Vulnerability-Lookup

CVE-2026-25934 (GCVE-0-2026-25934)

Vulnerability from cvelistv5 – Published: 2026-02-09 22:13 – Updated: 2026-02-11 21:23

Title

go-git improperly verifies data integrity values for .idx and .pack files

Summary

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-354 - Improper Validation of Integrity Check Value

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/go-git/go-git/security/advisor…	x_refsource_CONFIRM
https://github.com/go-git/go-git/releases/tag/v5.16.5	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
go-git	go-git	Affected: < 5.16.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-25934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-11T21:23:04.617787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-11T21:23:14.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "go-git",
          "vendor": "go-git",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.16.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-354",
              "description": "CWE-354: Improper Validation of Integrity Check Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T22:13:41.974Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3"
        },
        {
          "name": "https://github.com/go-git/go-git/releases/tag/v5.16.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/go-git/go-git/releases/tag/v5.16.5"
        }
      ],
      "source": {
        "advisory": "GHSA-37cx-329c-33x3",
        "discovery": "UNKNOWN"
      },
      "title": "go-git improperly verifies data integrity values for .idx and .pack files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-25934",
    "datePublished": "2026-02-09T22:13:41.974Z",
    "dateReserved": "2026-02-09T16:22:17.786Z",
    "dateUpdated": "2026-02-11T21:23:14.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-25934",
      "date": "2026-06-02",
      "epss": "7e-05",
      "percentile": "0.00556"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-25934\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-09T23:16:05.937\",\"lastModified\":\"2026-02-20T20:21:19.260\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.\"},{\"lang\":\"es\",\"value\":\"go-git es una biblioteca de implementaci\u00f3n de git altamente extensible escrita en Go puro. Antes de la versi\u00f3n 5.16.5, se descubri\u00f3 una vulnerabilidad en go-git por la cual los valores de integridad de datos para los archivos .pack y .idx no se verificaban correctamente. Esto resultaba en que go-git pod\u00eda consumir archivos corruptos, lo que probablemente provocar\u00eda errores inesperados como \u0027objeto no encontrado\u0027. Para contextualizar, los clientes obtienen los packfiles de los servidores Git ascendentes. Esos archivos contienen una suma de verificaci\u00f3n (checksum) de sus contenidos, para que los clientes puedan realizar comprobaciones de integridad antes de consumirlos. Los \u00edndices pack (.idx) son generados localmente por go-git, o por la CLI de git, cuando se reciben y procesan nuevos archivos .pack. Las comprobaciones de integridad para ambos archivos no se estaban verificando correctamente. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 5.16.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:go-git_project:go-git:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"5.16.5\",\"matchCriteriaId\":\"337C04E7-3892-49DC-BB2D-60615B821E3F\"}]}]}],\"references\":[{\"url\":\"https://github.com/go-git/go-git/releases/tag/v5.16.5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25934\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-11T21:23:04.617787Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-11T21:23:12.504Z\"}}], \"cna\": {\"title\": \"go-git improperly verifies data integrity values for .idx and .pack files\", \"source\": {\"advisory\": \"GHSA-37cx-329c-33x3\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"go-git\", \"product\": \"go-git\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.16.5\"}]}], \"references\": [{\"url\": \"https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3\", \"name\": \"https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/go-git/go-git/releases/tag/v5.16.5\", \"name\": \"https://github.com/go-git/go-git/releases/tag/v5.16.5\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-354\", \"description\": \"CWE-354: Improper Validation of Integrity Check Value\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-09T22:13:41.974Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-25934\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-11T21:23:14.781Z\", \"dateReserved\": \"2026-02-09T16:22:17.786Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-09T22:13:41.974Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

