kubeflow-centraldashboard

Direct Vulnerabilities

Known vulnerabilities in the kubeflow-centraldashboard package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-q8qp-cvcw-x6jj	<1.10.0-r21
L Improper Handling of Unicode Encoding	<1.10.0-r21
H Server-Side Request Forgery (SSRF)	<1.10.0-r21
L Improper Encoding or Escaping of Output	<1.10.0-r21
L GHSA-m7pr-hjqh-92cm	<1.10.0-r21
L Permissive Whitelist	<1.10.0-r21
L GHSA-62hf-57xw-28j9	<1.10.0-r21
L GHSA-445q-vr5w-6q77	<1.10.0-r21
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<1.10.0-r21
L Improper Input Validation	<1.10.0-r21
L GHSA-xhjh-pmcv-23jw	<1.10.0-r21
L GHSA-pf86-5x62-jrwf	<1.10.0-r21
L GHSA-jvwf-75h9-cwgg	<1.10.0-r21
L GHSA-75px-5xx7-5xc7	<1.10.0-r21
L GHSA-66ff-xgx4-vchm	<1.10.0-r21
L GHSA-3w6x-2g7m-8v23	<1.10.0-r21
L Uncontrolled Recursion	<1.10.0-r21
L CRLF Injection	<1.10.0-r21
L GHSA-xx6v-rp6x-q39c	<1.10.0-r21
L GHSA-5c9x-8gcm-mpgx	<1.10.0-r21
C Permissive Whitelist	<1.10.0-r21
H Arbitrary Code Injection	<1.10.0-r21
L GHSA-pmwg-cvhr-8vh7	<1.10.0-r21
L Allocation of Resources Without Limits or Throttling	<1.10.0-r21
L Arbitrary Code Injection	<1.10.0-r21
L GHSA-vf2m-468p-8v99	<1.10.0-r21
L HTTP Response Splitting	<1.10.0-r21
H Uncontrolled Recursion	<1.10.0-r21
L GHSA-685m-2w69-288q	<1.10.0-r21
L GHSA-q6x5-8v7m-xcrf	<1.10.0-r21
L Allocation of Resources Without Limits or Throttling	<1.10.0-r21
L GHSA-w9j2-pvgh-6h63	<1.10.0-r21
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<1.10.0-r21
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<1.10.0-r21
L GHSA-2pr8-phx7-x9h3	<1.10.0-r21
C Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<1.10.0-r21
L GHSA-fx83-v9x8-x52w	<1.10.0-r21
M Improper Authentication	<1.10.0-r21
C Improperly Controlled Modification of Dynamically-Determined Object Attributes	<1.10.0-r21
L GHSA-6chq-wfr3-2hj9	<1.10.0-r21
L GHSA-w5hq-g745-h8pq	<1.10.0-r20
H Out-of-bounds Write	<1.10.0-r20
C Arbitrary Code Injection	<1.10.0-r20
L GHSA-xq3m-2v4x-88gg	<1.10.0-r20
L GHSA-3p68-rc4w-qgx5	<1.10.0-r19
L GHSA-fvcv-3m26-pcqx	<1.10.0-r19
C Unintended Proxy or Intermediary ('Confused Deputy')	<1.10.0-r19
M HTTP Response Splitting	<1.10.0-r19
L Resource Exhaustion	<1.10.0-r19
L GHSA-qj83-cq47-w5f8	<1.10.0-r19
L Loop with Unreachable Exit Condition ('Infinite Loop')	<1.10.0-r18
L CVE-2026-4867	<1.10.0-r18
H Resource Exhaustion	<1.10.0-r18
C CVE-2026-4800	<1.10.0-r18
L GHSA-ppp5-5v6c-4jwp	<1.10.0-r18
M CVE-2026-2950	<1.10.0-r18
C Improper Certificate Validation	<1.10.0-r18
L GHSA-f23m-r3pf-42rh	<1.10.0-r18
L GHSA-2328-f5f3-gj25	<1.10.0-r18
L GHSA-37ch-88jc-xwx2	<1.10.0-r18
L GHSA-5m6q-g25r-mvwx	<1.10.0-r18
L GHSA-r5fr-rjxr-66jc	<1.10.0-r18
L GHSA-f886-m6hf-6m8v	<1.10.0-r18
L Improper Input Validation	<1.10.0-r18
