Homepage

pulumi vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the pulumi package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GHSA-p77j-4mvh-x3m3

<3.227.0-r0
  • L
Improper Authorization

<3.227.0-r0
  • L
GHSA-8fj7-8h3w-xwfm

<3.224.0-r2
  • L
CVE-2026-27142

<3.224.0-r2
  • L
GHSA-rv83-g57w-fr8j

<3.224.0-r2
  • L
CVE-2026-27141

<3.224.0-r2
  • L
GHSA-j4j7-vw47-rhfq

<3.224.0-r2
  • M
Directory Traversal

<3.224.0-r2
  • L
CVE-2026-25679

<3.224.0-r2
  • L
GHSA-qffp-2rhf-9h96

<3.224.0-r2
  • M
Directory Traversal

<3.224.0-r2
  • L
CVE-2026-27139

<3.224.0-r2
  • L
GHSA-j3gx-2473-5fp8

<3.224.0-r2
  • L
GHSA-9ppj-qmqm-q256

<3.224.0-r2
  • H
Directory Traversal

<3.223.0-r1
  • L
GHSA-vvgc-356p-c3xw

<3.163.0-r1
  • L
GHSA-3ppc-4f35-3m26

<3.223.0-r1
  • L
GHSA-v6h2-p8h4-qcjw

<3.176.0-r0
  • L
GHSA-hcg3-q754-cr77

<3.155.0-r1
  • L
GHSA-2mj3-vfvx-fc43

<3.142.0-r1
  • L
GHSA-w32m-9786-jp63

<3.143.0-r1
  • L
GHSA-8qq5-rm4j-mr97

<3.215.0-r1
  • L
CVE-2024-45338

<3.143.0-r1
  • L
CVE-2024-36623

<3.142.0-r1
  • L
CVE-2025-22869

<3.155.0-r1
  • L
GHSA-q59j-vv4j-v33c

<3.142.0-r1
  • M
Directory Traversal

<3.215.0-r1
  • L
CVE-2025-22872

<3.163.0-r1
  • L
GHSA-gh5c-3h97-2f3q

<3.142.0-r1
  • L
Directory Traversal

<3.217.1-r2
  • L
GHSA-7h2j-956f-4vf2

<3.217.1-r2
  • L
GHSA-83g3-92jg-28cx

<3.223.0-r1
  • H
Inefficient Regular Expression Complexity

<3.223.0-r1
  • L
Allocation of Resources Without Limits or Throttling

<3.153.0-r1
  • L
Resource Exhaustion

<3.176.0-r0
  • L
Improper Validation of Specified Type of Input

<3.176.0-r0
  • L
CVE-2024-45339

<3.147.0-r2
  • L
CVE-2024-36621

<3.142.0-r1
  • L
GHSA-6wxm-mpqj-6jpf

<3.147.0-r2
  • L
GHSA-c6gw-w398-hv78

<3.153.0-r1
  • L
GHSA-2x5j-vhc8-9cwm

<3.176.0-r0
  • L
CVE-2024-36620

<3.142.0-r1
  • L
GHSA-23c5-xmqv-rm74

<3.224.0-r1
  • M
Improper Handling of Unicode Encoding

<3.215.0-r1
  • L
Inefficient Regular Expression Complexity

<3.224.0-r1
  • L
OS Command Injection

<3.209.0-r0
  • L
GHSA-r6q2-hw4h-h46w

<3.215.0-r1
  • L
GHSA-v778-237x-gjrc

<3.143.0-r0
  • L
GHSA-5j98-mcp5-4vw2

<3.209.0-r0
  • L
CVE-2025-22870

<3.156.0-r1
  • L
CVE-2024-34155

<3.132.0-r0
  • L
GHSA-8xfx-rj4p-23jm

<3.132.0-r0
  • L
Resource Exhaustion

<3.145.0-r0
  • L
GHSA-r9px-m959-cxf4

<3.145.0-r0
  • L
CVE-2025-22868

<3.156.0-r1
  • L
CVE-2024-45337

<3.143.0-r0
  • M
Improper Validation of Integrity Check Value

<3.220.0-r0
  • L
GHSA-mh29-5h37-fv8m

<3.209.0-r0
  • L
Asymmetric Resource Consumption (Amplification)

