pkg:npm/@hulumi/policies
3 total CVEs
✅ Check your installed version
All known vulnerabilities
—CVE-2026-48034@hulumi/policies has a HULUMI-H5 bypass via decoy sibling resources targeting a different bucket from 0, < 1.4.0
—CVE-2026-48033@hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name from 0, < 1.4.0
—CVE-2026-48032@hulumi/policies bypasses IAM-role policy checks when the role trusts multiple OIDC providers from 0, < 1.4.0