kubeflow-pipelines-frontend

Direct Vulnerabilities

Known vulnerabilities in the kubeflow-pipelines-frontend package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Improper Encoding or Escaping of Output

<2.17.0-r0
  • H
Resource Exhaustion

<2.17.0-r0
  • M
HTTP Response Splitting

<2.17.0-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.17.0-r0
  • L
Permissive Whitelist

<2.17.0-r0
  • L
CVE-2026-3449

<2.17.0-r0
  • L
Allocation of Resources Without Limits or Throttling

<2.17.0-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.17.0-r0
  • H
Out-of-bounds Write

<2.17.0-r0
  • M
Improper Authentication

<2.17.0-r0
  • L
Allocation of Resources Without Limits or Throttling

<2.17.0-r0
  • H
Uncontrolled Recursion

<2.17.0-r0
  • M
Cross-site Scripting (XSS)

<2.17.0-r0
  • H
Buffer Overflow

<2.17.0-r0
  • L
External Control of File Name or Path

<2.17.0-r0
  • L
Improper Input Validation

<2.17.0-r0
  • L
Improper Validation of Specified Quantity in Input

<2.17.0-r0
  • L
XML Injection

<2.17.0-r0
  • L
Cross-site Scripting (XSS)

<2.17.0-r0
  • L
CVE-2026-8723

<2.17.0-r0
  • L
GHSA-r4q5-vmmm-2653

<2.17.0-r0
  • M
Directory Traversal

<2.17.0-r0
  • L
CRLF Injection

<2.17.0-r0
  • M
CVE-2026-2950

<2.17.0-r0
  • L
Algorithmic Complexity

<2.17.0-r0
  • H
Server-Side Request Forgery (SSRF)

<2.17.0-r0
  • H
Use of Uninitialized Resource

<2.17.0-r0
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

<2.17.0-r0
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<2.17.0-r0
  • L
Incorrect Regular Expression

<2.17.0-r0
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

<2.17.0-r0
  • L
Server-Side Request Forgery (SSRF)

*
  • L
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<2.17.0-r0
  • C
Directory Traversal

<2.17.0-r0
  • L
Algorithmic Complexity

<2.17.0-r0
  • L
Allocation of Resources Without Limits or Throttling

<2.17.0-r0
  • C
CVE-2026-4800

<2.17.0-r0
  • H
Inefficient Regular Expression Complexity

<2.17.0-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.17.0-r0
  • L
Arbitrary Code Injection

<2.17.0-r0
  • L
CVE-2026-4867

<2.17.0-r0
  • L
Improper Verification of Cryptographic Signature

<2.17.0-r0
  • L
Inefficient Regular Expression Complexity

<2.17.0-r0
  • L
Improper Input Validation

<2.17.0-r0
  • L
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<2.17.0-r0
  • L
Information Exposure

<2.17.0-r0
  • H
Information Exposure

<2.17.0-r0
  • L
Improper Input Validation

<2.17.0-r0
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

<2.17.0-r0
  • C
Permissive Whitelist

<2.17.0-r0
  • L
Resource Exhaustion

<2.17.0-r0
  • L
Inefficient Regular Expression Complexity

<2.17.0-r0
  • C
Improper Certificate Validation

<2.17.0-r0
  • L
CVE-2026-12143

<2.17.0-r0
  • L
HTTP Response Splitting

<2.17.0-r0
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.17.0-r0