renovate vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-5VJQ-5JMG-39XQMediumrenovate: Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenanceGHSA-8WC6-VGRQ-X6CFMediumrenovate: Child processes spawned by Renovate incorrectly have full access to environment variablesGHSA-3F44-XW83-3PMGMediumrenovate: Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml fileGHSA-XJR7-3C3G-M763Mediumrenovate: Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml fileGHSA-36J9-MX87-2CFFMediumrenovate: Renovate vulnerable to arbitrary command injection via hermit manager and maliciously named dependenciesGHSA-FR4J-65PV-GJJJMediumrenovate: Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configurationGHSA-XV56-3WQ5-9997Mediumrenovate: Renovate vulnerable to arbitrary command injection via kustomize manager and malicious helm repositoryGHSA-PFQ2-HH62-7M96Mediumrenovate: Renovate vulnerable to arbitrary command injection via Gradle Wrapper and malicious `distributionUrl`GHSA-RQGV-292V-5QGRMediumrenovate: Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliasesGHSA-36RH-GGPR-J3GJMediumrenovate: Renovate vulnerable to Azure DevOps token leakage in logsGHSA-V7X3-7HW7-PCJGMediumrenovate: Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments

Stop the waste.
Protect your environment with Kodem.