pulumi | Snyk

Direct Vulnerabilities

Known vulnerabilities in the pulumi package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-fx83-v9x8-x52w	<3.237.0-r1
L Uncontrolled Recursion	<3.237.0-r1
L GHSA-75px-5xx7-5xc7	<3.237.0-r1
L GHSA-v2v4-37r5-5v8g	<3.237.0-r1
L GHSA-66ff-xgx4-vchm	<3.237.0-r1
L Improper Handling of Unicode Encoding	<3.237.0-r1
L Improper Input Validation	<3.237.0-r1
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<3.237.0-r1
L Cross-site Scripting (XSS)	<3.237.0-r1
L GHSA-685m-2w69-288q	<3.237.0-r1
L GHSA-2pr8-phx7-x9h3	<3.237.0-r1
L GHSA-q6x5-8v7m-xcrf	<3.237.0-r1
H Arbitrary Code Injection	<3.237.0-r1
L Arbitrary Code Injection	<3.237.0-r1
L GHSA-jvwf-75h9-cwgg	<3.237.0-r1
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<3.237.0-r1
H Insufficiently Protected Credentials	<3.229.0-r5
L GHSA-xmrv-pmrh-hhx2	<3.229.0-r6
H Untrusted Search Path	<3.229.0-r7
L GHSA-hfvc-g4fc-pqhx	<3.229.0-r7
C Arbitrary Code Injection	<3.229.0-r5
L GHSA-xq3m-2v4x-88gg	<3.229.0-r5
L GHSA-3xc5-wrhm-f963	<3.229.0-r5
L GHSA-x4jj-h2v8-hqqv	<3.229.0-r4
L GHSA-gjvh-7jh8-7xhm	<3.229.0-r4
L GHSA-m4pr-4j3g-9v7v	<3.229.0-r4
H Improper Certificate Validation	<3.229.0-r4
L CVE-2026-32280	<3.229.0-r4
H Allocation of Resources Without Limits or Throttling	<3.229.0-r4
L GHSA-jrg3-gfjw-hm96	<3.229.0-r4
H Incorrect Authorization	<3.229.0-r4
L GHSA-5w89-2c2x-6x66	<3.229.0-r4
M Allocation of Resources Without Limits or Throttling	<3.229.0-r4
L GHSA-7mr4-xjxg-34g6	<3.229.0-r4
M Cross-site Scripting (XSS)	<3.229.0-r4
L GHSA-f886-m6hf-6m8v	<3.229.0-r3
H Resource Exhaustion	<3.229.0-r3
L Improper Validation of Array Index	<3.229.0-r2
L Integer Underflow	<3.229.0-r2
L GHSA-gm2x-2g9h-ccm8	<3.229.0-r2
L GHSA-jhf3-xxhw-2wpp	<3.229.0-r2
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<3.229.0-r0
L GHSA-c2c7-rcm5-vvqj	<3.229.0-r0
L Inefficient Regular Expression Complexity	<3.229.0-r0
L GHSA-78h2-9frx-2jm8	<3.229.0-r1
L GHSA-3v7f-55p6-f55p	<3.229.0-r0
L Uncaught Exception	<3.229.0-r1
L GHSA-p77j-4mvh-x3m3	<3.227.0-r0
L Improper Authorization	<3.227.0-r0
L GHSA-8fj7-8h3w-xwfm	<3.224.0-r2
L Cross-site Scripting (XSS)	<3.224.0-r2
L GHSA-rv83-g57w-fr8j	<3.224.0-r2
L CVE-2026-27141	<3.224.0-r2
L GHSA-j4j7-vw47-rhfq	<3.224.0-r2
M Directory Traversal	<3.224.0-r2
L Direct Request ('Forced Browsing')	<3.224.0-r2
L GHSA-qffp-2rhf-9h96	<3.224.0-r2
M Directory Traversal	<3.224.0-r2
L Directory Traversal	<3.224.0-r2
L GHSA-j3gx-2473-5fp8	<3.224.0-r2
L GHSA-9ppj-qmqm-q256	<3.224.0-r2
H Directory Traversal	<3.223.0-r1
L GHSA-vvgc-356p-c3xw	<3.163.0-r1
L GHSA-3ppc-4f35-3m26	<3.223.0-r1
L GHSA-v6h2-p8h4-qcjw	<3.176.0-r0
L GHSA-hcg3-q754-cr77	<3.155.0-r1
L GHSA-2mj3-vfvx-fc43	<3.142.0-r1
L GHSA-w32m-9786-jp63	<3.143.0-r1
