keda-2.17-metrics-apiserver

Direct Vulnerabilities

Known vulnerabilities in the keda-2.17-metrics-apiserver package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Uncontrolled Memory Allocation

*
  • L
CVE-2026-2303

*
  • L
Improper Restriction of Rendered UI Layers or Frames

*
  • L
CVE-2026-42507

*
  • L
Improper Restriction of Rendered UI Layers or Frames

*
  • L
Deserialization of Untrusted Data

*
  • L
Incorrect Type Conversion or Cast

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

<2.17.2-r1
  • L
Missing Authorization

*
  • L
CVE-2026-39821

*
  • L
CVE-2026-46598

*
  • L
CVE-2026-39824

*
  • L
Improper Enforcement of Message Integrity During Transmission in a Communication Channel

*
  • L
Improper Restriction of Rendered UI Layers or Frames

*
  • L
Improper Certificate Validation

*
  • L
CVE-2026-46595

*
  • L
Missing Authorization

*
  • L
Improper Certificate Validation

*
  • L
Out-of-Bounds

*
  • L
Resource Exhaustion

*
  • L
CVE-2026-27145

*
  • M
CVE-2025-47911

<2.17.2-r1
  • L
CVE-2026-33815

*
  • L
Reachable Assertion

<2.17.2-r1
  • L
Cross-site Scripting (XSS)

*
  • L
CVE-2026-42504

*
  • L
Integer Overflow or Wraparound

*
  • L
Improper Verification of Cryptographic Signature

*
  • L
Improper Certificate Validation

*
  • M
Out-of-bounds Write

*
  • H
NULL Pointer Dereference

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • M
Link Following

*
  • H
Double Free

*
  • L
CVE-2026-42501

*
  • L
CVE-2026-39825

*
  • L
CVE-2026-42499

*
  • L
Cross-site Scripting (XSS)

*
  • L
Improper Encoding or Escaping of Output

*
  • L
Resource Exhaustion

*
  • L
GHSA-fw8g-cg8f-9j28

*
  • L
Information Exposure

*
  • M
Cross-site Scripting (XSS)

*
  • L
GHSA-xmrv-pmrh-hhx2

*
  • L
CVE-2026-33816

*
  • C
SQL Injection

*
  • L
Allocation of Resources Without Limits or Throttling

<2.17.3-r10
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<2.17.3-r9
  • C
CVE-2026-27143

<2.17.3-r9
  • H
Improper Certificate Validation

<2.17.3-r9
  • M
Allocation of Resources Without Limits or Throttling

<2.17.3-r9
  • M
Link Following

<2.17.3-r9
  • H
Incorrect Authorization

<2.17.3-r9
  • M
Cross-site Scripting (XSS)

<2.17.3-r9
  • H
Allocation of Resources Without Limits or Throttling

<2.17.3-r9
  • L
CVE-2026-32280

<2.17.3-r9
  • H
Improper Certificate Validation

<2.17.3-r9
  • L
Uncontrolled Memory Allocation

<2.17.3-r10
  • H
Untrusted Search Path

<2.17.3-r10
  • L
Uncaught Exception

<2.17.3-r8
  • L
Improper Authorization

<2.17.3-r7
  • L
Improper Certificate Validation

<2.17.3-r6
  • L
Improper Certificate Validation

<2.17.3-r6
  • L
Directory Traversal

<2.17.3-r6
  • L
Cross-site Scripting (XSS)

<2.17.3-r6
  • L
Direct Request ('Forced Browsing')

<2.17.3-r6
  • L
Untrusted Search Path

<2.17.3-r5
  • L
Improper Initialization

<2.17.3-r4
  • C
CVE-2025-68121

<2.17.3-r3
  • L
CVE-2025-61732

<2.17.3-r3
  • L
Allocation of Resources Without Limits or Throttling

<2.17.3-r2
  • L
Allocation of Resources Without Limits or Throttling

<2.17.3-r2
  • L
Out-of-bounds Write

<2.17.3-r2
  • L
CVE-2025-61731

<2.17.3-r2
  • L
CVE-2025-61730

<2.17.3-r2
  • L
Allocation of Resources Without Limits or Throttling

<2.17.3-r1
  • L
Improper Certificate Validation

<2.17.2-r2
  • L
Improper Certificate Validation

<2.17.2-r2
  • L
CVE-2025-47914

<2.17.2-r1
  • L
CVE-2025-58181

<2.17.2-r1