cleanstart-2026-dv04077

Vulnerability from cleanstart

Published

2026-02-25 00:42

Modified

2026-02-24 09:23

Summary

go-git is a highly extensible git implementation library written in pure Go

Details

Multiple security vulnerabilities affect the argo-workflows-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-0913	WEB
	https://osv.dev/vulnerability/CVE-2025-4673	WEB
	https://osv.dev/vulnerability/CVE-2025-47907	WEB
	https://osv.dev/vulnerability/CVE-2025-58181	WEB
	https://osv.dev/vulnerability/CVE-2025-62156	WEB
	https://osv.dev/vulnerability/CVE-2025-62157	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/GHSA-2X5J-VHC8-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-37CX-329C-33X3	WEB
	https://osv.dev/vulnerability/GHSA-C2HV-4PFJ-MM2R	WEB
	https://osv.dev/vulnerability/GHSA-CFPF-HRX2-8RV6	WEB
	https://osv.dev/vulnerability/GHSA-P84V-GXVW-73PF	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-0913	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-4673	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47907	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58181	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-62156	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-62157	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "argo-workflows-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.7.3-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the argo-workflows-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-DV04077",
  "modified": "2026-02-24T09:23:19Z",
  "published": "2026-02-25T00:42:42.369607Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-DV04077"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-0913"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-4673"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47907"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58181"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-62156"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-62157"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2X5J-VHC8-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-37CX-329C-33X3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-C2HV-4PFJ-MM2R"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-CFPF-HRX2-8RV6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-P84V-GXVW-73PF"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0913"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62157"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "go-git is a highly extensible git implementation library written in pure Go",
  "upstream": [
    "CVE-2025-0913",
    "CVE-2025-4673",
    "CVE-2025-47907",
    "CVE-2025-58181",
    "CVE-2025-62156",
    "CVE-2025-62157",
    "CVE-2026-25934",
    "GHSA-2X5J-VHC8-9CWM",
    "GHSA-37CX-329C-33X3",
    "GHSA-C2HV-4PFJ-MM2R",
    "GHSA-CFPF-HRX2-8RV6",
    "GHSA-P84V-GXVW-73PF"
  ]
}

cleanstart-2026-dz05206

Vulnerability from cleanstart

Published

2026-02-27 01:00

Modified

2026-02-26 12:09

Summary

go-git is a highly extensible git implementation library written in pure Go

Details

Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-55190	WEB
	https://osv.dev/vulnerability/CVE-2025-55191	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-59537	WEB
	https://osv.dev/vulnerability/CVE-2025-59538	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4	WEB
	https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-37CX-329C-33X3	WEB
	https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M	WEB
	https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC	WEB
	https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9	WEB
	https://osv.dev/vulnerability/GHSA-92CP-5422-2M47	WEB
	https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2	WEB
	https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV	WEB
	https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4	WEB
	https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X	WEB
	https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP	WEB
	https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55190	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55191	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59537	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59538	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "argo-cd-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.7-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-DZ05206",
  "modified": "2026-02-26T12:09:56Z",
  "published": "2026-02-27T01:00:40.158214Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-DZ05206"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-37CX-329C-33X3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-92CP-5422-2M47"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "go-git is a highly extensible git implementation library written in pure Go",
  "upstream": [
    "CVE-2025-55190",
    "CVE-2025-55191",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-59537",
    "CVE-2025-59538",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2026-25934",
    "GHSA-2V5J-VHC3-9CWM",
    "GHSA-2VGG-9H3W-QBR4",
    "GHSA-2XSJ-VH29-9CWM",
    "GHSA-37CX-329C-33X3",
    "GHSA-3WGM-2MW2-VH5M",
    "GHSA-4X4M-3C2P-QPPC",
    "GHSA-6V2P-P543-PHR9",
    "GHSA-92CP-5422-2M47",
    "GHSA-93MQ-9FFX-83M2",
    "GHSA-F6X5-JH6R-WRFV",
    "GHSA-HJ2P-8WJ8-PFQ4",
    "GHSA-J5W8-Q4QC-RX2X",
    "GHSA-MH63-6H87-95CP",
    "GHSA-MW99-9CHC-XW7R"
  ]
}

