Browse all 3 CVE security advisories affecting artifacthub. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ArtifactHub serves as a centralized platform for discovering and sharing cloud native artifacts, primarily focusing on Helm charts, operators, and OLM manifests. Historically, vulnerabilities in ArtifactHub have included remote code execution (RCE) through malicious package uploads, cross-site scripting (XSS) in web interfaces, and privilege escalation flaws in authentication mechanisms. The platform has experienced security incidents where compromised packages were published, though no major breaches have been widely documented. With only three CVEs on record, ArtifactHub maintains relatively strong security practices, though its role as a package distribution center makes it a potential target for supply chain attacks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-45823 | Arbitrary file read in Artifact Hub — hubCWE-22 | 7.5 | High | 2023-10-19 |
| CVE-2023-45822 | Unsafe rego built-in allowed in Artifact Hub — hubCWE-918 | 3.7 | Low | 2023-10-19 |
| CVE-2023-45821 | Incorrect Docker Hub registry check in Artifact Hub — hubCWE-494 | 5.4 | Medium | 2023-10-19 |
This page lists every published CVE security advisory associated with artifacthub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.