Security: edgelesssys/contrast
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Coordinator transit engine `ciphertextContainer.UnmarshalJSON` panics on attacker-controlled short ciphertextsGHSA-3ccm-4qq2-5wrp published
May 27, 2026 by charludoModerate -
Imagepuller registryFor uses unanchored suffix matching, leaking auth credentials and trusted CA configuration to sibling-domain registriesGHSA-6c87-g9pw-78fx published
May 27, 2026 by charludoLow -
CopyFile Policy Subversion via SymlinksGHSA-rh99-wc69-c255 published
Apr 23, 2026 by burgerdevHigh -
BadAML - AML injection allows arbitrary code executionGHSA-g9ww-x58f-9g6m published
Mar 24, 2026 by katexochenHigh -
Insecure LUKS2 persistent storage partitions may be opened and usedGHSA-f5p4-p5q5-jv3h published
Oct 27, 2025 by katexochenModerate -
Workload secrets leak to logs on INFO level (v1.12.1)GHSA-vxg3-w9rv-rhr2 published
Aug 28, 2025 by katexochenHigh -
VOLUME directives without explicit mounts writable by hostGHSA-phhq-63jg-fp7r published
Jul 9, 2025 by burgerdevLow -
Workload secrets leak to logs on INFO levelGHSA-h5f8-crrq-4pw8 published
May 27, 2025 by katexochenHigh -
Unauthenticated recovery allows Coordinator impersonationGHSA-vqv5-385r-2hf8 published
Feb 5, 2025 by burgerdevHigh