Skip to content

Commit 450f702

Browse files
rancher-security-team[bot]rancher-security-team[bot]
committed
Update CVE scans reports - 2026-03-02
1 parent bfd9031 commit 450f702

File tree

102 files changed

+6136
-2912
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

102 files changed

+6136
-2912
lines changed

docs/csv/report-harvester-master-cves.csv

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,8 @@ longhornio/backing-image-manager:v1.11.0,harvester/master,libgio-2_0-0,2.78.6-15
161161
longhornio/backing-image-manager:v1.11.0,harvester/master,libglib-2_0-0,2.78.6-150600.4.28.1,sles,SUSE-SU-2026:0373-1,HIGH,,longhornio/backing-image-manager:v1.11.0 (sles 15.7),2.78.6-150600.4.35.1,false,affected,
162162
longhornio/backing-image-manager:v1.11.0,harvester/master,libgmodule-2_0-0,2.78.6-150600.4.28.1,sles,SUSE-SU-2026:0373-1,HIGH,,longhornio/backing-image-manager:v1.11.0 (sles 15.7),2.78.6-150600.4.35.1,false,affected,
163163
longhornio/backing-image-manager:v1.11.0,harvester/master,libgobject-2_0-0,2.78.6-150600.4.28.1,sles,SUSE-SU-2026:0373-1,HIGH,,longhornio/backing-image-manager:v1.11.0 (sles 15.7),2.78.6-150600.4.35.1,false,affected,
164+
longhornio/backing-image-manager:v1.11.0,harvester/master,libpython3_6m1_0,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,longhornio/backing-image-manager:v1.11.0 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
165+
longhornio/backing-image-manager:v1.11.0,harvester/master,python3-base,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,longhornio/backing-image-manager:v1.11.0 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
164166
longhornio/backing-image-manager:v1.11.0,harvester/master,stdlib,v1.25.5,gobinary,CVE-2025-68121,HIGH,https://avd.aquasec.com/nvd/cve-2025-68121,usr/local/bin/backing-image-manager,"1.24.13, 1.25.7, 1.26.0-rc.3",false,affected,severity_changed_due_to_suse_cvss_score
165167
longhornio/backing-image-manager:v1.11.0,harvester/master,stdlib,v1.25.5,gobinary,CVE-2025-61726,MEDIUM,https://avd.aquasec.com/nvd/cve-2025-61726,usr/local/bin/backing-image-manager,"1.24.12, 1.25.6",false,affected,severity_changed_due_to_suse_cvss_score
166168
longhornio/backing-image-manager:v1.11.0,harvester/master,stdlib,v1.25.5,gobinary,CVE-2025-61730,LOW,https://avd.aquasec.com/nvd/cve-2025-61730,usr/local/bin/backing-image-manager,"1.24.12, 1.25.6",false,affected,severity_changed_due_to_suse_cvss_score
@@ -213,6 +215,8 @@ longhornio/longhorn-engine:v1.11.0,harvester/master,glibc,2.38-150600.14.37.1,sl
213215
longhornio/longhorn-engine:v1.11.0,harvester/master,gpg2,2.4.4-150600.3.12.1,sles,SUSE-SU-2026:0434-1,HIGH,,longhornio/longhorn-engine:v1.11.0 (sles 15.7),2.4.4-150600.3.15.1,false,affected,
214216
longhornio/longhorn-engine:v1.11.0,harvester/master,libglib-2_0-0,2.78.6-150600.4.28.1,sles,SUSE-SU-2026:0373-1,HIGH,,longhornio/longhorn-engine:v1.11.0 (sles 15.7),2.78.6-150600.4.35.1,false,affected,
