openshift | Snyk

Direct Vulnerabilities

Known vulnerabilities in the openshift package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Allocation of Resources Without Limits or Throttling	*
L Improper Validation of Specified Quantity in Input	*
H Incorrect Behavior Order: Authorization Before Parsing and Canonicalization	*
M NULL Pointer Dereference	*
H Improper Certificate Validation	*
H Improper Validation of Syntactic Correctness of Input	*
M Allocation of Resources Without Limits or Throttling	*
M Resource Exhaustion	*
M CVE-2025-68121	*
M Directory Traversal	*
M Improper Validation of Integrity Check Value	*
H Allocation of Resources Without Limits or Throttling	*
M Allocation of Resources Without Limits or Throttling	*
M Allocation of Resources Without Limits or Throttling	*
M Improper Certificate Validation	*
H Excessive Platform Resource Consumption within a Loop	*
L CVE-2025-58186	*
M Out-of-bounds Read	*
M Server-Side Request Forgery (SSRF)	*
M Resource Exhaustion	*
M Missing Reference to Active Allocated Resource	*
H Incorrect Execution-Assigned Permissions	*
M Reachable Assertion	*
M Creation of Immutable Text Using String Concatenation	*
M Allocation of Resources Without Limits or Throttling	*
M Allocation of Resources Without Limits or Throttling	*
M Allocation of Resources Without Limits or Throttling	*
M Allocation of Resources Without Limits or Throttling	*
M Improper Output Neutralization for Logs	*
M Expected Behavior Violation	*
M Information Exposure	*
M Expected Behavior Violation	*
M Missing Authentication for Critical Function	*
M Time-of-check Time-of-use (TOCTOU)	*
M CVE-2025-4673	*
L Incorrect Authorization	*
M Cross-site Scripting (XSS)	*
M HTTP Request Smuggling	*
L Incorrect Authorization	*
L Incorrect Authorization	*
L Race Condition	*
M Improper Input Validation	*
M Resource Exhaustion	*
M Information Exposure	*
L Improper Verification of Cryptographic Signature	*
M OS Command Injection	*
H Allocation of Resources Without Limits or Throttling	*
L Improper Handling of Exceptional Conditions	*
H Information Exposure	*
M Use of Uninitialized Variable	*
M Improper Input Validation	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
L Information Exposure	*
H Resource Exhaustion	*
M Improper Handling of Highly Compressed Data (Data Amplification)	*
M Improper Certificate Validation	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Misinterpretation of Input	*
M Arbitrary Code Injection	*
M Improper Input Validation	*
M Information Exposure	*
H Improper Input Validation	*
M Truncation of Security-relevant Information	*
M Information Exposure	*
M Resource Exhaustion	*
M Allocation of Resources Without Limits or Throttling	*
H Resource Exhaustion	*
H Resource Exhaustion	*
L Incorrect Authorization	*
M Buffer Access with Incorrect Length Value	*
M Cross-site Scripting (XSS)	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M HTTP Response Splitting	*
M CVE-2023-2728	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Resource Exhaustion	*
M Arbitrary Code Injection	*
M Resource Exhaustion	*
M Improper Input Validation	<0:3.0.2.0-0.git.38.7576bc5.el7ose
H Missing Authorization	<0:3.0.1.0-1.git.527.f8d5fed.el7ose
M Directory Traversal	<0:3.0.2.0-0.git.20.656dc3e.el7ose
M Improper Input Validation	<0:3.0.1.0-1.git.529.dcab62c.el7ose
M Incorrect Default Permissions	*
C Authentication Bypass by Primary Weakness	*
M Improper Authorization	<0:3.0.2.0-0.git.45.423f434.el7ose
M Improper Authorization	<0:3.0.2.0-0.git.45.423f434.el7ose
H Out-of-bounds Write	*
M Improper Input Validation	*
L Arbitrary Code Injection	*
M Insecure Default Variable Initialization	*
L Improper Restriction of Rendered UI Layers or Frames	*
L Improper Initialization	*
M Directory Traversal	*
H Authorization Bypass Through User-Controlled Key	*
M Improper Certificate Validation	*
L Improper Preservation of Permissions	*
L Inappropriate Encoding for Output Context	*
L Time-of-check Time-of-use (TOCTOU)	*
L Improper Access Control	*
M OS Command Injection	*
M Insufficiently Protected Credentials	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
L Placement of User into Incorrect Group	*
M Algorithmic Complexity	*
M CVE-2022-41715	*
M HTTP Request Smuggling	*
M Directory Traversal	*
M Resource Exhaustion	*
L Resource Exhaustion	*
M Improperly Controlled Sequential Memory Allocation	*
M Out-of-bounds Read	*
L Insufficient Entropy	*
M Missing Release of Resource after Effective Lifetime	*
M Use of a Broken or Risky Cryptographic Algorithm	*
M Integer Overflow or Wraparound	*
M Improper Input Validation	*
L External Control of File Name or Path	*
L Resource Exhaustion	*
L NULL Pointer Dereference	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling