Kyverno and its sub-projects follow the security practices published and maintained at https://github.com/kyverno/community/blob/main/SECURITY.md.
Security: kyverno/kyverno
Security
SECURITY.md
-
Kyverno Denial of Service via Context Variable Amplification in Policy EngineGHSA-r2rj-wwm5-x6mq published
Jan 27, 2026 by realshutingHigh -
Kyverno Cross-Namespace Privilege Escalation via Policy apiCallGHSA-8p9x-46gm-qfx2 published
Jan 27, 2026 by realshutingCritical -
Bypassing Kyverno Policies via Double Policy ExceptionsGHSA-gg4x-fgg2-h9w9 published
Jan 6, 2026 by JimBugwadiaCritical -
Kyverno Denial of Service via Improper JMESPath Variable EvaluationGHSA-r5p3-955p-5ggq published
Jul 22, 2025 by realshutingHigh -
Bypass of policy rules that use namespace selectors in match statementsGHSA-jrr2-x33p-6hvc published
Apr 29, 2025 by realshutingHigh -
Kyverno ignores subjectRegExp and IssuerRegExpGHSA-46mp-8w32-6g94 published
Mar 24, 2025 by JimBugwadiaModerate -
SSRF via Service CallsGHSA-459x-q9hg-4gpq published
Apr 15, 2025 by JimBugwadiaModerate -
PolicyException objects can be created in any namespace by defaultGHSA-qjvc-p88j-j9rm published
Oct 29, 2024 by realshutingModerate -
Denial of service from malicious image manifestGHSA-9g37-h7p2-2c6r published
Nov 13, 2023 by JimBugwadiaLow -
Denial of service from malicious manifestGHSA-wc3x-5rfv-hh5v published
Nov 13, 2023 by JimBugwadiaModerate
Learn more about advisories related to kyverno/kyverno in the GitHub Advisory Database