215217
longhornio/longhorn-engine:v1.11.0,harvester/master,libgmodule-2_0-0,2.78.6-150600.4.28.1,sles,SUSE-SU-2026:0373-1,HIGH,,longhornio/longhorn-engine:v1.11.0 (sles 15.7),2.78.6-150600.4.35.1,false,affected,
218+
longhornio/longhorn-engine:v1.11.0,harvester/master,libpython3_6m1_0,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,longhornio/longhorn-engine:v1.11.0 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
219+
longhornio/longhorn-engine:v1.11.0,harvester/master,python3-base,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,longhornio/longhorn-engine:v1.11.0 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
216220
longhornio/longhorn-engine:v1.11.0,harvester/master,stdlib,v1.24.12,gobinary,CVE-2025-68121,HIGH,https://avd.aquasec.com/nvd/cve-2025-68121,usr/local/bin/grpc_health_probe,"1.24.13, 1.25.7, 1.26.0-rc.3",false,affected,severity_changed_due_to_suse_cvss_score
217221
longhornio/longhorn-engine:v1.11.0,harvester/master,stdlib,v1.25.5,gobinary,CVE-2025-68121,HIGH,https://avd.aquasec.com/nvd/cve-2025-68121,usr/local/bin/longhorn,"1.24.13, 1.25.7, 1.26.0-rc.3",false,affected,severity_changed_due_to_suse_cvss_score
218222
longhornio/longhorn-engine:v1.11.0,harvester/master,stdlib,v1.25.5,gobinary,CVE-2025-61726,MEDIUM,https://avd.aquasec.com/nvd/cve-2025-61726,usr/local/bin/longhorn,"1.24.12, 1.25.6",false,affected,severity_changed_due_to_suse_cvss_score
@@ -227,6 +231,8 @@ longhornio/longhorn-instance-manager:v1.11.0,harvester/master,glibc-devel,2.38-1
227231
longhornio/longhorn-instance-manager:v1.11.0,harvester/master,gpg2,2.4.4-150600.3.12.1,sles,SUSE-SU-2026:0434-1,HIGH,,longhornio/longhorn-instance-manager:v1.11.0 (sles 15.7),2.4.4-150600.3.15.1,false,affected,
228232
longhornio/longhorn-instance-manager:v1.11.0,harvester/master,libglib-2_0-0,2.78.6-150600.4.28.1,sles,SUSE-SU-2026:0373-1,HIGH,,longhornio/longhorn-instance-manager:v1.11.0 (sles 15.7),2.78.6-150600.4.35.1,false,affected,
229233
longhornio/longhorn-instance-manager:v1.11.0,harvester/master,libgmodule-2_0-0,2.78.6-150600.4.28.1,sles,SUSE-SU-2026:0373-1,HIGH,,longhornio/longhorn-instance-manager:v1.11.0 (sles 15.7),2.78.6-150600.4.35.1,false,affected,
234+
longhornio/longhorn-instance-manager:v1.11.0,harvester/master,libpython3_6m1_0,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,longhornio/longhorn-instance-manager:v1.11.0 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
235+
longhornio/longhorn-instance-manager:v1.11.0,harvester/master,python3-base,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,longhornio/longhorn-instance-manager:v1.11.0 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
230236
longhornio/longhorn-instance-manager:v1.11.0,harvester/master,cryptography,46.0.4,python-pkg,CVE-2026-26007,HIGH,https://avd.aquasec.com/nvd/cve-2026-26007,Python,46.0.5,false,affected,
231237
