kots vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the kots package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-rwvp-r38j-9rgg	<1.128.2-r1
L CVE-2025-11579	<1.128.2-r1
L GHSA-wjrx-6529-hcj3	<1.126.0-r1
L CVE-2025-8959	<1.126.0-r1
L Use of Uninitialized Resource	<1.126.0-r0
L Allocation of Resources Without Limits or Throttling	<1.126.0-r0
L GHSA-f9f8-9pmf-xv68	<1.126.0-r0
L GHSA-9h84-qmv7-982p	<1.126.0-r0
L GHSA-j5pm-7495-qmr3	<1.125.2-r1
L CVE-2025-47907	<1.125.2-r1
H Arbitrary Code Injection	<1.124.18-r2
L GHSA-557j-xg8c-q2mm	<1.124.18-r2
L GHSA-fv92-fjc5-jj9h	<1.124.18-r1
L GHSA-2x5j-vhc8-9cwm	<1.124.17-r1
L Arbitrary Code Injection	<1.124.16-r1
L GHSA-6m8w-jc87-6cr7	<1.124.16-r1
L CVE-2025-22872	<1.124.15-r1
L GHSA-vvgc-356p-c3xw	<1.124.15-r1
L GHSA-4hfp-h4cw-hj8p	<1.124.14-r1
L Stack-based Buffer Overflow	<1.124.14-r1
L GHSA-5xqw-8hwv-wg92	<1.124.14-r1
L Allocation of Resources Without Limits or Throttling	<1.124.14-r1
L Improper Input Validation	<1.124.8-r2
L GHSA-92cp-5422-2mw7	<1.124.8-r2
L Asymmetric Resource Consumption (Amplification)	<1.124.8-r1
L GHSA-mh63-6h87-95cp	<1.124.8-r1
M Open Redirect	<1.124.8-r0
L GHSA-33c5-9fx5-fvjm	<1.124.8-r0
L GHSA-29wx-vh33-7x7r	<1.124.8-r0
L Improper Handling of Exceptional Conditions	<1.124.8-r0
H Integer Overflow or Wraparound	<1.124.7-r1
L GHSA-265r-hfxg-fhmg	<1.124.7-r1
L GHSA-qxp5-gwg8-xv66	<1.124.6-r0
L CVE-2025-22870	<1.124.6-r0
L CVE-2025-22869	<1.124.5-r2
L CVE-2025-22868	<1.124.5-r1
L GHSA-c6gw-w398-hv78	<1.124.4-r1
L Allocation of Resources Without Limits or Throttling	<1.124.4-r1
L Authorization Bypass Through User-Controlled Key	<1.124.3-r1
L GHSA-phw4-mc57-4hwc	<1.124.3-r1
L GHSA-j5vm-7qcc-2wwg	<1.123.1-r0
L GHSA-v725-9546-7q7m	<1.123.0-r1
L Resource Exhaustion	<1.123.0-r1
L Arbitrary Argument Injection	<1.123.0-r1
L GHSA-r9px-m959-cxf4	<1.123.0-r1
L GHSA-w32m-9786-jp63	<1.122.0-r1
L CVE-2024-45338	<1.122.0-r1
L CVE-2024-45337	<1.122.0-r0
L GHSA-v778-237x-gjrc	<1.122.0-r0
H Authentication Bypass	<1.117.2-r1
L GHSA-c77r-fh37-x2px	<1.117.2-r1
L CVE-2024-34155	<1.116.0-r0
L GHSA-8xfx-rj4p-23jm	<1.116.0-r0
L CVE-2024-34156	<1.116.0-r0
L CVE-2024-34158	<1.116.0-r0
L GHSA-j7vj-rw65-4v26	<1.116.0-r0
L GHSA-crqm-pwhx-j97f	<1.116.0-r0
L GHSA-v23v-6jw2-98fq	<1.112.2-r1
L CVE-2024-41110	<1.112.2-r1
L GHSA-xr7q-jx4m-x55m	<1.111.0-r1
L CVE-2024-24791	<1.110.0-r1
L GHSA-hw49-2p59-3mhj	<1.110.0-r1
L GHSA-xfhp-jf8p-mh5w	<1.109.14-r1
L CVE-2024-6257	<1.109.14-r1
C CVE-2024-24790	<1.109.9-r1
M CVE-2024-24789	<1.109.9-r1
L GHSA-49gw-vxvf-fc2g	<1.109.9-r1
L GHSA-236w-p7wf-5ph8	<1.109.9-r1
H Origin Validation Error	<1.108.2-r0
L GHSA-xw73-rw38-6vjc	<1.108.2-r0
L CVE-2024-27289	<1.108.1-r0
L GHSA-m7wr-2xf7-cm9p	<1.108.1-r0
L GHSA-mrww-27vc-gghv	<1.108.1-r0
L CVE-2024-27304	<1.108.1-r0
L CVE-2024-24786	<1.108.1-r0
L GHSA-8r3f-844c-mc37	<1.108.1-r0
L GHSA-7jwh-3vrq-q3m8	<1.108.1-r0
L CVE-2024-28180	<1.108.0-r2
L GHSA-c5q2-7r4c-mv6g	<1.108.0-r2
H Use of Uninitialized Resource	<1.107.7-r0
L GHSA-r53h-jv2g-vpx6	<1.107.7-r0
L GHSA-v53g-5gjp-272r	<1.107.4-r0
M Directory Traversal	<1.107.4-r0
H Exposure of Resource to Wrong Sphere	<1.107.0-r1
L GHSA-xr7r-f8xq-vfvv	<1.107.0-r1
H CVE-2023-49568	<1.104.7-r2
L GHSA-mw99-9chc-xw7r	<1.104.7-r2
L GHSA-7ww5-4wqc-m92c	<1.104.7-r1
L GHSA-45x7-px36-x8w8	<1.104.7-r1
M Improper Validation of Integrity Check Value	<1.104.7-r1
L GHSA-4374-p667-p6c8	<1.103.2-r2
L GHSA-m425-mq94-257g	<1.103.3-r1
L GHSA-2wrh-6pvc-2jm9	<1.103.2-r2
L GHSA-qppj-fm5r-hxr3	<1.103.3-r1
L GHSA-2c7c-3mj9-8fqh	<1.104.2-r1
H Allocation of Resources Without Limits or Throttling	<1.103.2-r2
H CVE-2023-44487	<1.103.3-r1
C Improper Handling of Syntactically Invalid Structure	<1.98.2-r2
C Improper Verification of Cryptographic Signature	<1.98.3-r1
M Cross-site Scripting (XSS)	<1.103.2-r2
M Missing Authorization	<1.98.3-r1

Vulnerability

Vulnerable Version

GHSA-rwvp-r38j-9rgg

<1.128.2-r1