cleanstart-2026-er93728

Vulnerability from cleanstart

Published

2026-02-27 00:46

Modified

2026-02-26 12:09

Summary

go-git is a highly extensible git implementation library written in pure Go

Details

Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-55190	WEB
	https://osv.dev/vulnerability/CVE-2025-55191	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-59537	WEB
	https://osv.dev/vulnerability/CVE-2025-59538	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4	WEB
	https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-37CX-329C-33X3	WEB
	https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M	WEB
	https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC	WEB
	https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9	WEB
	https://osv.dev/vulnerability/GHSA-92CP-5422-2M47	WEB
	https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2	WEB
	https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV	WEB
	https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4	WEB
	https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X	WEB
	https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP	WEB
	https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55190	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55191	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59537	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59538	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "argo-cd-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.7-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-ER93728",
  "modified": "2026-02-26T12:09:56Z",
  "published": "2026-02-27T00:46:38.846728Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-ER93728"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-37CX-329C-33X3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-92CP-5422-2M47"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "go-git is a highly extensible git implementation library written in pure Go",
  "upstream": [
    "CVE-2025-55190",
    "CVE-2025-55191",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-59537",
    "CVE-2025-59538",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2026-25934",
    "GHSA-2V5J-VHC3-9CWM",
    "GHSA-2VGG-9H3W-QBR4",
    "GHSA-2XSJ-VH29-9CWM",
    "GHSA-37CX-329C-33X3",
    "GHSA-3WGM-2MW2-VH5M",
    "GHSA-4X4M-3C2P-QPPC",
    "GHSA-6V2P-P543-PHR9",
    "GHSA-92CP-5422-2M47",
    "GHSA-93MQ-9FFX-83M2",
    "GHSA-F6X5-JH6R-WRFV",
    "GHSA-HJ2P-8WJ8-PFQ4",
    "GHSA-J5W8-Q4QC-RX2X",
    "GHSA-MH63-6H87-95CP",
    "GHSA-MW99-9CHC-XW7R"
  ]
}

cleanstart-2026-fc24138

Vulnerability from cleanstart

Published

2026-05-18 13:25

Modified

2026-05-12 06:11

Summary

Security fixes for CVE-2026-1229, CVE-2026-25934, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-3xc5-wrhm-f963, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.9.7-r1, 0.9.9-r0, 0.9.9-r1, 0.9.9-r2

Details

Multiple security vulnerabilities affect the gptscript package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2026-1229	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/CVE-2026-33811	WEB
	https://osv.dev/vulnerability/CVE-2026-33814	WEB
	https://osv.dev/vulnerability/CVE-2026-39820	WEB
	https://osv.dev/vulnerability/CVE-2026-39823	WEB
	https://osv.dev/vulnerability/CVE-2026-39825	WEB
	https://osv.dev/vulnerability/CVE-2026-39826	WEB
	https://osv.dev/vulnerability/CVE-2026-39836	WEB
	https://osv.dev/vulnerability/CVE-2026-42499	WEB
	https://osv.dev/vulnerability/ghsa-3xc5-wrhm-f963	WEB
	https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv	WEB
	https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-1229	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33811	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33814	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39820	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39825	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39826	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39836	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42499	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "gptscript"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.9.9-r2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the gptscript package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-FC24138",
  "modified": "2026-05-12T06:11:35Z",
  "published": "2026-05-18T13:25:50.977599Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FC24138.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-1229"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33811"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33814"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39820"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39825"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39826"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39836"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42499"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3xc5-wrhm-f963"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33814"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39825"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39826"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39836"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2026-1229, CVE-2026-25934, CVE-2026-33811, CVE-2026-33814, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, ghsa-3xc5-wrhm-f963, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.9.7-r1, 0.9.9-r0, 0.9.9-r1, 0.9.9-r2",
  "upstream": [
    "CVE-2026-1229",
    "CVE-2026-25934",
    "CVE-2026-33811",
    "CVE-2026-33814",
    "CVE-2026-39820",
    "CVE-2026-39823",
    "CVE-2026-39825",
    "CVE-2026-39826",
    "CVE-2026-39836",
    "CVE-2026-42499",
    "ghsa-3xc5-wrhm-f963",
    "ghsa-f6x5-jh6r-wrfv",
    "ghsa-j5w8-q4qc-rx2x"
  ]
}