L Improper Verification of Cryptographic Signature	<1.10.0-r18
L GHSA-q67f-28xg-22rw	<1.10.0-r18
L GHSA-9ppj-qmqm-q256	<1.10.0-r15
M Directory Traversal	<1.10.0-r15
L Inefficient Regular Expression Complexity	<1.10.0-r13
M Allocation of Resources Without Limits or Throttling	<1.10.0-r13
L GHSA-qpx9-hpmf-5gmw	<1.10.0-r13
L GHSA-23c5-xmqv-rm74	<1.10.0-r13
M Cross-site Scripting (XSS)	<1.9.0-r4
L CVE-2024-47764	<1.9.1-r1
L Allocation of Resources Without Limits or Throttling	<1.10.0-r5
L GHSA-rhx6-c78j-4q9w	<1.9.2-r3
L GHSA-xxjr-mmjv-4gpg	<1.10.0-r10
L GHSA-w7fw-mjwx-w883	<1.10.0-r11
M Directory Traversal	<1.10.0-r10
L GHSA-6rw7-vpxm-498p	<1.10.0-r8
L GHSA-qw6h-vgh9-j6wx	<1.9.0-r4
H Uncontrolled Recursion	<1.10.0-r6
M CVE-2025-13465	<1.10.0-r10
L GHSA-869p-cjfg-cm3x	<1.10.0-r7
L CVE-2025-1302	<1.9.2-r5
L GHSA-m6fv-jmcg-4jfg	<1.9.0-r4
L GHSA-rm8p-cx58-hcvx	<1.10.0-r4
L GHSA-4hjh-wcwx-xvwj	<1.10.0-r5
L GHSA-3ppc-4f35-3m26	<1.10.0-r12
L Improper Check for Unusual or Exceptional Conditions	<1.10.0-r11
M Improper Handling of Unicode Encoding	<1.10.0-r10
M Link Following	<1.10.0-r10
H CVE-2024-45590	<1.9.0-r4
L GHSA-2g4f-4pwh-qvx6	<1.10.0-r12
L CVE-2025-15284	<1.10.0-r8
M Server-Side Request Forgery (SSRF)	<1.9.2-r5
L CVE-2025-7339	<1.10.0-r3
L GHSA-cm22-4g7w-348p	<1.9.0-r4
L GHSA-34x7-hfp2-rc4v	<1.10.0-r10
L CVE-2025-12816	<1.10.0-r6
L CVE-2025-54371	<1.10.0-r4
L GHSA-76c9-3jph-rj3q	<1.10.0-r3
L Directory Traversal	<1.10.0-r10
L GHSA-pxg6-pf52-xh8x	<1.9.1-r1
L Improper Verification of Cryptographic Signature	<1.10.0-r7
L GHSA-9wv6-86v2-598j	<1.9.0-r3
L GHSA-jr5f-v2jv-69x6	<1.9.2-r5
L GHSA-hw8r-x6gr-5gjp	<1.9.2-r5
L Inefficient Regular Expression Complexity	<1.9.0-r3
L GHSA-8qq5-rm4j-mr97	<1.10.0-r10
L GHSA-5gfm-wpxj-wjgq	<1.10.0-r6
M Cross-site Scripting (XSS)	<1.9.0-r4
H Inefficient Regular Expression Complexity	<1.10.0-r12
L Inefficient Regular Expression Complexity	<1.10.0-r12
L GHSA-43fc-jf86-j433	<1.10.0-r11
H CVE-2026-2391	<1.10.0-r11
L GHSA-pppg-cpfq-h7wr	<1.9.2-r4
L Resource Exhaustion	<1.10.0-r1
L CVE-2025-7783	<1.10.0-r10
L GHSA-fjxv-7rqg-78g4	<1.10.0-r10
L GHSA-554w-wpv2-vw27	<1.10.0-r6
L CVE-2024-21534	<1.9.2-r4
L Inefficient Regular Expression Complexity	<1.9.2-r3
L GHSA-qwcr-r2fm-qrc7	<1.9.0-r4
L GHSA-52f5-9888-hmc6	<1.10.0-r10
L GHSA-r6q2-hw4h-h46w	<1.10.0-r10
M Integer Overflow or Wraparound	<1.10.0-r6
L GHSA-v6h2-p8h4-qcjw	<1.10.0-r1
L GHSA-65ch-62r8-g69g	<1.10.0-r6
M Cross-site Scripting (XSS)	<1.9.0-r4
H Server-Side Request Forgery (SSRF)	<1.9.0-r1
L CVE-2024-37168	<1.8.0-r5
L CVE-2024-37890	<1.8.0-r5
H Exposure of Resource to Wrong Sphere	<1.10.0-r19
L GHSA-mxhp-79qh-mcx6	<1.10.0-r19
L CVE-2024-28849	<1.8.0-r3
L CVE-2024-29041	<1.8.0-r3
M Open Redirect	<1.8.0-r1

Vulnerability

Vulnerable Version

GHSA-q8qp-cvcw-x6jj

<1.10.0-r21