VYPR

Go modules package

github.com/devtron-labs/devtron

pkg:golang/github.com/devtron-labs/devtron

Vulnerabilities (2)

  • CVE-2026-25538Feb 4, 2026
    affected <= 2.0.0

    Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user (including low-privileged CI/CD Developers) to obtain the global API Token signing key by

  • CVE-2024-45794Nov 7, 2024
    affected < 0.7.2fixed 0.7.2

    devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user (with minimum permission) could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API (/orchestrator/user). This issue has