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP	WEB
	https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R	WEB
	https://osv.dev/vulnerability/GHSA-R6J8-C6R2-37RR	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55190	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55191	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59537	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59538	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "argo-cd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.9-r4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the argo-cd package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-KZ60560",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T16:19:55.200542Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KZ60560"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2X5J-VHC8-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-92CP-5422-2M47"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-R6J8-C6R2-37RR"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate",
  "upstream": [
    "CVE-2025-55190",
    "CVE-2025-55191",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-59537",
    "CVE-2025-59538",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "GHSA-2V5J-VHC3-9CWM",
    "GHSA-2VGG-9H3W-QBR4",
    "GHSA-2X5J-VHC8-9CWM",
    "GHSA-2XSJ-VH29-9CWM",
    "GHSA-3WGM-2MW2-VH5M",
    "GHSA-4X4M-3C2P-QPPC",
    "GHSA-6V2P-P543-PHR9",
    "GHSA-92CP-5422-2M47",
    "GHSA-93MQ-9FFX-83M2",
    "GHSA-F6X5-JH6R-WRFV",
    "GHSA-HJ2P-8WJ8-PFQ4",
    "GHSA-J5W8-Q4QC-RX2X",
    "GHSA-MH63-6H87-95CP",
    "GHSA-MW99-9CHC-XW7R",
    "GHSA-R6J8-C6R2-37RR"
  ]
}

cleanstart-2026-kz63902

Vulnerability from cleanstart

Published

2026-01-30 14:41

Modified

2026-01-29 18:58

Summary

tar

Details

Multiple security vulnerabilities affect the velero-plugin-for-aws package. tar. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "velero-plugin-for-aws"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.0-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the velero-plugin-for-aws package. tar. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-KZ63902",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T14:41:22.559595Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KZ63902"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "tar",
  "upstream": [
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725"
  ]
}

cleanstart-2026-la67881

Vulnerability from cleanstart

Published

2026-05-18 13:04

Modified

2026-05-15 06:45

Summary

Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 0.10.0-r0, 0.10.0-r1, 0.11.0-r0, 0.11.0-r1, 1.13.1-r0

Details

Multiple security vulnerabilities affect the wave package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2025-61729	WEB
	https://osv.dev/vulnerability/CVE-2026-25679	WEB
	https://osv.dev/vulnerability/CVE-2026-27137	WEB
	https://osv.dev/vulnerability/CVE-2026-27138	WEB
	https://osv.dev/vulnerability/CVE-2026-27139	WEB
	https://osv.dev/vulnerability/CVE-2026-27142	WEB
	https://osv.dev/vulnerability/CVE-2026-27143	WEB
	https://osv.dev/vulnerability/CVE-2026-27144	WEB
	https://osv.dev/vulnerability/CVE-2026-32280	WEB
	https://osv.dev/vulnerability/CVE-2026-32281	WEB
	https://osv.dev/vulnerability/CVE-2026-32282	WEB
	https://osv.dev/vulnerability/CVE-2026-32283	WEB
	https://osv.dev/vulnerability/CVE-2026-32289	WEB
	https://osv.dev/vulnerability/CVE-2026-33810	WEB
	https://osv.dev/vulnerability/CVE-2026-33811	WEB
	https://osv.dev/vulnerability/CVE-2026-33814	WEB
	https://osv.dev/vulnerability/CVE-2026-39817	WEB
	https://osv.dev/vulnerability/CVE-2026-39819	WEB
	https://osv.dev/vulnerability/CVE-2026-39820	WEB
	https://osv.dev/vulnerability/CVE-2026-39823	WEB
	https://osv.dev/vulnerability/CVE-2026-39825	WEB
	https://osv.dev/vulnerability/CVE-2026-39826	WEB
	https://osv.dev/vulnerability/CVE-2026-39836	WEB
	https://osv.dev/vulnerability/CVE-2026-42499	WEB
	https://osv.dev/vulnerability/CVE-2026-42501	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25679	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27137	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27138	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27139	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27142	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27143	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27144	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32280	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32281	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32282	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32283	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32289	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33810	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33811	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33814	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39817	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39819	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39820	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39825	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39826	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39836	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42499	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42501	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "wave"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.1-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the wave package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-LA67881",
  "modified": "2026-05-15T06:45:38Z",
  "published": "2026-05-18T13:04:27.497472Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-LA67881.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27137"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27138"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27143"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27144"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32289"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33810"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33811"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33814"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39817"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39819"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39820"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39825"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39826"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39836"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42499"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42501"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-25679, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 0.10.0-r0, 0.10.0-r1, 0.11.0-r0, 0.11.0-r1, 1.13.1-r0",
  "upstream": [
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2025-61729",
    "CVE-2026-25679",
    "CVE-2026-27137",
    "CVE-2026-27138",
    "CVE-2026-27139",
    "CVE-2026-27142",
    "CVE-2026-27143",
    "CVE-2026-27144",
    "CVE-2026-32280",
    "CVE-2026-32281",
    "CVE-2026-32282",
    "CVE-2026-32283",
    "CVE-2026-32289",
    "CVE-2026-33810",
    "CVE-2026-33811",
    "CVE-2026-33814",
    "CVE-2026-39817",
    "CVE-2026-39819",
    "CVE-2026-39820",
    "CVE-2026-39823",
    "CVE-2026-39825",
    "CVE-2026-39826",
    "CVE-2026-39836",
    "CVE-2026-42499",
    "CVE-2026-42501"
  ]
}