cleanstart-2026-ff20499

Vulnerability from cleanstart

Published

2026-04-01 10:04

Modified

2026-03-09 11:52

Summary

Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0

Details

Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-55190	WEB
	https://osv.dev/vulnerability/CVE-2025-55191	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-59537	WEB
	https://osv.dev/vulnerability/CVE-2025-59538	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/ghsa-2v5j-vhc3-9cwm	WEB
	https://osv.dev/vulnerability/ghsa-2vgg-9h3w-qbr4	WEB
	https://osv.dev/vulnerability/ghsa-2xsj-vh29-9cwm	WEB
	https://osv.dev/vulnerability/ghsa-37cx-329c-33x3	WEB
	https://osv.dev/vulnerability/ghsa-3wgm-2mw2-vh5m	WEB
	https://osv.dev/vulnerability/ghsa-4x4m-3c2p-qppc	WEB
	https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9	WEB
	https://osv.dev/vulnerability/ghsa-92cp-5422-2m47	WEB
	https://osv.dev/vulnerability/ghsa-93mq-9ffx-83m2	WEB
	https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv	WEB
	https://osv.dev/vulnerability/ghsa-hj2p-8wj8-pfq4	WEB
	https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x	WEB
	https://osv.dev/vulnerability/ghsa-mh63-6h87-95cp	WEB
	https://osv.dev/vulnerability/ghsa-mw99-9chc-xw7r	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55190	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55191	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59537	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59538	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "argo-cd-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.7-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-FF20499",
  "modified": "2026-03-09T11:52:12Z",
  "published": "2026-04-01T10:04:06.598747Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FF20499.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2v5j-vhc3-9cwm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2vgg-9h3w-qbr4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2xsj-vh29-9cwm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3wgm-2mw2-vh5m"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4x4m-3c2p-qppc"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6v2p-p543-phr9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-92cp-5422-2m47"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-93mq-9ffx-83m2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hj2p-8wj8-pfq4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mh63-6h87-95cp"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mw99-9chc-xw7r"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0",
  "upstream": [
    "CVE-2025-55190",
    "CVE-2025-55191",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-59537",
    "CVE-2025-59538",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2026-25934",
    "ghsa-2v5j-vhc3-9cwm",
    "ghsa-2vgg-9h3w-qbr4",
    "ghsa-2xsj-vh29-9cwm",
    "ghsa-37cx-329c-33x3",
    "ghsa-3wgm-2mw2-vh5m",
    "ghsa-4x4m-3c2p-qppc",
    "ghsa-6v2p-p543-phr9",
    "ghsa-92cp-5422-2m47",
    "ghsa-93mq-9ffx-83m2",
    "ghsa-f6x5-jh6r-wrfv",
    "ghsa-hj2p-8wj8-pfq4",
    "ghsa-j5w8-q4qc-rx2x",
    "ghsa-mh63-6h87-95cp",
    "ghsa-mw99-9chc-xw7r"
  ]
}