longhornio/longhorn-instance-manager:v1.11.0,harvester/master,protobuf,6.33.4,python-pkg,CVE-2026-0994,HIGH,https://avd.aquasec.com/nvd/cve-2026-0994,Python,"6.33.5, 5.29.6",false,affected,
232238
longhornio/longhorn-instance-manager:v1.11.0,harvester/master,stdlib,v1.25.6,gobinary,CVE-2025-68121,CRITICAL,https://avd.aquasec.com/nvd/cve-2025-68121,usr/local/bin/go-spdk-helper,"1.24.13, 1.25.7, 1.26.0-rc.3",false,not_affected,vulnerable_code_not_in_execute_path
@@ -236,6 +242,8 @@ longhornio/longhorn-manager:v1.11.0,harvester/master,bind-utils,9.20.15-150700.3
236242
longhornio/longhorn-manager:v1.11.0,harvester/master,glibc,2.38-150600.14.37.1,sles,SUSE-SU-2026:0371-1,HIGH,,longhornio/longhorn-manager:v1.11.0 (sles 15.7),2.38-150600.14.40.1,false,affected,
237243
longhornio/longhorn-manager:v1.11.0,harvester/master,gpg2,2.4.4-150600.3.12.1,sles,SUSE-SU-2026:0434-1,HIGH,,longhornio/longhorn-manager:v1.11.0 (sles 15.7),2.4.4-150600.3.15.1,false,affected,
238244
longhornio/longhorn-manager:v1.11.0,harvester/master,libglib-2_0-0,2.78.6-150600.4.28.1,sles,SUSE-SU-2026:0373-1,HIGH,,longhornio/longhorn-manager:v1.11.0 (sles 15.7),2.78.6-150600.4.35.1,false,affected,
245+
longhornio/longhorn-manager:v1.11.0,harvester/master,libpython3_6m1_0,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,longhornio/longhorn-manager:v1.11.0 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
246+
longhornio/longhorn-manager:v1.11.0,harvester/master,python3-base,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,longhornio/longhorn-manager:v1.11.0 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
239247
longhornio/longhorn-manager:v1.11.0,harvester/master,stdlib,v1.25.5,gobinary,CVE-2025-68121,HIGH,https://avd.aquasec.com/nvd/cve-2025-68121,usr/local/sbin/longhorn-manager,"1.24.13, 1.25.7, 1.26.0-rc.3",false,affected,severity_changed_due_to_suse_cvss_score
240248
longhornio/longhorn-manager:v1.11.0,harvester/master,stdlib,v1.25.5,gobinary,CVE-2025-61726,MEDIUM,https://avd.aquasec.com/nvd/cve-2025-61726,usr/local/sbin/longhorn-manager,"1.24.12, 1.25.6",false,affected,severity_changed_due_to_suse_cvss_score
241249
longhornio/longhorn-manager:v1.11.0,harvester/master,stdlib,v1.25.5,gobinary,CVE-2025-61730,LOW,https://avd.aquasec.com/nvd/cve-2025-61730,usr/local/sbin/longhorn-manager,"1.24.12, 1.25.6",false,affected,severity_changed_due_to_suse_cvss_score
@@ -543,6 +551,8 @@ rancher/harvester-upgrade:master-head,harvester/master,golang.org/x/crypto,v0.31
543551
rancher/harvester-upgrade:master-head,harvester/master,golang.org/x/net,v0.33.0,gobinary,CVE-2025-22872,MEDIUM,https://avd.aquasec.com/nvd/cve-2025-22872,usr/local/bin/harvester-installer,0.38.0,false,not_affected,vulnerable_code_not_present
544552
rancher/harvester-upgrade:master-head,harvester/master,stdlib,v1.25.6,gobinary,CVE-2025-68121,HIGH,https://avd.aquasec.com/nvd/cve-2025-68121,usr/local/bin/upgrade-helper,"1.24.13, 1.25.7, 1.26.0-rc.3",false,affected,severity_changed_due_to_suse_cvss_score
