github.com/tektoncd/pipeline vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-40938Highgithub.com/tektoncd/pipeline: Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading…CVE-2026-40924Mediumgithub.com/tektoncd/pipeline: Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory…CVE-2026-40923Mediumgithub.com/tektoncd/pipeline: Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ checkCVE-2026-40161Highgithub.com/tektoncd/pipeline: Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled…CVE-2026-25542Mediumgithub.com/tektoncd/pipeline: Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matchingCVE-2026-33211Criticalgithub.com/tektoncd/pipeline: Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver podCVE-2026-33022Mediumgithub.com/tektoncd/pipeline: Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRunCVE-2023-37264Lowgithub.com/tektoncd/pipeline: Pipelines do not validate child UIDs

Stop the waste.
Protect your environment with Kodem.