cleanstart-2026-ff98917

Vulnerability from cleanstart

Published

2026-02-27 00:51

Modified

2026-02-26 12:09

Summary

go-git is a highly extensible git implementation library written in pure Go

Details

Multiple security vulnerabilities affect the argo-cd package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-55190	WEB
	https://osv.dev/vulnerability/CVE-2025-55191	WEB
	https://osv.dev/vulnerability/CVE-2025-58183	WEB
	https://osv.dev/vulnerability/CVE-2025-58185	WEB
	https://osv.dev/vulnerability/CVE-2025-58187	WEB
	https://osv.dev/vulnerability/CVE-2025-58188	WEB
	https://osv.dev/vulnerability/CVE-2025-58189	WEB
	https://osv.dev/vulnerability/CVE-2025-59537	WEB
	https://osv.dev/vulnerability/CVE-2025-59538	WEB
	https://osv.dev/vulnerability/CVE-2025-61723	WEB
	https://osv.dev/vulnerability/CVE-2025-61724	WEB
	https://osv.dev/vulnerability/CVE-2025-61725	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4	WEB
	https://osv.dev/vulnerability/GHSA-2X5J-VHC8-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM	WEB
	https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M	WEB
	https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC	WEB
	https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9	WEB
	https://osv.dev/vulnerability/GHSA-92CP-5422-2M47	WEB
	https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2	WEB
	https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV	WEB
	https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4	WEB
	https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X	WEB
	https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP	WEB
	https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R	WEB
	https://osv.dev/vulnerability/GHSA-R6J8-C6R2-37RR	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55190	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55191	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58183	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58185	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58187	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58188	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58189	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59537	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59538	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61723	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61724	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61725	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "argo-cd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.9-r4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the argo-cd package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-FF98917",
  "modified": "2026-02-26T12:09:56Z",
  "published": "2026-02-27T00:51:38.790691Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FF98917"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2V5J-VHC3-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2VGG-9H3W-QBR4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2X5J-VHC8-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-2XSJ-VH29-9CWM"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-3WGM-2MW2-VH5M"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-4X4M-3C2P-QPPC"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-6V2P-P543-PHR9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-92CP-5422-2M47"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-93MQ-9FFX-83M2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-F6X5-JH6R-WRFV"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-HJ2P-8WJ8-PFQ4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-J5W8-Q4QC-RX2X"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-MH63-6H87-95CP"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-MW99-9CHC-XW7R"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/GHSA-R6J8-C6R2-37RR"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55190"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55191"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59537"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59538"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "go-git is a highly extensible git implementation library written in pure Go",
  "upstream": [
    "CVE-2025-55190",
    "CVE-2025-55191",
    "CVE-2025-58183",
    "CVE-2025-58185",