545553
rancher/harvester-vm-import-controller:main-head,harvester/master,gpg2,2.4.4-150600.3.12.1,sles,SUSE-SU-2026:0434-1,HIGH,,rancher/harvester-vm-import-controller:main-head (sles 15.7),2.4.4-150600.3.15.1,false,affected,
554+
rancher/harvester-vm-import-controller:main-head,harvester/master,libpython3_6m1_0,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,rancher/harvester-vm-import-controller:main-head (sles 15.7),3.6.15-150300.10.106.1,false,affected,
555+
rancher/harvester-vm-import-controller:main-head,harvester/master,python3-base,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,rancher/harvester-vm-import-controller:main-head (sles 15.7),3.6.15-150300.10.106.1,false,affected,
546556
rancher/harvester-vm-import-controller:main-head,harvester/master,kubevirt.io/kubevirt,v1.6.0,gobinary,CVE-2025-64324,HIGH,https://avd.aquasec.com/nvd/cve-2025-64324,usr/bin/vm-import-controller,"1.6.1, 1.7.0-rc.0",false,affected,
547557
rancher/harvester-vm-import-controller:main-head,harvester/master,kubevirt.io/kubevirt,v1.6.0,gobinary,CVE-2025-64437,LOW,https://avd.aquasec.com/nvd/cve-2025-64437,usr/bin/vm-import-controller,"1.5.3, 1.6.1",false,affected,severity_changed_due_to_suse_cvss_score
548558
rancher/harvester-vm-import-controller:main-head,harvester/master,stdlib,v1.25.6,gobinary,CVE-2025-68121,HIGH,https://avd.aquasec.com/nvd/cve-2025-68121,usr/bin/vm-import-controller,"1.24.13, 1.25.7, 1.26.0-rc.3",false,affected,severity_changed_due_to_suse_cvss_score
@@ -785,6 +795,8 @@ rancher/mirrored-prometheus-operator-prometheus-operator:v0.85.0,harvester/maste
785795
rancher/mirrored-prometheus-operator-prometheus-operator:v0.85.0,harvester/master,stdlib,v1.24.6,gobinary,CVE-2025-61724,MEDIUM,https://avd.aquasec.com/nvd/cve-2025-61724,bin/operator,"1.24.8, 1.25.2",true,not_affected,vulnerable_code_not_in_execute_path
786796
rancher/mirrored-prometheus-operator-prometheus-operator:v0.85.0,harvester/master,stdlib,v1.24.6,gobinary,CVE-2025-61725,MEDIUM,https://avd.aquasec.com/nvd/cve-2025-61725,bin/operator,"1.24.8, 1.25.2",true,not_affected,vulnerable_code_not_in_execute_path
787797
rancher/nginx-ingress-controller:v1.14.3-hardened2,harvester/master,gpg2,2.4.4-150600.3.12.1,sles,SUSE-SU-2026:0434-1,HIGH,,rancher/nginx-ingress-controller:v1.14.3-hardened2 (sles 15.7),2.4.4-150600.3.15.1,false,affected,
798+
rancher/nginx-ingress-controller:v1.14.3-hardened2,harvester/master,libpython3_6m1_0,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,rancher/nginx-ingress-controller:v1.14.3-hardened2 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
799+
rancher/nginx-ingress-controller:v1.14.3-hardened2,harvester/master,python3-base,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,rancher/nginx-ingress-controller:v1.14.3-hardened2 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
788800
