Skip to main content

Helm Charts

8 CVEs product

Monthly

CVE-2026-45132 CRITICAL Act Now

Credential exposure in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows attackers to steal a Personal Access Token and SSH signing key by submitting a malicious pull request that the vulnerable GitHub Actions workflow checks out and executes with privileged secrets. The repository's generate-schema.yaml workflow used unsafe pull_request_target patterns combined with checkout of fork-controlled code, enabling code injection into a privileged CI context. No public exploit identified at time of analysis, but the attack pattern is well-documented for this class of GitHub Actions misconfiguration.

RCE Code Injection Helm Charts
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-24851 Go HIGH PATCH This Week

Improper policy enforcement in OpenFGA versions 1.8.5 through 1.11.2 (and corresponding Helm Chart and Docker releases) allows authenticated users to bypass authorization checks through specially crafted tuple configurations that mix type-bound public and non-public access policies. An attacker with valid credentials can exploit mismatched tuple assignments to gain unauthorized access to protected resources by leveraging lexicographic object ID ordering in the authorization engine. No patch is currently available.

Docker Openfga Helm Charts Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-64751 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Google Authentication Bypass Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-55213 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Google Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-48371 Go MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Docker Helm Charts Openfga Suse
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-46331 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.3%
CVE-2025-25196 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.3%
CVE-2024-56323 Go MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Authentication Bypass Helm Charts Openfga Suse
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
EPSS 0% CVSS 10.0
CRITICAL Act Now

Credential exposure in CloudPirates Open Source Helm Charts (prior to commit fcf9302) allows attackers to steal a Personal Access Token and SSH signing key by submitting a malicious pull request that the vulnerable GitHub Actions workflow checks out and executes with privileged secrets. The repository's generate-schema.yaml workflow used unsafe pull_request_target patterns combined with checkout of fork-controlled code, enabling code injection into a privileged CI context. No public exploit identified at time of analysis, but the attack pattern is well-documented for this class of GitHub Actions misconfiguration.

RCE Code Injection Helm Charts
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Improper policy enforcement in OpenFGA versions 1.8.5 through 1.11.2 (and corresponding Helm Chart and Docker releases) allows authenticated users to bypass authorization checks through specially crafted tuple configurations that mix type-bound public and non-public access policies. An attacker with valid credentials can exploit mismatched tuple assignments to gain unauthorized access to protected resources by leveraging lexicographic object ID ordering in the authorization engine. No patch is currently available.

Docker Openfga Helm Charts +2
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Google Authentication Bypass +3
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Google +3
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Docker Helm Charts +2
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker +3
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker +3
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Authentication Bypass Helm Charts +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy