Filter

Software

kubernetes dashboard
63
kubernetes nginx ingress controller
13
kubernetes kubelet
8
kubernetes minikube
3
kubernetes
2
kubernetes apiserver
2
kubernetes image builder
2
kubernetes secrets store csi driver
2
kubernetes aws iam authenticator
1
kubernetes container storage interface snapshotter
1
kubernetes continuous deploy
1
kubernetes csi proxy
1
kubernetes external-provisioner
1
kubernetes external-resizer
1
kubernetes external-snapshotter
1
kubernetes ingress nginx
1
kubernetes kube-apiserver
1
kubernetes kube-state-metrics
1
kubernetes operations
1

go/github.com/kubernetes-csi/csi-proxyKubernetes - csi-proxy - Insufficient input sanitization leads to privilege escalation

high
8.8
First published (updated )
CVE-2023-3893

Kubernetes DashboardKubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation

high
8.8
First published (updated )
CVE-2023-3955

Kubernetes DashboardKubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation

high
8.8
First published (updated )
CVE-2023-3676

Kubernetes DashboardWindows kube-proxy LoadBalancer contention

medium
6.3
First published (updated )
CVE-2021-25736

go/k8s.io/ingress-nginxIngress nginx annotation injection causes arbitrary command execution

high
8.8
First published (updated )
CVE-2023-5043

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

go/k8s.io/ingress-nginxCode injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

high
8.8
First published (updated )
CVE-2023-5044

go/k8s.io/ingress-nginxIngress-nginx `path` sanitization can be bypassed with `log_format` directive

high
8.8
First published (updated )
CVE-2022-4886

go/sigs.k8s.io/secrets-store-csi-driverKubernetes secrets-store-csi-driver discloses service account tokens in logs

medium
6.5
First published (updated )
CVE-2023-2878

redhat/kube-apiserverBypassing policies imposed by the ImagePolicyWebhook admission plugin

medium
6.5
First published (updated )
CVE-2023-2727

redhat/kube-apiserverBypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

medium
6.5
First published (updated )
CVE-2023-2728

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Kubernetes Kube-apiserverKubernetes - API server - Aggregated API server can cause clients to be redirected (SSRF)

high
8.2
First published (updated )
CVE-2022-3172

[kubernetes] CVE-2025-0426: Node Denial of Service via kubelet Checkpoint API

First published (updated )
https://seclists.org/oss-sec/2025/q1/126

go/k8s.io/ingress-nginxIngress-nginx `path` sanitization can be bypassed with newline character

high
7.6
First published (updated )
CVE-2021-25748

redhat/kubeletrunAsNonRoot logic bypass for Windows containers

high
7.8
First published (updated )
CVE-2021-25749

Kubernetes Minikube[minikube] Network Port exposure in minikube running on macOS using Docker driver

critical
9.8
First published (updated )
CVE-2023-1174

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Kubernetes Minikube[minikube] ssh server with default password

high
8.4
First published (updated )
CVE-2023-1944

Kubernetes Dashboard[kubernetes] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

medium
4
Exploited
First published (updated )
CVE-2024-9042

[kubernetes] CVE-2024-9042: Command Injection affecting Windows nodes via nodes/*/logs/query API

First published (updated )
https://seclists.org/oss-sec/2025/q1/23

Kubernetes DashboardKubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation

high
8.8
First published (updated )
CVE-2023-5528

redhat/kubernetesSymlink Exchange Can Allow Host Filesystem Access

high
8.8
First published (updated )
CVE-2021-25741

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

redhat/kubernetesHoles in EndpointSlice Validation Enable Host Network Hijack

medium
4.9
First published (updated )
CVE-2021-25737

go/k8s.io/kubernetesBypass of seccomp profile enforcement

medium
5.5
First published (updated )
CVE-2023-2431

redhat openshift container platformCri-o: malicious container can create symlink on host

high
8.1
EPSS
0.04%
First published (updated )
CVE-2024-5154

Kubernetes DashboardCloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network fi…

high
7.5
First published (updated )
CVE-2019-9946

[kubernetes] CVE-2024-10220: Arbitrary command execution through gitpo volume

First published (updated )
https://seclists.org/oss-sec/2024/q4/109

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

go/github.com/kubernetes-sigs/image-builderVM images built with Image Builder and Proxmox provider use default credentials

critical
9.8
EPSS
0.07%
First published (updated )
CVE-2024-9486

go/github.com/kubernetes-sigs/image-builderVM images built with Image Builder with some providers use default credentials during builds

high
8.1
EPSS
0.06%
First published (updated )
CVE-2024-9594

go/k8s.io/apiserverKubernetes API server denial of service

medium
5.3
First published (updated )
CVE-2020-8552

Kubernetes OperationsPrivilege Escalation in kOps using GCE/GCP Provider in Gossip Mode

high
8.8
First published (updated )
CVE-2023-1943

Google Secret Manager Provider for Secret Store CSI DriverKubernetes Secrets Store CSI Driver sync/rotate directory traversal

medium
6.5
First published (updated )
CVE-2020-8568

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203