rancher/prom-prometheus:v3.5.0,harvester/master,go.opentelemetry.io/otel/sdk,v1.36.0,gobinary,CVE-2026-24051,HIGH,https://avd.aquasec.com/nvd/cve-2026-24051,bin/prometheus,1.40.0,false,affected,
789801
rancher/prom-prometheus:v3.5.0,harvester/master,stdlib,v1.24.5,gobinary,CVE-2025-68121,HIGH,https://avd.aquasec.com/nvd/cve-2025-68121,bin/prometheus,"1.24.13, 1.25.7, 1.26.0-rc.3",false,affected,severity_changed_due_to_suse_cvss_score
790802
rancher/prom-prometheus:v3.5.0,harvester/master,stdlib,v1.24.5,gobinary,CVE-2025-61726,MEDIUM,https://avd.aquasec.com/nvd/cve-2025-61726,bin/prometheus,"1.24.12, 1.25.6",false,affected,severity_changed_due_to_suse_cvss_score
@@ -1114,6 +1126,8 @@ registry.suse.com/suse/sles/15.7/cdi-uploadserver:1.62.0-150700.9.3.1,harvester/
11141126
registry.suse.com/suse/sles/15.7/cdi-uploadserver:1.62.0-150700.9.3.1,harvester/master,qemu-img,9.2.4-150700.3.5.1,sles,SUSE-SU-2026:0288-1,HIGH,,registry.suse.com/suse/sles/15.7/cdi-uploadserver:1.62.0-150700.9.3.1 (sles 15.7),9.2.4-150700.3.11.1,false,affected,
11151127
registry.suse.com/suse/sles/15.7/libguestfs-tools:1.7.0-150700.3.16.2,harvester/master,gpg2,2.4.4-150600.3.12.1,sles,SUSE-SU-2026:0434-1,HIGH,,registry.suse.com/suse/sles/15.7/libguestfs-tools:1.7.0-150700.3.16.2 (sles 15.7),2.4.4-150600.3.15.1,false,affected,
11161128
registry.suse.com/suse/sles/15.7/libguestfs-tools:1.7.0-150700.3.16.2,harvester/master,libpng16-16,1.6.40-150600.3.9.1,sles,SUSE-SU-2026:0597-1,HIGH,,registry.suse.com/suse/sles/15.7/libguestfs-tools:1.7.0-150700.3.16.2 (sles 15.7),1.6.40-150600.3.12.1,false,affected,
1129+
registry.suse.com/suse/sles/15.7/libguestfs-tools:1.7.0-150700.3.16.2,harvester/master,libpython3_6m1_0,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,registry.suse.com/suse/sles/15.7/libguestfs-tools:1.7.0-150700.3.16.2 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
1130+
registry.suse.com/suse/sles/15.7/libguestfs-tools:1.7.0-150700.3.16.2,harvester/master,python3-base,3.6.15-150300.10.103.1,sles,SUSE-SU-2026:0664-1,HIGH,,registry.suse.com/suse/sles/15.7/libguestfs-tools:1.7.0-150700.3.16.2 (sles 15.7),3.6.15-150300.10.106.1,false,affected,
11171131
registry.suse.com/suse/sles/15.7/virt-api:1.7.0-150700.3.16.2,harvester/master,gpg2,2.4.4-150600.3.12.1,sles,SUSE-SU-2026:0434-1,HIGH,,registry.suse.com/suse/sles/15.7/virt-api:1.7.0-150700.3.16.2 (sles 15.7),2.4.4-150600.3.15.1,false,affected,
11181132
registry.suse.com/suse/sles/15.7/virt-controller:1.7.0-150700.3.16.2,harvester/master,gpg2,2.4.4-150600.3.12.1,sles,SUSE-SU-2026:0434-1,HIGH,,registry.suse.com/suse/sles/15.7/virt-controller:1.7.0-150700.3.16.2 (sles 15.7),2.4.4-150600.3.15.1,false,affected,
11191133
registry.suse.com/suse/sles/15.7/virt-handler:1.7.0-150700.3.16.2,harvester/master,gpg2,2.4.4-150600.3.12.1,sles,SUSE-SU-2026:0434-1,HIGH,,registry.suse.com/suse/sles/15.7/virt-handler:1.7.0-150700.3.16.2 (sles 15.7),2.4.4-150600.3.15.1,false,affected,

