{"id":20102934,"url":"https://github.com/stackrox/k8s-cves","last_synced_at":"2025-05-06T08:31:02.591Z","repository":{"id":57661311,"uuid":"304726365","full_name":"stackrox/k8s-cves","owner":"stackrox","description":"Curated repo of Kubernetes CVEs","archived":false,"fork":false,"pushed_at":"2024-05-29T17:04:49.000Z","size":96,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-06-21T16:50:21.151Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stackrox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-10-16T19:57:36.000Z","updated_at":"2023-11-17T19:41:34.000Z","dependencies_parsed_at":"2024-04-18T23:23:59.501Z","dependency_job_id":"e5ee72d6-977f-4372-a36f-9d870112031e","html_url":"https://github.com/stackrox/k8s-cves","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackrox%2Fk8s-cves","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackrox%2Fk8s-cves/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackrox%2Fk8s-cves/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stackrox%2Fk8s-cves/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stackrox","download_url":"https://codeload.github.com/stackrox/k8s-cves/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224495986,"owners_count":17321026,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T17:33:43.526Z","updated_at":"2024-11-13T17:33:44.133Z","avatar_url":"https://github.com/stackrox.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# k8s-cves\n\nThis repository is meant to be a single source of truth for\nKubernetes-related CVEs. The data gathered here is meant to be as up-to-date\nas possible. Currently, the data comes from a combination of:\n\n* NVD\n* Kubernetes GitHub issues\n* Announcements from [kubernetes-security-announce](https://groups.google.com/g/kubernetes-security-announce)\n\nThough this repository is meant to be a single source of truth,\nthere may be mistakes. We try to keep everything as accurate and up-to-date\nas possible, but it is possible for things to fall through the cracks,\nor data to be input incorrectly. If you find any incorrect data, please feel free\nto make a pull request, and we will review it.\n\n## YAML Format\n\n```yaml\ncve: 'CVEID (ex: CVE-2019-16276)'\nurl: Alternate URL for the vulnerability. This will typically be a link to NVD.\nissueUrl: URL to the relevant Issue/Pull Request in the Kubernetes GitHub repository\npublished: 'Date CVE was first published publicly (ex: 2006-01-02)'\ndescription: CVE description\ncomponents:\n  # list of affected components\n  # ex:\n  - kubelet\n  - kube-proxy\ncvss:\n  nvd:\n    scoreV2: NVD V2 score\n    vectorV2: NVD V2 vector\n    scoreV3: NVD V3 score\n    vectorV3: NVD V3 vector\n  kubernetes:\n    scoreV3: Kubernetes V3 score\n    vectorV3: Kubernetes V3 vector\naffected:\n  # list of version constraints affected by the vulnerability\n  # with corresponding fix version, if it exists.\n  # ranges should be in order from oldest to newest.\n  #\n  # Constraints adhere to https://github.com/hashicorp/go-version.\n  # ex:\n  - range: \"\u003c 1.14.8\"\n    fixedBy: \"1.14.8\"\n  - range: \"\u003e= 1.15.0, \u003c= 1.15.4\"\n    fixedBy: \"1.15.5\"\n  - range: \"\u003e= 1.16, \u003c 1.16.0\"\n    fixedBy: \"1.16.1\"\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackrox%2Fk8s-cves","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstackrox%2Fk8s-cves","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackrox%2Fk8s-cves/lists"}