Package impact
GO / github.com/tektoncd/pipeline
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-40938 | high | 8.5 | 8.5 | 1mo ago | Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE | |
| CVE-2026-40924 | medium | 6.5 | 6.5 | 1mo ago | Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion | |
| CVE-2026-40161 | medium | 6.5 | 6.5 | 1mo ago | Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL | |
| CVE-2026-25542 | medium | 6.5 | 6.5 | 1mo ago | Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching | |
| CVE-2026-40923 | medium | 5.4 | 5.4 | 1mo ago | Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check |