docs/csv/report-harvester-master-stats.csv

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,17 @@
11
image,critical,high,total
22
ghcr.io/k8snetworkplumbingwg/whereabouts:v0.9.2,2,19,21
33
kubeovn/kube-ovn:v1.14.10,0,34,34
4-
longhornio/backing-image-manager:v1.11.0,0,9,9
4+
longhornio/backing-image-manager:v1.11.0,0,11,11
55
longhornio/csi-attacher:v4.10.0-20251226,0,2,2
66
longhornio/csi-node-driver-registrar:v2.15.0-20251226,0,1,1
77
longhornio/csi-provisioner:v5.3.0-20251226,0,1,1
88
longhornio/csi-resizer:v2.0.0-20251226,0,2,2
99
longhornio/csi-snapshotter:v8.4.0-20251226,0,2,2
1010
longhornio/livenessprobe:v2.17.0-20251226,0,1,1
1111
longhornio/longhorn-cli:v1.11.0,0,5,5
12-
longhornio/longhorn-engine:v1.11.0,0,7,7
13-
longhornio/longhorn-instance-manager:v1.11.0,0,9,9
14-
longhornio/longhorn-manager:v1.11.0,0,5,5
12+
longhornio/longhorn-engine:v1.11.0,0,9,9
13+
longhornio/longhorn-instance-manager:v1.11.0,0,11,11
14+
longhornio/longhorn-manager:v1.11.0,0,7,7
1515
longhornio/longhorn-share-manager:v1.11.0,0,5,5
1616
longhornio/longhorn-ui:v1.11.0,0,4,4
1717
longhornio/support-bundle-kit:v0.0.79,3,6,9
@@ -51,7 +51,7 @@ rancher/harvester-node-manager:master-head,0,0,0
5151
rancher/harvester-pcidevices:master-head,0,3,3
5252
rancher/harvester-seeder:main-head,3,5,8
5353
rancher/harvester-upgrade:master-head,1,22,23
54-
rancher/harvester-vm-import-controller:main-head,0,3,3
54+
rancher/harvester-vm-import-controller:main-head,0,5,5
5555
rancher/harvester-webhook:master-head,0,6,6
5656
rancher/harvester:master-head,0,6,6
5757
rancher/klipper-helm:v0.9.14-build20260210,0,0,0
@@ -74,7 +74,7 @@ rancher/mirrored-prometheus-adapter-prometheus-adapter:v0.12.0,0,6,6
7474
rancher/mirrored-prometheus-operator-admission-webhook:v0.85.0,0,5,5
7575
rancher/mirrored-prometheus-operator-prometheus-config-reloader:v0.80.1,0,5,5
7676
rancher/mirrored-prometheus-operator-prometheus-operator:v0.85.0,0,5,5
77-
rancher/nginx-ingress-controller:v1.14.3-hardened2,0,1,1
77+
rancher/nginx-ingress-controller:v1.14.3-hardened2,0,3,3
7878
rancher/prom-prometheus:v3.5.0,0,12,12
7979
rancher/rancher-agent:v2.14.0-alpha5,0,2,2
8080
rancher/rancher-webhook:v0.10.0-rc.11,0,0,0
@@ -98,7 +98,7 @@ registry.suse.com/suse/sles/15.7/cdi-importer:1.62.0-150700.9.3.1,6,18,24
9898
registry.suse.com/suse/sles/15.7/cdi-operator:1.62.0-150700.9.3.1,6,14,20
9999
registry.suse.com/suse/sles/15.7/cdi-uploadproxy:1.62.0-150700.9.3.1,6,14,20
100100
registry.suse.com/suse/sles/15.7/cdi-uploadserver:1.62.0-150700.9.3.1,6,18,24
101-
registry.suse.com/suse/sles/15.7/libguestfs-tools:1.7.0-150700.3.16.2,0,2,2
101+
registry.suse.com/suse/sles/15.7/libguestfs-tools:1.7.0-150700.3.16.2,0,4,4
102102
registry.suse.com/suse/sles/15.7/virt-api:1.7.0-150700.3.16.2,0,1,1
103103
registry.suse.com/suse/sles/15.7/virt-controller:1.7.0-150700.3.16.2,0,1,1
104104
registry.suse.com/suse/sles/15.7/virt-handler:1.7.0-150700.3.16.2,0,1,1

0 commit comments

Comments
 (0)