Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

github.com/tektoncd/pipeline

go

View on github.com · View on proxy.golang.org

Security Advisories for github.com/tektoncd/pipeline in go

High
about 1 month ago

Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE GSA_kwCzR0hTQS05NGpyLTdwcXAteGhjcc4ABViK

go github.com/tektoncd/pipeline
Moderate
about 1 month ago

Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion GSA_kwCzR0hTQS1tMmN4LWdwcWYtcWY3NM4ABViJ

go github.com/tektoncd/pipeline
Moderate
about 1 month ago

Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check GSA_kwCzR0hTQS1yeDM1LTZyaHgtNzg1OM4ABViI

go github.com/tektoncd/pipeline
High
about 1 month ago

Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL GSA_kwCzR0hTQS13anhwLXhycHYteHBmZs4ABViD

go github.com/tektoncd/pipeline
Moderate
about 1 month ago

Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching GSA_kwCzR0hTQS1ybXg5LTJwcDMteGhjcs4ABVhl

go github.com/tektoncd/pipeline
Critical
3 months ago

Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod GSA_kwCzR0hTQS1qNXE1LWo5Z20tMnc1Y84ABT1X

go github.com/tektoncd/pipeline
Moderate
3 months ago

Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun GSA_kwCzR0hTQS1jdjR4LTkzeHgtd2dmas4ABTwv

go github.com/tektoncd/pipeline
Low
almost 3 years ago

Pipelines do not validate child UIDs GSA_kwCzR0hTQS13MmgzLXZ2dnEtM201M84AA0fs

go github.com/tektoncd/pipeline

Filter by Severity

Moderate 4 High 2 Low 1 Critical 1