pkg:Go/github.com/tektoncd/pipeline

11 total CVEsCRITICAL2HIGH2MEDIUM5LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.6CVE-2026-33211Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod
    >= 1.0.0, < 1.0.1, >= 1.1.0, < 1.3.3, >= 1.4.0, < 1.6.1, >= 1.7.0, < 1.9.2, >= 1.10.0, < 1.10.2
  • CRITICAL9.6CVE-2026-33211Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod
    >= 1.0.0, < 1.0.1
  • HIGH7.7CVE-2026-40161Tekton Pipelines: Git resolver API mode leaks system-configured API token to user-controlled serverURL
    >= 1.0.0, < 1.0.2
  • HIGH7.5CVE-2026-40938Tekton Pipeline: Git Resolver Unsanitized Revision Parameter Enables git Argument Injection Leading to RCE
    >= 1.10.0, < 1.11.1
  • MEDIUM6.5CVE-2026-40924Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion
    >= 1.10.0, < 1.11.1
  • MEDIUM6.5CVE-2026-25542Tekton Pipelines has VerificationPolicy regex pattern bypass via substring matching
    >= 0.43.0, < 1.0.2
  • MEDIUM6.5CVE-2026-33022Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun
    >= 0.60.0, < 1.0.1
  • MEDIUM6.5CVE-2026-33022Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun
    >= 0.60.0
  • MEDIUM5.4CVE-2026-40923Tekton Pipelines: VolumeMount path restriction bypass via missing filepath.Clean in /tekton/ check
    >= 1.10.0, < 1.11.1
  • LOW3.7CVE-2023-37264Pipelines do not validate child UIDs
    >= 0.35.0, <= 0.52.0
  • LOW3.7CVE-2023-37264Pipelines do not validate child UIDs
    >= 0.35.0