kots | Snyk

Direct Vulnerabilities

Known vulnerabilities in the kots package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-3xc5-wrhm-f963	<1.130.0-r7
L GHSA-pc3f-x583-g7j2	<1.130.0-r6
L Allocation of Resources Without Limits or Throttling	<1.130.0-r6
L GHSA-9jj7-4m8r-rfcm	<1.130.0-r5
L CVE-2026-33816	<1.130.0-r5
H Incorrect Authorization	<1.130.0-r4
H Allocation of Resources Without Limits or Throttling	<1.130.0-r4
L GHSA-xj38-jxc5-rppx	<1.130.0-r4
L GHSA-q5jf-9vfq-h4h7	<1.130.0-r4
H Improper Certificate Validation	<1.130.0-r4
L CVE-2026-32280	<1.130.0-r4
L GHSA-vmx8-mqv2-9gmg	<1.130.0-r4
L GHSA-xmrv-pmrh-hhx2	<1.130.0-r4
H Not Failing Securely ('Failing Open')	<1.130.0-r4
L Uncontrolled Memory Allocation	<1.130.0-r4
L GHSA-x4jj-h2v8-hqqv	<1.130.0-r4
M Cross-site Scripting (XSS)	<1.130.0-r4
H Directory Traversal	<1.130.0-r4
H Untrusted Search Path	<1.130.0-r4
M Link Following	<1.130.0-r4
L GHSA-gjvh-7jh8-7xhm	<1.130.0-r4
L GHSA-hfvc-g4fc-pqhx	<1.130.0-r4
L GHSA-jrg3-gfjw-hm96	<1.130.0-r4
L GHSA-7mr4-xjxg-34g6	<1.130.0-r4
L GHSA-m4pr-4j3g-9v7v	<1.130.0-r4
L GHSA-92mm-2pjq-r785	<1.130.0-r4
M Directory Traversal	<1.130.0-r4
L GHSA-w8rr-5gcm-pp58	<1.130.0-r4
L GHSA-hr2v-4r36-88hr	<1.130.0-r4
L CVE-2026-4660	<1.130.0-r4
M Allocation of Resources Without Limits or Throttling	<1.130.0-r4
L GHSA-5w89-2c2x-6x66	<1.130.0-r4
L Improper Access Control	<1.130.0-r3
L GHSA-3p65-76g6-3w7r	<1.130.0-r3
L GHSA-f2g3-hh2r-cwgc	<1.130.0-r3
L Server-Side Request Forgery (SSRF)	<1.130.0-r3
L GHSA-78h2-9frx-2jm8	<1.130.0-r2
L Uncaught Exception	<1.130.0-r2
L GHSA-x6gf-mpr2-68h6	<1.129.4-r5
H Improper Validation of Array Index	<1.129.4-r5
L GHSA-jhf3-xxhw-2wpp	<1.129.4-r5
L GHSA-gm2x-2g9h-ccm8	<1.129.4-r5
L Improper Validation of Array Index	<1.129.4-r5
L Integer Underflow	<1.129.4-r5
L GHSA-p77j-4mvh-x3m3	<1.129.4-r4
L Improper Authorization	<1.129.4-r4
L Directory Traversal	<1.129.4-r3
L GHSA-rv83-g57w-fr8j	<1.129.4-r3
L GHSA-j3gx-2473-5fp8	<1.129.4-r3
L Direct Request ('Forced Browsing')	<1.129.4-r3
L GHSA-j4j7-vw47-rhfq	<1.129.4-r3
L Cross-site Scripting (XSS)	<1.129.4-r3
L CVE-2026-22728	<1.129.4-r2
L GHSA-465p-v42x-3fmj	<1.129.4-r2
L GHSA-q9hv-hpm4-hj6x	<1.129.4-r1
C CVE-2026-1229	<1.129.4-r1
L Improper Initialization	<1.129.3-r3
L GHSA-fw7p-63qq-7hpr	<1.129.3-r3
M Improper Validation of Integrity Check Value	<1.129.3-r2
C CVE-2025-68121	<1.129.3-r2
L CVE-2025-61732	<1.129.3-r2
L GHSA-37cx-329c-33x3	<1.129.3-r2
L GHSA-h355-32pf-p2xm	<1.129.3-r2
L GHSA-8jvr-vh7g-f8gx	<1.129.3-r2
L GHSA-fcv2-xgw5-pqxf	<1.129.3-r1
L Directory Traversal	<1.129.3-r1
M Server-Side Request Forgery (SSRF)	<1.129.3-r0
L GHSA-59jp-pj84-45mr	<1.129.3-r0
L GHSA-7vpp-9cxj-q8gv	<1.128.3-r0
L Directory Traversal	<1.128.3-r0
