Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

karmada-io — Vulnerabilities & Security Advisories 3

Browse all 3 CVE security advisories affecting karmada-io. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Karmada-io provides multi-cluster orchestration for Kubernetes applications, enabling unified management across hybrid and multi-cloud environments. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been documented, the project maintains three CVE records addressing authentication bypass and container escape issues. Security characteristics include regular vulnerability scanning and community-driven code reviews, though rapid feature development may introduce potential risks. The project follows standard security practices but remains vigilant against emerging threats in distributed Kubernetes ecosystems.

Top products by karmada-io: karmada dashboard
CVE IDTitleCVSSSeverityPublished
CVE-2025-62714 Karmada Dashboard API Unauthorized Access Vulnerability — dashboardCWE-862 7.5 -2025-10-24
CVE-2024-56514 Karmada Tar Slips in CRDs archive extraction — karmadaCWE-22 8.8 -2025-01-03
CVE-2024-56513 Karmada PULL Mode Cluster Privilege Escalation — karmadaCWE-266 8.8 -2025-01-03

This page lists every published CVE security advisory associated with karmada-io. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.