Openshift Openshift

  1. Vendors
  2. Openshift

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Openshift product.

RSS Feeds for Openshift security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Openshift products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Openshift Sorted by Most Security Vulnerabilities since 2018

Openshift 42 vulnerabilities

Openshift 4 122 vulnerabilities

Openshift 4 142 vulnerabilities

Openshift 4 152 vulnerabilities

Openshift 4 162 vulnerabilities

Openshift 4 172 vulnerabilities

Openshift 4 182 vulnerabilities

Openshift 4 191 vulnerability

Openshift Origin1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Openshift. Last year, in 2025 Openshift had 4 security vulnerabilities published. Right now, Openshift is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 4 7.38
2024 0 0.00
2023 0 0.00
2022 1 5.30
2021 0 0.00
2020 1 0.00
2019 3 0.00

It may take a day or so for new Openshift vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Openshift Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-7195 Aug 07, 2025
Operator SDK <0.15.2 RCE via insecure user_setup /etc/passwd Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
4
CVE-2025-7425 Jul 10, 2025
libxslt Heap Corruption via atype Flag Manipulation A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
4 12
4 14
4 15
And others...
CVE-2025-6021 Jun 12, 2025
Stack Overflow in libxml2 xmlBuildQName (CVE-2025-6021) A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
4 12
4 14
4 15
And others...
CVE-2025-5914 Jun 09, 2025
Integer Overflow in libarchive RAR Reader Causes Double-Free A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
4
CVE-2015-3207 Jul 07, 2022
In Openshift Origin 3 the cookies being set in console have no 'secure' In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.
Origin
CVE-2020-10752 Jun 12, 2020
A flaw was found in the OpenShift API Server A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.
CVE-2013-0196 Dec 30, 2019
A CSRF issue was found in OpenShift Enterprise 1.2 A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser.
CVE-2014-0163 Dec 11, 2019
Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
CVE-2014-0023 Nov 15, 2019
OpenShift: Install script has temporary file creation vulnerability OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.