pkg:Go/github.com/siderolabs/omni

All known vulnerabilities

• HIGH8.6CVE-2025-61688Omni vulnerable to information leak via API in github.com/siderolabs/omni
  from 0, < 1.0.2, >= 1.1.0-beta.0, < 1.1.5
• HIGH8.6CVE-2025-61688Omni vulnerable to information leak via API in github.com/siderolabs/omni
  >= 1.1.0-beta.0, < 1.1.5
• HIGH7.6CVE-2026-45726Omni: Reader-level users can retrieve imported cluster CA keys via ResourceService
  >= 1.3.0, < 1.6.6
• HIGH7.0Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token
  from 0, < 1.6.6
• MEDIUM5.3Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni
  >= 1.1.0-beta.0, < 1.1.5
• MEDIUM5.3Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni
  from 0, < 1.0.2, >= 1.1.0-beta.0, < 1.1.5
• LOW2.7Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic
  from 0, < 1.6.6
• —Omni Wireguard SideroLink potential escape in github.com/siderolabs/omni
  from 0, < 0.48.0
• —Omni Wireguard SideroLink potential escape in github.com/siderolabs/omni
  from 0, < 0.48.0