    "CVE-2025-58187",
    "CVE-2025-58188",
    "CVE-2025-58189",
    "CVE-2025-59537",
    "CVE-2025-59538",
    "CVE-2025-61723",
    "CVE-2025-61724",
    "CVE-2025-61725",
    "CVE-2026-25934",
    "GHSA-2V5J-VHC3-9CWM",
    "GHSA-2VGG-9H3W-QBR4",
    "GHSA-2X5J-VHC8-9CWM",
    "GHSA-2XSJ-VH29-9CWM",
    "GHSA-3WGM-2MW2-VH5M",
    "GHSA-4X4M-3C2P-QPPC",
    "GHSA-6V2P-P543-PHR9",
    "GHSA-92CP-5422-2M47",
    "GHSA-93MQ-9FFX-83M2",
    "GHSA-F6X5-JH6R-WRFV",
    "GHSA-HJ2P-8WJ8-PFQ4",
    "GHSA-J5W8-Q4QC-RX2X",
    "GHSA-MH63-6H87-95CP",
    "GHSA-MW99-9CHC-XW7R",
    "GHSA-R6J8-C6R2-37RR"
  ]
}

cleanstart-2026-fq05951

Vulnerability from cleanstart

Published

2026-04-01 10:07

Modified

2026-03-06 07:23

Summary

Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-27141, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-p436-gjf2-799p, ghsa-p84v-gxvw-73pf applied in versions: 3.6.13-r0, 3.6.15-r1, 3.6.18-r0, 3.6.19-r0, 3.6.19-r1, 3.7.0-r0, 3.7.3-r0

Details

Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-0913	WEB
	https://osv.dev/vulnerability/CVE-2025-15558	WEB
	https://osv.dev/vulnerability/CVE-2025-4673	WEB
	https://osv.dev/vulnerability/CVE-2025-47907	WEB
	https://osv.dev/vulnerability/CVE-2025-58181	WEB
	https://osv.dev/vulnerability/CVE-2025-62156	WEB
	https://osv.dev/vulnerability/CVE-2025-62157	WEB
	https://osv.dev/vulnerability/CVE-2026-24051	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/CVE-2026-27141	WEB
	https://osv.dev/vulnerability/ghsa-2x5j-vhc8-9cwm	WEB
	https://osv.dev/vulnerability/ghsa-37cx-329c-33x3	WEB
	https://osv.dev/vulnerability/ghsa-c2hv-4pfj-mm2r	WEB
	https://osv.dev/vulnerability/ghsa-cfpf-hrx2-8rv6	WEB
	https://osv.dev/vulnerability/ghsa-p436-gjf2-799p	WEB
	https://osv.dev/vulnerability/ghsa-p84v-gxvw-73pf	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-0913	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-15558	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-4673	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47907	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58181	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-62156	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-62157	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24051	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27141	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "argo-workflows-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.7.3-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-FQ05951",
  "modified": "2026-03-06T07:23:30Z",
  "published": "2026-04-01T10:07:02.415559Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FQ05951.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-0913"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-15558"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-4673"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47907"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58181"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-62156"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-62157"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27141"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-2x5j-vhc8-9cwm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-c2hv-4pfj-mm2r"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cfpf-hrx2-8rv6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p436-gjf2-799p"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p84v-gxvw-73pf"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0913"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15558"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62157"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-27141, ghsa-2x5j-vhc8-9cwm, ghsa-37cx-329c-33x3, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-p436-gjf2-799p, ghsa-p84v-gxvw-73pf applied in versions: 3.6.13-r0, 3.6.15-r1, 3.6.18-r0, 3.6.19-r0, 3.6.19-r1, 3.7.0-r0, 3.7.3-r0",
  "upstream": [
    "CVE-2025-0913",
    "CVE-2025-15558",
    "CVE-2025-4673",
    "CVE-2025-47907",
    "CVE-2025-58181",
    "CVE-2025-62156",
    "CVE-2025-62157",
    "CVE-2026-24051",
    "CVE-2026-25934",
    "CVE-2026-27141",
    "ghsa-2x5j-vhc8-9cwm",
    "ghsa-37cx-329c-33x3",
    "ghsa-c2hv-4pfj-mm2r",
    "ghsa-cfpf-hrx2-8rv6",
    "ghsa-p436-gjf2-799p",
    "ghsa-p84v-gxvw-73pf"
  ]
}

