VYPR

Go modules package

github.com/tektoncd/pipeline

pkg:golang/github.com/tektoncd/pipeline

Vulnerabilities (6)

  • CVE-2026-40924MedApr 21, 2026
    affected < 1.11.1fixed 1.11.1

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body size

  • CVE-2026-40923MedApr 21, 2026
    affected < 1.11.1fixed 1.11.1

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted /tek

  • CVE-2026-25542MedApr 21, 2026
    affected >= 0.43.0, < 1.11.0fixed 1.11.0

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string (refSource.URI) against spec.

  • CVE-2026-33211Mar 23, 2026
    affected >= 1.0.0, < 1.0.1fixed 1.0.1

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git resolver is vulnerable to path traversal via the `pathInRepo` parameter. A t

  • CVE-2026-33022Mar 20, 2026
    affected >= 0.60.0, < 1.0.1fixed 1.0.1

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Versions 0.60.0 through 1.0.0, 1.1.0 through 1.3.2, 1.4.0 through 1.6.0, 1.7.0 through 1.9.0, 1.10.0, and 1.10.1 have a denial-of-service vulnerability in that allows any user who can creat

  • CVE-2023-37264Jul 7, 2023
    affected >= 0.35.0, <= 0.52.0

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will ac