Package impact
Go / github.com/tektoncd/pipeline
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40938 | high | 8.5 | 8.5 | 1mo ago | Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE | |||
| CVE-2026-40924 | medium | 6.5 | 6.5 | 1mo ago | Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion | |||
| CVE-2026-40161 | medium | 6.5 | 6.5 | 1mo ago | Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL | |||
| CVE-2026-25542 | medium | 6.5 | 6.5 | 1mo ago | Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching | |||
| CVE-2026-40923 | medium | 5.4 | 5.4 | 1mo ago | Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check |