L GHSA-8qq5-rm4j-mr97	<3.215.0-r1
L CVE-2024-45338	<3.143.0-r1
L CVE-2024-36623	<3.142.0-r1
L CVE-2025-22869	<3.155.0-r1
L GHSA-q59j-vv4j-v33c	<3.142.0-r1
M Directory Traversal	<3.215.0-r1
L CVE-2025-22872	<3.163.0-r1
L GHSA-gh5c-3h97-2f3q	<3.142.0-r1
L Directory Traversal	<3.217.1-r2
L GHSA-7h2j-956f-4vf2	<3.217.1-r2
L GHSA-83g3-92jg-28cx	<3.223.0-r1
H Inefficient Regular Expression Complexity	<3.223.0-r1
L Allocation of Resources Without Limits or Throttling	<3.153.0-r1
L Resource Exhaustion	<3.176.0-r0
L Improper Validation of Specified Type of Input	<3.176.0-r0
L CVE-2024-45339	<3.147.0-r2
L CVE-2024-36621	<3.142.0-r1
L GHSA-6wxm-mpqj-6jpf	<3.147.0-r2
L GHSA-c6gw-w398-hv78	<3.153.0-r1
L GHSA-2x5j-vhc8-9cwm	<3.176.0-r0
L CVE-2024-36620	<3.142.0-r1
L GHSA-23c5-xmqv-rm74	<3.224.0-r1
M Improper Handling of Unicode Encoding	<3.215.0-r1
L Inefficient Regular Expression Complexity	<3.224.0-r1
L OS Command Injection	<3.209.0-r0
L GHSA-r6q2-hw4h-h46w	<3.215.0-r1
L GHSA-v778-237x-gjrc	<3.143.0-r0
L GHSA-5j98-mcp5-4vw2	<3.209.0-r0
L CVE-2025-22870	<3.156.0-r1
L CVE-2024-34155	<3.132.0-r0
L GHSA-8xfx-rj4p-23jm	<3.132.0-r0
L Resource Exhaustion	<3.145.0-r0
L GHSA-r9px-m959-cxf4	<3.145.0-r0
L CVE-2025-22868	<3.156.0-r1
L CVE-2024-45337	<3.143.0-r0
M Improper Validation of Integrity Check Value	<3.220.0-r0
L GHSA-mh29-5h37-fv8m	<3.209.0-r0
L Asymmetric Resource Consumption (Amplification)	<3.157.0-r1
L Algorithmic Complexity	<3.224.0-r1
L CVE-2025-22866	<3.149.0-r0
L GHSA-7r86-cg39-jmmj	<3.224.0-r1
L CVE-2024-34156	<3.132.0-r0
L CVE-2024-34158	<3.132.0-r0
L GHSA-3whm-j4xm-rv8x	<3.149.0-r0
L GHSA-37cx-329c-33x3	<3.220.0-r0
L GHSA-j7vj-rw65-4v26	<3.132.0-r0
L GHSA-crqm-pwhx-j97f	<3.132.0-r0
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<3.209.0-r0
L GHSA-mh63-6h87-95cp	<3.157.0-r1
L GHSA-q9hv-hpm4-hj6x	<3.224.0-r0
L Inefficient Regular Expression Complexity	<3.217.1-r2
L Arbitrary Argument Injection	<3.145.0-r0
L GHSA-6v2p-p543-phr9	<3.156.0-r1
L GHSA-34x7-hfp2-rc4v	<3.217.1-r2
C CVE-2026-1229	<3.224.0-r0
L GHSA-qxp5-gwg8-xv66	<3.156.0-r1
L GHSA-v725-9546-7q7m	<3.145.0-r0
L CVE-2024-24791	<3.122.0-r1
M Information Exposure Through Log Files	<3.121.0-r1
M Race Condition	<3.119.0-r1
L CVE-2023-45288	<3.112.0-r1
L CVE-2024-24786	<3.110.0-r1
L CVE-2024-24783	<3.103.1-r3
L CVE-2024-24784	<3.103.1-r3
L CVE-2024-24785	<3.103.1-r3
L CVE-2023-45289	<3.103.1-r3
L CVE-2023-45290	<3.103.1-r3
H Origin Validation Error	<3.103.1-r2
H CVE-2023-49568	<3.99.0-r2
M Improper Validation of Integrity Check Value	<3.99.0-r1
M Cross-site Scripting (XSS)	<3.88.1-r1
H Allocation of Resources Without Limits or Throttling	<3.88.1-r1
H CVE-2023-44487	<3.91.1-r1

Vulnerability

Vulnerable Version

GHSA-fx83-v9x8-x52w

<3.237.0-r1