kubescape | Snyk

Direct Vulnerabilities

Known vulnerabilities in the kubescape package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-3xc5-wrhm-f963	<4.0.5-r2
L Allocation of Resources Without Limits or Throttling	<4.0.5-r0
L Uncontrolled Memory Allocation	<4.0.5-r0
L Improper Validation of Array Index	<4.0.5-r0
L GHSA-gm2x-2g9h-ccm8	<4.0.5-r0
L GHSA-4vrq-3vrq-g6gg	<4.0.5-r0
L CVE-2026-4660	<4.0.5-r0
L GHSA-4c29-8rgm-jvjj	<4.0.5-r0
L GHSA-pc3f-x583-g7j2	<4.0.5-r0
M Directory Traversal	<4.0.5-r0
L GHSA-92mm-2pjq-r785	<4.0.5-r0
L Uncaught Exception	<4.0.5-r0
H Directory Traversal	<4.0.5-r0
C Directory Traversal	<4.0.5-r0
L Improper Certificate Validation	<4.0.5-r0
L GHSA-hfvc-g4fc-pqhx	<4.0.5-r0
L GHSA-jhf3-xxhw-2wpp	<4.0.5-r0
L GHSA-78h2-9frx-2jm8	<4.0.5-r0
M Improper Access Control	<4.0.5-r0
L GHSA-hxv8-4j4r-cqgv	<4.0.5-r0
L GHSA-xm5m-wgh2-rrg3	<4.0.5-r0
L GHSA-w8rr-5gcm-pp58	<4.0.5-r0
L GHSA-xmrv-pmrh-hhx2	<4.0.5-r0
L GHSA-hr2v-4r36-88hr	<4.0.5-r0
L Integer Underflow	<4.0.5-r0
H Untrusted Search Path	<4.0.5-r0
L GHSA-gjvh-7jh8-7xhm	<4.0.3-r3
L GHSA-jrg3-gfjw-hm96	<4.0.3-r3
H Incorrect Authorization	<4.0.3-r3
L GHSA-xj38-jxc5-rppx	<4.0.3-r3
L CVE-2026-32280	<4.0.3-r3
L GHSA-m4pr-4j3g-9v7v	<4.0.3-r3
H Improper Certificate Validation	<4.0.3-r3
L GHSA-5w89-2c2x-6x66	<4.0.3-r3
L GHSA-x4jj-h2v8-hqqv	<4.0.3-r3
L Improper Cleanup on Thrown Exception	<4.0.5-r1
M Cross-site Scripting (XSS)	<4.0.3-r3
L GHSA-rjcw-vg7j-m9rc	<4.0.5-r1
M Allocation of Resources Without Limits or Throttling	<4.0.3-r3
H Allocation of Resources Without Limits or Throttling	<4.0.3-r3
L GHSA-7mr4-xjxg-34g6	<4.0.3-r3
M Link Following	<4.0.3-r3
L GHSA-p77j-4mvh-x3m3	<4.0.3-r1
L Improper Authorization	<4.0.3-r1
L Cross-site Scripting (XSS)	<4.0.2-r3
L GHSA-rv83-g57w-fr8j	<4.0.2-r3
L Direct Request ('Forced Browsing')	<4.0.2-r3
L Directory Traversal	<4.0.2-r3
L GHSA-j4j7-vw47-rhfq	<4.0.2-r3
L GHSA-j3gx-2473-5fp8	<4.0.2-r3
L GHSA-9h8m-3fm2-qjrq	<4.0.2-r2
L Untrusted Search Path	<4.0.2-r2
C CVE-2026-1229	<4.0.2-r1
L GHSA-q9hv-hpm4-hj6x	<4.0.2-r1
M Improper Validation of Integrity Check Value	<4.0.0-r1
L GHSA-37cx-329c-33x3	<4.0.0-r1
L GHSA-fcv2-xgw5-pqxf	<4.0.0-r0
M Directory Traversal	<4.0.0-r0
L GHSA-jqc5-w2xx-5vq4	<4.0.0-r0
L Directory Traversal	<4.0.0-r0
L GHSA-273p-m2cw-6833	<3.0.48-r0
H Reachable Assertion	<3.0.48-r0
L GHSA-59jp-pj84-45mr	<3.0.48-r0
L Server-Side Request Forgery (SSRF)	<3.0.48-r0
L GHSA-fphv-w9fq-2525	<3.0.48-r0
H Improper Verification of Cryptographic Signature	<3.0.48-r0
L NULL Pointer Dereference	<3.0.48-r0
L GHSA-846p-jg2w-w324	<3.0.48-r0
L GHSA-4c4x-jm2x-pf9j	<3.0.48-r0
M Server-Side Request Forgery (SSRF)	<3.0.48-r0
L GHSA-m4gq-fm9h-8q75	<3.0.43-r0
L GHSA-hcg3-q754-cr77	<3.0.32-r1
L Improper Validation of Specified Type of Input	<3.0.34-r3
L GHSA-6v2p-p543-phr9	<3.0.31-r1
L CVE-2025-0495	<3.0.43-r0
L GHSA-f83f-xpx7-ffpw	<3.0.47-r0
L GHSA-4qg8-fj49-pxjh	<3.0.47-r0
L Asymmetric Resource Consumption (Amplification)	<3.0.47-r0
L Asymmetric Resource Consumption (Amplification)	<3.0.47-r0
L GHSA-7c64-f9jr-v9h2	<3.0.46-r0
L Improper Certificate Validation	<3.0.46-r0
M Memory Leak	<3.0.44-r0
H Symlink Following	<3.0.44-r0
H Incorrect Execution-Assigned Permissions	<3.0.44-r0
M CVE-2025-11579	<3.0.41-r1
L CVE-2025-8959	<3.0.38-r1
L Use of Uninitialized Resource	<3.0.37-r2
L Allocation of Resources Without Limits or Throttling	<3.0.37-r2
L Race Condition	<3.0.37-r1
L CVE-2025-22872	<3.0.34-r2
L Allocation of Resources Without Limits or Throttling	<3.0.34-r1
L Stack-based Buffer Overflow	<3.0.34-r1
L CVE-2025-22871	<3.0.34-r1
L Asymmetric Resource Consumption (Amplification)	<3.0.32-r2
H Integer Overflow or Wraparound	<3.0.32-r1
L CVE-2025-22869	<3.0.32-r1
L CVE-2025-22870	<3.0.31-r2
L CVE-2025-22868	<3.0.31-r1
L Allocation of Resources Without Limits or Throttling	<3.0.30-r1
L CVE-2025-22866	<3.0.25-r1
L Arbitrary Argument Injection	<3.0.22-r3
L Resource Exhaustion	<3.0.22-r3
L CVE-2024-45338	<3.0.22-r2
L CVE-2024-45337	<3.0.22-r1
L Improper Handling of Exceptional Conditions	<3.0.18-r1
L Race Condition	<3.0.18-r0
H Authentication Bypass	<3.0.18-r0
L CVE-2024-34155	<3.0.17-r0
L CVE-2024-34156	<3.0.17-r0
L CVE-2024-34158	<3.0.17-r0
L CVE-2024-41110	<3.0.15-r1
L CVE-2024-35192	<3.0.12-r0
H CVE-2024-6257	<3.0.11-r3
M Race Condition	<3.0.11-r2
M Information Exposure Through Log Files	<3.0.11-r2
C CVE-2024-24790	<3.0.11-r1
M CVE-2024-24789	<3.0.11-r1
L CVE-2024-24788	<3.0.10-r1
L CVE-2024-24787	<3.0.10-r1
H Directory Traversal	<3.0.10-r0
L CVE-2024-3817	<3.0.9-r0
L CVE-2023-45288	<3.0.8-r3
M Allocation of Resources Without Limits or Throttling	<3.0.8-r2
H Allocation of Resources Without Limits or Throttling	<3.0.8-r2
H Incorrect Resource Transfer Between Spheres	<3.0.7-r1
H Origin Validation Error	<3.0.7-r1
L CVE-2024-28180	<3.0.43-r0
L CVE-2024-24786	<3.0.6-r1
L GHSA-c5q2-7r4c-mv6g	<3.0.43-r0
H Use of Uninitialized Resource	<3.0.3-r8
M Directory Traversal	<3.0.3-r8
H Exposure of Resource to Wrong Sphere	<3.0.3-r7
C Incorrect Authorization	<3.0.3-r7
C Directory Traversal	<3.0.3-r7
C Directory Traversal	<3.0.3-r7
M Improper Check for Unusual or Exceptional Conditions	<3.0.3-r7
H Race Condition	<3.0.3-r7
M Loop with Unreachable Exit Condition ('Infinite Loop')	<3.0.3-r3
H NULL Pointer Dereference	<3.0.3-r4
M Resource Exhaustion	<3.0.3-r4
M Improper Validation of Integrity Check Value	<3.0.3-r1
H CVE-2023-47108	<3.0.3-r1
H Allocation of Resources Without Limits or Throttling	<3.0.0-r0
H CVE-2023-44487	<3.0.0-r0

Vulnerability

Vulnerable Version

GHSA-3xc5-wrhm-f963

<4.0.5-r2