kube-state-metrics-2.6 vulnerabilities

Known vulnerabilities in the kube-state-metrics-2.6 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CVE-2025-22872	<2.6.0-r26
L GHSA-vvgc-356p-c3xw	<2.6.0-r26
L CVE-2025-22871	<2.6.0-r25
L GHSA-g9pc-8g42-g6vq	<2.6.0-r25
L GHSA-33c5-9fx5-fvjm	<2.6.0-r24
M Open Redirect	<2.6.0-r24
L GHSA-qxp5-gwg8-xv66	<2.6.0-r24
L CVE-2025-22870	<2.6.0-r24
L CVE-2025-22868	<2.6.0-r23
L CVE-2025-22869	<2.6.0-r22
L CVE-2025-22866	<2.6.0-r20
L GHSA-3whm-j4xm-rv8x	<2.6.0-r20
L GHSA-7wrw-r4p8-38rx	<2.6.0-r19
L GHSA-3f6r-qh9c-x6mm	<2.6.0-r19
L CVE-2024-45341	<2.6.0-r19
L CVE-2024-45336	<2.6.0-r19
L CVE-2024-45338	<2.6.0-r18
L GHSA-w32m-9786-jp63	<2.6.0-r18
L CVE-2024-45337	<2.6.0-r17
L GHSA-v778-237x-gjrc	<2.6.0-r17
L GHSA-8xfx-rj4p-23jm	<2.6.0-r16
L CVE-2024-34158	<2.6.0-r16
L CVE-2024-34156	<2.6.0-r16
L CVE-2024-34155	<2.6.0-r16
L GHSA-j7vj-rw65-4v26	<2.6.0-r16
L GHSA-crqm-pwhx-j97f	<2.6.0-r16
L CVE-2024-24791	<2.6.0-r15
L GHSA-hw49-2p59-3mhj	<2.6.0-r15
L GHSA-236w-p7wf-5ph8	<2.6.0-r14
L GHSA-49gw-vxvf-fc2g	<2.6.0-r14
M CVE-2024-24789	<2.6.0-r14
C CVE-2024-24790	<2.6.0-r14
L CVE-2024-24787	<2.6.0-r13
L GHSA-5fq7-4mxc-535h	<2.6.0-r13
L CVE-2024-24788	<2.6.0-r13
L GHSA-2jwv-jmq4-4j3r	<2.6.0-r13
L GHSA-4v7x-pqxf-cx7m	<2.6.0-r10
L CVE-2023-45288	<2.6.0-r10
L GHSA-8r3f-844c-mc37	<2.6.0-r9
L CVE-2024-24786	<2.6.0-r9
L GHSA-45x7-px36-x8w8	<2.6.0-r6
M Improper Validation of Integrity Check Value	<2.6.0-r6
L GHSA-7rg2-cxvp-9p7p	<2.6.0-r1
L GHSA-4374-p667-p6c8	<2.6.0-r3
L GHSA-qppj-fm5r-hxr3	<2.6.0-r4
L GHSA-69ch-w2m2-3vjp	<2.6.0-r1
L GHSA-2wrh-6pvc-2jm9	<2.6.0-r1
L GHSA-69cg-p879-7622	<2.6.0-r1
L GHSA-r48q-9g5r-8q2h	<2.6.0-r1
L GHSA-vvpx-j8f3-3w6h	<2.6.0-r1
H Allocation of Resources Without Limits or Throttling	<2.6.0-r3
H CVE-2023-44487	<2.6.0-r4
H Missing Release of Resource after Effective Lifetime	<2.6.0-r1
M Cross-site Scripting (XSS)	<2.6.0-r3
C Authorization Bypass Through User-Controlled Key	<2.6.0-r1
H CVE-2022-27664	<2.6.0-r1
H Improper Authentication	<2.6.0-r1
H CVE-2022-41723	<2.6.0-r1

Vulnerability

Vulnerable Version

<2.6.0-r26

<2.6.0-r26

<2.6.0-r25

<2.6.0-r25

<2.6.0-r24