pkg:Go/github.com/akuity/kargo

All known vulnerabilities

• —CVE-2026-32828Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo
  >= 1.4.0, < 1.6.4
• —CVE-2026-32828Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo
  >= 1.4.0, < 1.6.4, >= 1.7.0-rc.1, < 1.7.9, >= 1.8.0-rc.1, < 1.8.12, >= 1.9.0-rc.1, < 1.9.5
• —CVE-2026-27112Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints in github.com/akuity/kargo
  >= 1.7.0, < 1.7.8, >= 1.8.0-rc.1, < 1.8.11, >= 1.9.0-rc.1, < 1.9.3
• —CVE-2026-27112Kargo has an Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints in github.com/akuity/kargo
  >= 1.9.0-rc.1, < 1.9.3
• —Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints in github.com/akuity/kargo
  >= 1.9.0, < 1.9.3
• —Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints in github.com/akuity/kargo
  >= 1.9.0, < 1.9.3
• —Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access in github.com/akuity/kargo
  from 0, < 1.6.3, >= 1.7.0-rc.1, < 1.7.7, >= 1.8.0-rc.1, < 1.8.7
• —Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access in github.com/akuity/kargo
  from 0, < 1.6.3