cleanstart-2026-fv86809

Vulnerability from cleanstart

Published

2026-05-18 13:55

Modified

2026-05-02 06:33

Summary

Security fixes for CVE-2025-11579, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32287, CVE-2026-32289, CVE-2026-33186, CVE-2026-33762, CVE-2026-33810, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-39882, CVE-2026-39883, CVE-2026-4878, ghsa-37cx-329c-33x3, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-fw7p-63qq-7hpr, ghsa-gm2x-2g9h-ccm8, ghsa-hfvc-g4fc-pqhx, ghsa-jhf3-xxhw-2wpp, ghsa-rwvp-r38j-9rgg, ghsa-w8rr-5gcm-pp58, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.13.2-r0, 1.14.1-r0, 1.15.0-r0, 1.15.0-r1, 1.15.0-r2

Details

Multiple security vulnerabilities affect the grafana-alloy package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-11579	WEB
	https://osv.dev/vulnerability/CVE-2026-24051	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/CVE-2026-26958	WEB
	https://osv.dev/vulnerability/CVE-2026-32280	WEB
	https://osv.dev/vulnerability/CVE-2026-32281	WEB
	https://osv.dev/vulnerability/CVE-2026-32282	WEB
	https://osv.dev/vulnerability/CVE-2026-32283	WEB
	https://osv.dev/vulnerability/CVE-2026-32287	WEB
	https://osv.dev/vulnerability/CVE-2026-32289	WEB
	https://osv.dev/vulnerability/CVE-2026-33186	WEB
	https://osv.dev/vulnerability/CVE-2026-33762	WEB
	https://osv.dev/vulnerability/CVE-2026-33810	WEB
	https://osv.dev/vulnerability/CVE-2026-34040	WEB
	https://osv.dev/vulnerability/CVE-2026-34165	WEB
	https://osv.dev/vulnerability/CVE-2026-34986	WEB
	https://osv.dev/vulnerability/CVE-2026-39882	WEB
	https://osv.dev/vulnerability/CVE-2026-39883	WEB
	https://osv.dev/vulnerability/CVE-2026-4878	WEB
	https://osv.dev/vulnerability/ghsa-37cx-329c-33x3	WEB
	https://osv.dev/vulnerability/ghsa-6g7g-w4f8-9c9x	WEB
	https://osv.dev/vulnerability/ghsa-78h2-9frx-2jm8	WEB
	https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr	WEB
	https://osv.dev/vulnerability/ghsa-gm2x-2g9h-ccm8	WEB
	https://osv.dev/vulnerability/ghsa-hfvc-g4fc-pqhx	WEB
	https://osv.dev/vulnerability/ghsa-jhf3-xxhw-2wpp	WEB
	https://osv.dev/vulnerability/ghsa-rwvp-r38j-9rgg	WEB
	https://osv.dev/vulnerability/ghsa-w8rr-5gcm-pp58	WEB
	https://osv.dev/vulnerability/ghsa-xmrv-pmrh-hhx2	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-11579	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24051	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-26958	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32280	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32281	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32282	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32283	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32287	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32289	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33186	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33762	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33810	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34040	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34165	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-34986	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39882	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-39883	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-4878	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "grafana-alloy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.0-r2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the grafana-alloy package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-FV86809",
  "modified": "2026-05-02T06:33:33Z",
  "published": "2026-05-18T13:55:59.063400Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FV86809.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-11579"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-26958"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32287"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32289"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33762"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33810"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34040"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34165"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-34986"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39882"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-39883"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-4878"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6g7g-w4f8-9c9x"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-78h2-9frx-2jm8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-gm2x-2g9h-ccm8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-hfvc-g4fc-pqhx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-jhf3-xxhw-2wpp"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-rwvp-r38j-9rgg"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-w8rr-5gcm-pp58"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xmrv-pmrh-hhx2"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11579"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26958"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32287"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33762"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34040"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34165"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39882"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39883"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4878"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-11579, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32287, CVE-2026-32289, CVE-2026-33186, CVE-2026-33762, CVE-2026-33810, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-39882, CVE-2026-39883, CVE-2026-4878, ghsa-37cx-329c-33x3, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-fw7p-63qq-7hpr, ghsa-gm2x-2g9h-ccm8, ghsa-hfvc-g4fc-pqhx, ghsa-jhf3-xxhw-2wpp, ghsa-rwvp-r38j-9rgg, ghsa-w8rr-5gcm-pp58, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.13.2-r0, 1.14.1-r0, 1.15.0-r0, 1.15.0-r1, 1.15.0-r2",
  "upstream": [
    "CVE-2025-11579",
    "CVE-2026-24051",
    "CVE-2026-25934",
    "CVE-2026-26958",
    "CVE-2026-32280",
    "CVE-2026-32281",
    "CVE-2026-32282",
    "CVE-2026-32283",
    "CVE-2026-32287",
    "CVE-2026-32289",
    "CVE-2026-33186",
    "CVE-2026-33762",
    "CVE-2026-33810",
    "CVE-2026-34040",
    "CVE-2026-34165",
    "CVE-2026-34986",
    "CVE-2026-39882",
    "CVE-2026-39883",
    "CVE-2026-4878",
    "ghsa-37cx-329c-33x3",
    "ghsa-6g7g-w4f8-9c9x",
    "ghsa-78h2-9frx-2jm8",
    "ghsa-fw7p-63qq-7hpr",
    "ghsa-gm2x-2g9h-ccm8",
    "ghsa-hfvc-g4fc-pqhx",
    "ghsa-jhf3-xxhw-2wpp",
    "ghsa-rwvp-r38j-9rgg",
    "ghsa-w8rr-5gcm-pp58",
    "ghsa-xmrv-pmrh-hhx2"
  ]
}