<3.157.0-r1
  • L
Algorithmic Complexity

<3.224.0-r1
  • L
CVE-2025-22866

<3.149.0-r0
  • L
GHSA-7r86-cg39-jmmj

<3.224.0-r1
  • L
CVE-2024-34156

<3.132.0-r0
  • L
CVE-2024-34158

<3.132.0-r0
  • L
GHSA-3whm-j4xm-rv8x

<3.149.0-r0
  • L
GHSA-37cx-329c-33x3

<3.220.0-r0
  • L
GHSA-j7vj-rw65-4v26

<3.132.0-r0
  • L
GHSA-crqm-pwhx-j97f

<3.132.0-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<3.209.0-r0
  • L
GHSA-mh63-6h87-95cp

<3.157.0-r1
  • L
GHSA-q9hv-hpm4-hj6x

<3.224.0-r0
  • L
Inefficient Regular Expression Complexity

<3.217.1-r2
  • L
Arbitrary Argument Injection

<3.145.0-r0
  • L
GHSA-6v2p-p543-phr9

<3.156.0-r1
  • L
GHSA-34x7-hfp2-rc4v

<3.217.1-r2
  • C
CVE-2026-1229

<3.224.0-r0
  • L
GHSA-qxp5-gwg8-xv66

<3.156.0-r1
  • L
GHSA-v725-9546-7q7m

<3.145.0-r0
  • L
CVE-2024-24791

<3.122.0-r1
  • L
GHSA-hw49-2p59-3mhj

<3.122.0-r1
  • L
GHSA-v6v8-xj6m-xwqh

<3.121.0-r1
  • M
Information Exposure Through Log Files

<3.121.0-r1
  • M
Race Condition

<3.119.0-r1
  • L
GHSA-m5vv-6r4h-3vj9

<3.119.0-r1
  • L
GHSA-4v7x-pqxf-cx7m

<3.112.0-r1
  • L
CVE-2023-45288

<3.112.0-r1
  • L
CVE-2024-24786

<3.110.0-r1
  • L
GHSA-8r3f-844c-mc37

<3.110.0-r1
  • L
CVE-2024-24783

<3.103.1-r3
  • L
CVE-2024-24784

<3.103.1-r3
  • L
GHSA-32ch-6x54-q4h9

<3.103.1-r3
  • L
CVE-2024-24785

<3.103.1-r3
  • L
GHSA-j6m3-gc37-6r6q

<3.103.1-r3
  • L
CVE-2023-45289

<3.103.1-r3
  • L
GHSA-3q2c-pvp5-3cqp

<3.103.1-r3
  • L
GHSA-rr6r-cfgf-gc6h

<3.103.1-r3
  • L
CVE-2023-45290

<3.103.1-r3
  • L
GHSA-fgq5-q76c-gx78

<3.103.1-r3
  • L
GHSA-xw73-rw38-6vjc

<3.103.1-r2
  • H
Origin Validation Error

<3.103.1-r2
  • L
GHSA-9763-4f94-gfch

<3.101.1-r1
  • L
GHSA-mw99-9chc-xw7r

<3.99.0-r2
  • H
CVE-2023-49568

<3.99.0-r2
  • L
GHSA-45x7-px36-x8w8

<3.99.0-r1
  • M
Improper Validation of Integrity Check Value

<3.99.0-r1
  • L
GHSA-2wrh-6pvc-2jm9

<3.88.1-r1
  • L
GHSA-4374-p667-p6c8

<3.88.1-r1
  • L
GHSA-qppj-fm5r-hxr3

<3.91.1-r1
  • L
GHSA-m425-mq94-257g

<3.91.1-r1
  • M
Cross-site Scripting (XSS)

<3.88.1-r1
  • H
Allocation of Resources Without Limits or Throttling

<3.88.1-r1
  • H
CVE-2023-44487

<3.91.1-r1