cleanstart-2026-la96053

Vulnerability from cleanstart

Published

2026-06-10 00:57

Modified

2026-06-09 10:09

Summary

ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label

Details

Multiple security vulnerabilities affect the wave package. The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-47912	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58186	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2025-61729	WEB
	https://osv.dev/vulnerability/CVE-2026-25679	WEB
	https://osv.dev/vulnerability/CVE-2026-25680	WEB
	https://osv.dev/vulnerability/CVE-2026-25681	WEB
	https://osv.dev/vulnerability/CVE-2026-27136	WEB
	https://osv.dev/vulnerability/CVE-2026-27137	WEB
	https://osv.dev/vulnerability/CVE-2026-27138	WEB
	https://osv.dev/vulnerability/CVE-2026-27139	WEB
	https://osv.dev/vulnerability/CVE-2026-27140	WEB
	https://osv.dev/vulnerability/CVE-2026-27142	WEB
	https://osv.dev/vulnerability/CVE-2026-27143	WEB
	https://osv.dev/vulnerability/CVE-2026-27144	WEB
	https://osv.dev/vulnerability/CVE-2026-32280	WEB
	https://osv.dev/vulnerability/CVE-2026-32281	WEB
	https://osv.dev/vulnerability/CVE-2026-32282	WEB
	https://osv.dev/vulnerability/CVE-2026-32283	WEB
	https://osv.dev/vulnerability/CVE-2026-32288	WEB
	https://osv.dev/vulnerability/CVE-2026-32289	WEB
	https://osv.dev/vulnerability/CVE-2026-33810	WEB
	https://osv.dev/vulnerability/CVE-2026-33811	WEB
	https://osv.dev/vulnerability/CVE-2026-33814	WEB
	https://osv.dev/vulnerability/CVE-2026-39817	WEB
	https://osv.dev/vulnerability/CVE-2026-39819	WEB
	https://osv.dev/vulnerability/CVE-2026-39820	WEB
	https://osv.dev/vulnerability/CVE-2026-39821	WEB
	https://osv.dev/vulnerability/CVE-2026-39823	WEB
	https://osv.dev/vulnerability/CVE-2026-39825	WEB
	https://osv.dev/vulnerability/CVE-2026-39826	WEB
	https://osv.dev/vulnerability/CVE-2026-39836	WEB
	https://osv.dev/vulnerability/CVE-2026-42499	WEB
	https://osv.dev/vulnerability/CVE-2026-42501	WEB
	https://osv.dev/vulnerability/CVE-2026-42502	WEB
	https://osv.dev/vulnerability/CVE-2026-42506	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47912	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58186	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25679	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25680	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25681	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27136	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27137	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27138	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27139	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27140	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27142	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27143	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27144	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32280	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32281	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32282	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32283	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32288	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32289	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33810	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33811	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33814	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39817	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39819	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39820	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39821	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39825	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39826	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39836	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42499	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42501	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42502	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42506	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "wave"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.13.1-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the wave package. The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-LA96053",
  "modified": "2026-06-09T10:09:47Z",
  "published": "2026-06-10T00:57:24.592105Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-LA96053.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47912"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25680"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25681"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27136"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27137"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27138"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27140"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27143"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27144"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32288"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32289"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33810"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33811"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33814"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39817"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39819"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39820"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39821"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39825"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39826"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39836"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42499"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42501"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42502"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42506"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25680"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25681"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27136"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27140"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39817"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39819"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42501"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42502"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42506"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label",
  "upstream": [
    "CVE-2025-47912",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58186",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2025-61729",
    "CVE-2026-25679",
    "CVE-2026-25680",
    "CVE-2026-25681",
    "CVE-2026-27136",
    "CVE-2026-27137",
    "CVE-2026-27138",
    "CVE-2026-27139",
    "CVE-2026-27140",
    "CVE-2026-27142",
    "CVE-2026-27143",
    "CVE-2026-27144",
    "CVE-2026-32280",
    "CVE-2026-32281",
    "CVE-2026-32282",
    "CVE-2026-32283",
    "CVE-2026-32288",
    "CVE-2026-32289",
    "CVE-2026-33810",
    "CVE-2026-33811",
    "CVE-2026-33814",
    "CVE-2026-39817",
    "CVE-2026-39819",
    "CVE-2026-39820",
    "CVE-2026-39821",
    "CVE-2026-39823",
    "CVE-2026-39825",
    "CVE-2026-39826",
    "CVE-2026-39836",
    "CVE-2026-42499",
    "CVE-2026-42501",
    "CVE-2026-42502",
    "CVE-2026-42506"
  ]
}

cleanstart-2026-lo42921

Vulnerability from cleanstart

Published

2026-02-25 00:42

Modified

2026-02-24 09:23

Summary

Within HostnameError

Details

Multiple security vulnerabilities affect the kyverno package. Within HostnameError. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2025-61729	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61729	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "kyverno"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.16.0-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the kyverno package. Within HostnameError. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-LO42921",
  "modified": "2026-02-24T09:23:19Z",
  "published": "2026-02-25T00:42:42.699243Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-LO42921"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61729"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Within HostnameError",
  "upstream": [
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2025-61729"
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-58189 (GCVE-0-2025-58189)

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Tags

Sightings

Nomenclature