pkg:Go/kubevirt.io/kubevirt

All known vulnerabilities

• CRITICAL9.9CVE-2020-14316Privilege Escalation in kubevirt in kubevirt.io/kubevirt
  from 0, < 0.30.0
• CRITICAL9.9CVE-2020-14316Privilege Escalation in kubevirt in kubevirt.io/kubevirt
  from 0, < 0.30.0
• HIGH8.2CVE-2023-26484On a compromised node, the virt-handler service account can be used to modify all node specs
  from 0, <= 0.59.0
• HIGH7.7CVE-2025-64324KubeVirt Vulnerable to Arbitrary Host File Read and Write
  from 0, < 1.6.1, >= 1.6.2, < 1.7.0-rc.0
• HIGH7.7CVE-2025-64324KubeVirt Vulnerable to Arbitrary Host File Read and Write
  from 0, < 1.6.1
• MEDIUM6.5CVE-2025-64433KubeVirt Arbitrary Container File Read
  from 0, < 1.5.3
• MEDIUM6.5CVE-2025-64433KubeVirt Arbitrary Container File Read
  from 0, < 1.5.3, >= 1.6.0-alpha.0, < 1.6.0-beta.0.0.20250801195231-a81b27d4600c, >= 1.6.0-rc.0, < 1.6.1
• MEDIUM6.5CVE-2024-31420KubeVirt NULL pointer dereference flaw in kubevirt.io/kubevirt
  from 0
• MEDIUM6.5CVE-2024-31420KubeVirt NULL pointer dereference flaw in kubevirt.io/kubevirt
  from 0, <= 1.2.0
• MEDIUM6.5CVE-2020-1701Permissions bypass in KubeVirt in kubevirt.io/kubevirt
  from 0, < 0.26.0
• MEDIUM6.5CVE-2020-1701Permissions bypass in KubeVirt in kubevirt.io/kubevirt
  from 0, < 0.26.0
• MEDIUM6.4CVE-2025-14525KubeVirt Guest Agent DoS via Excessive Network Interface Reports in kubevirt.io/kubevirt
  from 0, <= 1.7.0
• MEDIUM6.4CVE-2025-14525KubeVirt Guest Agent DoS via Excessive Network Interface Reports in kubevirt.io/kubevirt
  from 0
• MEDIUM5.9CVE-2024-33394kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt
  from 0, <= 1.2.0
• MEDIUM5.9CVE-2024-33394kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt
  from 0
• MEDIUM5.4CVE-2026-6383KubeVirt's authorization mechanism improperly truncates subresource names
  from 0, <= 1.8.1
• MEDIUM5.3CVE-2025-64436KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
  from 0, < 1.7.0
• MEDIUM5.3CVE-2025-64435KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation in kubevirt.io/kubevirt
  from 0, < 1.7.0-beta.0
• MEDIUM5.3CVE-2025-64435KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation in kubevirt.io/kubevirt
  from 0, < 1.7.0-beta.0
• MEDIUM5.0CVE-2025-64437KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
  from 0, < 1.5.3
• MEDIUM5.0CVE-2025-64437KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
  from 0, < 1.5.3, >= 1.6.0-alpha.0, < 1.6.0-beta.0.0.20250801202148-3ce9f41c54d0
• MEDIUM4.7CVE-2025-64434KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing in kubevirt.io/kubevirt
  from 0, < 1.5.3
• MEDIUM4.7CVE-2025-64434KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing in kubevirt.io/kubevirt
  from 0, < 1.5.3, >= 1.6.0-alpha.0, < 1.6.0-beta.0.0.20250730135146-231dc69723f3, >= 1.6.0-rc.0, < 1.6.1
• MEDIUM4.7CVE-2025-64432KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer in kubevirt.io/kubevirt
  from 0, < 1.5.3
• MEDIUM4.7CVE-2025-64432KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer in kubevirt.io/kubevirt
  from 0, < 1.5.3, >= 1.6.0-alpha.0, < 1.6.0-beta.0.0.20250730135146-231dc69723f3, >= 1.6.0-rc.0, < 1.6.1, >= 1.6.2, < 1.7.0-rc.0
• —CVE-2022-1798KubeVirt vulnerable to arbitrary file read on host
  >= 0.20.0, < 0.55.1