You can find the security procedures on the website at https://bank-vaults.dev.
Security: bank-vaults/vault-secrets-webhook
Security
SECURITY.md
-
vault-addr annotation SSRF -- webhook makes outbound HTTP call to attacker URL during admission; vault-serviceaccount enables cluster-wide SA token theft via TokenRequest APIGHSA-r2v3-8gwf-7ghm published
Jun 9, 2026 by csatib02Critical
Learn more about advisories related to bank-vaults/vault-secrets-webhook in the GitHub Advisory Database