cleanstart-2026-fx27781

Vulnerability from cleanstart

Published

2026-04-01 10:07

Modified

2026-03-06 06:49

Summary

Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-27141, ghsa-37cx-329c-33x3, ghsa-9h8m-3fm2-qjrq, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.10-r0, 3.7.10-r1, 3.7.10-r2, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0

Details

Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-0913	WEB
	https://osv.dev/vulnerability/CVE-2025-15558	WEB
	https://osv.dev/vulnerability/CVE-2025-4673	WEB
	https://osv.dev/vulnerability/CVE-2025-47907	WEB
	https://osv.dev/vulnerability/CVE-2025-47914	WEB
	https://osv.dev/vulnerability/CVE-2025-58181	WEB
	https://osv.dev/vulnerability/CVE-2025-62156	WEB
	https://osv.dev/vulnerability/CVE-2025-62157	WEB
	https://osv.dev/vulnerability/CVE-2026-24051	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/CVE-2026-26958	WEB
	https://osv.dev/vulnerability/CVE-2026-27141	WEB
	https://osv.dev/vulnerability/ghsa-37cx-329c-33x3	WEB
	https://osv.dev/vulnerability/ghsa-9h8m-3fm2-qjrq	WEB
	https://osv.dev/vulnerability/ghsa-c2hv-4pfj-mm2r	WEB
	https://osv.dev/vulnerability/ghsa-cfpf-hrx2-8rv6	WEB
	https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr	WEB
	https://osv.dev/vulnerability/ghsa-p84v-gxvw-73pf	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-0913	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-15558	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-4673	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47907	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-47914	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58181	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-62156	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-62157	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-24051	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-26958	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27141	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "argo-workflows-fips"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.7.9-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the argo-workflows-fips package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-FX27781",
  "modified": "2026-03-06T06:49:13Z",
  "published": "2026-04-01T10:07:09.669593Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FX27781.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-0913"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-15558"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-4673"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47907"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-47914"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58181"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-62156"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-62157"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-26958"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27141"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-9h8m-3fm2-qjrq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-c2hv-4pfj-mm2r"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cfpf-hrx2-8rv6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-p84v-gxvw-73pf"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0913"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15558"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62157"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26958"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-0913, CVE-2025-15558, CVE-2025-4673, CVE-2025-47907, CVE-2025-47914, CVE-2025-58181, CVE-2025-62156, CVE-2025-62157, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-27141, ghsa-37cx-329c-33x3, ghsa-9h8m-3fm2-qjrq, ghsa-c2hv-4pfj-mm2r, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p84v-gxvw-73pf applied in versions: 3.7.0-r0, 3.7.10-r0, 3.7.10-r1, 3.7.10-r2, 3.7.3-r0, 3.7.4-r0, 3.7.6-r0, 3.7.9-r0",
  "upstream": [
    "CVE-2025-0913",
    "CVE-2025-15558",
    "CVE-2025-4673",
    "CVE-2025-47907",
    "CVE-2025-47914",
    "CVE-2025-58181",
    "CVE-2025-62156",
    "CVE-2025-62157",
    "CVE-2026-24051",
    "CVE-2026-25934",
    "CVE-2026-26958",
    "CVE-2026-27141",
    "ghsa-37cx-329c-33x3",
    "ghsa-9h8m-3fm2-qjrq",
    "ghsa-c2hv-4pfj-mm2r",
    "ghsa-cfpf-hrx2-8rv6",
    "ghsa-fw7p-63qq-7hpr",
    "ghsa-p84v-gxvw-73pf"
  ]
}

cleanstart-2026-gm63718

Vulnerability from cleanstart

Published

2026-04-01 09:19

Modified

2026-03-25 14:21

Summary

Security fixes for CVE-2025-15558, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-25934, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-q9hv-hpm4-hj6x applied in versions: 1.39.0-r0, 1.39.0-r1, 1.39.0-r2, 1.39.0-r3

Details

Multiple security vulnerabilities affect the syft package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2025-15558	WEB
	https://osv.dev/vulnerability/CVE-2025-61726	WEB
	https://osv.dev/vulnerability/CVE-2025-61728	WEB
	https://osv.dev/vulnerability/CVE-2025-61730	WEB
	https://osv.dev/vulnerability/CVE-2025-68121	WEB
	https://osv.dev/vulnerability/CVE-2026-25679	WEB
	https://osv.dev/vulnerability/CVE-2026-25934	WEB
	https://osv.dev/vulnerability/CVE-2026-27137	WEB
	https://osv.dev/vulnerability/CVE-2026-27138	WEB
	https://osv.dev/vulnerability/CVE-2026-27139	WEB
	https://osv.dev/vulnerability/CVE-2026-27142	WEB
	https://osv.dev/vulnerability/CVE-2026-33186	WEB
	https://osv.dev/vulnerability/ghsa-q9hv-hpm4-hj6x	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-15558	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61726	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61728	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-61730	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-68121	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25679	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-25934	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27137	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27138	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27139	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27142	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33186	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "syft"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.39.0-r3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the syft package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-GM63718",
  "modified": "2026-03-25T14:21:09Z",
  "published": "2026-04-01T09:19:09.281060Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GM63718.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-15558"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27137"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27138"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33186"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-q9hv-hpm4-hj6x"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15558"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2025-15558, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-25679, CVE-2026-25934, CVE-2026-27137, CVE-2026-27138, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-q9hv-hpm4-hj6x applied in versions: 1.39.0-r0, 1.39.0-r1, 1.39.0-r2, 1.39.0-r3",
  "upstream": [
    "CVE-2025-15558",
    "CVE-2025-61726",
    "CVE-2025-61728",
    "CVE-2025-61730",
    "CVE-2025-68121",
    "CVE-2026-25679",
    "CVE-2026-25934",
    "CVE-2026-27137",
    "CVE-2026-27138",
    "CVE-2026-27139",
    "CVE-2026-27142",
    "CVE-2026-33186",
    "ghsa-q9hv-hpm4-hj6x"
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-25934 (GCVE-0-2026-25934)

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Tags

Sightings

Nomenclature