Vendor

Hulumi

Products

CVEs

Across products

Status

Private

Products

policies
3 CVEs
baseline
2 CVEs
drift
1 CVE

Recent CVEs

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-48036	Hulumi drift	hig	0.38	—	—	Jun 10, 2026	Affected: `@hulumi/drift` `< 1.4.0` — Fixed in: `1.4.0` — Severity: Medium — CWE-755 (Improper Handling of Exceptional Conditions) #### Summary `@hulumi/drift` runs four adapters that each ask a different question about whether a resource has drifted…
CVE-2026-48035	Hulumi baseline	hig	0.38	—	—	Jun 10, 2026	Affected: `@hulumi/baseline` `< 1.4.0` — Fixed in: `1.4.0` — Severity: High — CWE-1059 (Insufficient Technical Documentation / Behavioral Inconsistency) #### Summary The S3 bucket that `AccountFoundation` creates to receive CloudTrail and AWS Config audit…
CVE-2026-48034	Hulumi policies	hig	0.38	—	—	Jun 10, 2026	Affected: `@hulumi/policies` `< 1.4.0` — Fixed in: `1.4.0` — Severity: High — CWE-284 (Improper Access Control) #### Summary HULUMI-H1 forbids raw `aws:s3:Bucket` outside of Hulumi's `SecureBucket` component, with one exemption: a raw bucket that's a…
CVE-2026-48033	Hulumi policies	hig	0.38	—	—	Jun 10, 2026	Affected: `@hulumi/policies` `< 1.4.0` — Fixed in: `1.4.0` — Severity: High — CWE-693 (Protection Mechanism Failure) #### Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain…
CVE-2026-48032	Hulumi policies	hig	0.38	—	—	Jun 10, 2026	Affected: `@hulumi/policies` `< 1.4.0` — Fixed in: `1.4.0` — Severity: High — CWE-697 (Incorrect Comparison) #### Summary AWS IAM trust policies can list more than one federated identity provider — for example, a role that accepts BOTH GitHub Actions…
CVE-2026-48037	Hulumi baseline		0.00	—	—	Jun 10, 2026	Affected: `@hulumi/baseline` `< 1.4.0` — Fixed in: `1.4.0` — Severity: Medium — CWE-693 (Protection Mechanism Failure) #### Summary `AccountFoundation` can either create AWS detective services (GuardDuty for threat detection, Security Hub for compliance…

CVE-2026-48036higJun 10, 2026
Hulumi
drift
risk 0.38cvss —epss —
**Affected:** `@hulumi/drift` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** Medium — **CWE-755 (Improper Handling of Exceptional Conditions)** #### Summary `@hulumi/drift` runs four adapters that each ask a different question about whether a resource has drifted…
CVE-2026-48035higJun 10, 2026
Hulumi
baseline
risk 0.38cvss —epss —
**Affected:** `@hulumi/baseline` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-1059 (Insufficient Technical Documentation / Behavioral Inconsistency)** #### Summary The S3 bucket that `AccountFoundation` creates to receive CloudTrail and AWS Config audit…
CVE-2026-48034higJun 10, 2026
Hulumi
policies
risk 0.38cvss —epss —
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-284 (Improper Access Control)** #### Summary HULUMI-H1 forbids raw `aws:s3:Bucket` outside of Hulumi's `SecureBucket` component, with one exemption: a raw bucket that's a…
CVE-2026-48033higJun 10, 2026
Hulumi
policies
risk 0.38cvss —epss —
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-693 (Protection Mechanism Failure)** #### Summary Pulumi gives every cloud resource a structured URN that includes the resource's type chain…
CVE-2026-48032higJun 10, 2026
Hulumi
policies
risk 0.38cvss —epss —
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-697 (Incorrect Comparison)** #### Summary AWS IAM trust policies can list more than one federated identity provider — for example, a role that accepts BOTH GitHub Actions…
CVE-2026-48037Jun 10, 2026
Hulumi
baseline
risk 0.00cvss —epss —
**Affected:** `@hulumi/baseline` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** Medium — **CWE-693 (Protection Mechanism Failure)** #### Summary `AccountFoundation` can either create AWS detective services (GuardDuty for threat detection, Security Hub for compliance…