Linuxfoundation Spinnaker — known CVE vulnerabilities
Every CVE whose affected-product data names Linuxfoundation Spinnaker, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-43832 — CVSS 10.0 (critical): Spinnaker is an open source, multi-cloud continuous delivery platform. Spinnaker has improper permissions allowing pipeline creation &…
CVE-2026-32604 — CVSS 9.9 (critical): Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a…
CVE-2026-32613 — CVSS 9.9 (critical): Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression…
CVE-2020-9301 — CVSS 8.8 (high): Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or…
CVE-2025-61916 — CVSS 7.9 (high): Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to…
CVE-2021-39143 — CVSS 6.6 (medium): Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files…
CVE-2022-23506 — CVSS 4.3 (medium): Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice…
CVE-2023-39348 — CVSS 4.0 (medium): Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL…