VYPR

apk package

chainguard/tekton-pipelines-controller-1.6

pkg:apk/chainguard/tekton-pipelines-controller-1.6

Vulnerabilities (24)

  • CVE-2025-61731Jan 28, 2026
    affected < 1.6.0-r2fixed 1.6.0-r2

    Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can

  • CVE-2025-68119Jan 28, 2026
    affected < 1.6.0-r2fixed 1.6.0-r2

    Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are

  • CVE-2026-24137MedJan 23, 2026
    affected < 1.6.0-r2fixed 1.6.0-r2

    sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target na

  • CVE-2023-37264Jul 7, 2023
    affected < 0fixed 0

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will ac

Page 2 of 2