Overview · akuity/kargo · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration
GHSA-j94x-8wcp-x7hm published Mar 14, 2026 by krancour

Moderate
Authorization Bypass Vulnerability in Batch Resource Creation API Endpoints
GHSA-7g9x-cp9g-92mr published Feb 17, 2026 by krancour

Critical
Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints
GHSA-5vvm-67pj-72g4 published Feb 17, 2026 by krancour

Moderate
`GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access
GHSA-w5wv-wvrp-v5m5 published Jan 27, 2026 by thomastaylor312

Moderate
Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
GHSA-g7gw-m874-7rmf published Apr 22, 2026 by krancour

Low

Learn more about advisories related to akuity/kargo in the GitHub Advisory Database