H Directory Traversal	<1.128.3-r0
L GHSA-rhh4-rh7c-7r5v	<1.128.3-r0
L Improper Validation of Specified Type of Input	<1.124.17-r1
L GHSA-6v2p-p543-phr9	<1.124.5-r1
L GHSA-r6j8-c6r2-37rr	<1.129.1-r2
L CVE-2025-13281	<1.129.1-r2
L GHSA-hcg3-q754-cr77	<1.124.5-r2
L GHSA-cgrx-mc8f-2prm	<1.129.1-r0
H Symlink Following	<1.129.1-r0
L GHSA-7c64-f9jr-v9h2	<1.129.1-r0
L GHSA-f83f-xpx7-ffpw	<1.129.1-r1
L Asymmetric Resource Consumption (Amplification)	<1.129.1-r1
L Improper Certificate Validation	<1.129.1-r0
L CVE-2025-58181	<1.128.3-r2
L GHSA-j5w8-q4qc-rx2x	<1.128.3-r2
L GHSA-f6x5-jh6r-wrfv	<1.128.3-r2
L CVE-2025-47914	<1.128.3-r2
M Memory Leak	<1.128.3-r1
H Incorrect Execution-Assigned Permissions	<1.128.3-r1
M CVE-2025-11579	<1.128.2-r1
L CVE-2025-8959	<1.126.0-r1
L Use of Uninitialized Resource	<1.126.0-r0
L Allocation of Resources Without Limits or Throttling	<1.126.0-r0
L Race Condition	<1.125.2-r1
H Arbitrary Code Injection	<1.124.18-r2
L Arbitrary Code Injection	<1.124.16-r1
L CVE-2025-22872	<1.124.15-r1
L Stack-based Buffer Overflow	<1.124.14-r1
L Allocation of Resources Without Limits or Throttling	<1.124.14-r1
L Improper Input Validation	<1.124.8-r2
L Asymmetric Resource Consumption (Amplification)	<1.124.8-r1
M Open Redirect	<1.124.8-r0
L Improper Handling of Exceptional Conditions	<1.124.8-r0
H Integer Overflow or Wraparound	<1.124.7-r1
L CVE-2025-22870	<1.124.6-r0
L CVE-2025-22869	<1.124.5-r2
L CVE-2025-22868	<1.124.5-r1
L Allocation of Resources Without Limits or Throttling	<1.124.4-r1
L Authorization Bypass Through User-Controlled Key	<1.124.3-r1
L Resource Exhaustion	<1.123.0-r1
L Arbitrary Argument Injection	<1.123.0-r1
L CVE-2024-45338	<1.122.0-r1
L CVE-2024-45337	<1.122.0-r0
H Authentication Bypass	<1.117.2-r1
L CVE-2024-34155	<1.116.0-r0
L CVE-2024-34156	<1.116.0-r0
L CVE-2024-34158	<1.116.0-r0
L CVE-2024-41110	<1.112.2-r1
L CVE-2024-24791	<1.110.0-r1
H CVE-2024-6257	<1.109.14-r1
C CVE-2024-24790	<1.109.9-r1
M CVE-2024-24789	<1.109.9-r1
H Origin Validation Error	<1.108.2-r0
L CVE-2024-27289	<1.108.1-r0
L CVE-2024-27304	<1.108.1-r0
L CVE-2024-24786	<1.108.1-r0
L CVE-2024-28180	<1.128.3-r0
L GHSA-c5q2-7r4c-mv6g	<1.128.3-r0
H Use of Uninitialized Resource	<1.107.7-r0
M Directory Traversal	<1.107.4-r0
H Exposure of Resource to Wrong Sphere	<1.107.0-r1
H CVE-2023-49568	<1.104.7-r2
M Improper Validation of Integrity Check Value	<1.104.7-r1
H Allocation of Resources Without Limits or Throttling	<1.103.2-r2
H CVE-2023-44487	<1.103.3-r1
C Improper Handling of Syntactically Invalid Structure	<1.98.2-r2
C Improper Verification of Cryptographic Signature	<1.98.3-r1
M Cross-site Scripting (XSS)	<1.103.2-r2
M Missing Authorization	<1.98.3-r1

Vulnerability

Vulnerable Version

GHSA-3xc5-wrhm-f963

<1.130.0-r7