VYPR

Tekton Pipelines

by Linux Foundation

Source repositories

CVEs (5)

  • CVE-2026-40161HigApr 21, 2026
    risk 0.43cvss 7.7epss 0.00

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the Tekton Pipelines git resolver in API mode sends the system-configured Git API token to a…

  • CVE-2026-40938HigApr 21, 2026
    risk 0.42cvss 7.5epss 0.01

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the git resolver's revision parameter is passed directly as a positional argument to git fetch…

  • CVE-2026-40924MedApr 21, 2026
    risk 0.35cvss 6.5epss 0.00

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response body…

  • CVE-2026-25542MedApr 21, 2026
    risk 0.35cvss 6.5epss 0.00

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string (refSource.URI) against…

  • CVE-2026-40923MedApr 21, 2026
    risk 0.28cvss 5.4epss 0.00

    Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, a validation bypass in the VolumeMount path restriction allows mounting volumes under restricted…