Launch Week Day 1: Announcing Security Design Review
Start for Free
go

k8s.io/ingress-nginx

View on go registry
28 Total advisories
28 Vulnerabilities
0 Malware

Vulnerabilities

MEDIUM 6.5
Go

CVE-2021-25748

Ingress-nginx `path` sanitization can be bypassed with newline character
UNKNOWN
Go

CVE-2025-1974

ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx
CRITICAL 9.8
Go

CVE-2025-1974

ingress-nginx admission controller RCE escalation
MEDIUM 5.9
Go

CVE-2020-8553

ingress-nginx component for Kubernetes allows file overwrite
UNKNOWN
Go

CVE-2026-24512

ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx in k8s.io/ingress-nginx
HIGH 8.8
Go

CVE-2026-24512

ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx
UNKNOWN
Go

CVE-2023-5044

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx
HIGH 7.6
Go

CVE-2023-5044

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
UNKNOWN
Go

CVE-2026-1580

ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx in k8s.io/ingress-nginx
HIGH 8.8
Go

CVE-2026-1580

ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx
UNKNOWN
Go

CVE-2026-24513

ingress-nginx has Improper Check for Unusual or Exceptional Conditions in k8s.io/ingress-nginx
LOW 3.1
Go

CVE-2026-24513

ingress-nginx has Improper Check for Unusual or Exceptional Conditions
UNKNOWN
Go

CVE-2025-24513

ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx
MEDIUM 4.8
Go

CVE-2025-24513

ingress-nginx controller - auth secret file path traversal vulnerability
HIGH 7.6
Go

CVE-2023-5043

Ingress nginx annotation injection causes arbitrary command execution
UNKNOWN
Go

CVE-2026-24514

ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling in k8s.io/ingress-nginx
MEDIUM 6.5
Go

CVE-2026-24514

ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling

UNKNOWN
Go

CVE-2026-4342

ingress-nginx comment-based nginx configuration injection in k8s.io/ingress-nginx
HIGH 8.8
Go

CVE-2026-4342

ingress-nginx comment-based nginx configuration injection
UNKNOWN
Go

CVE-2025-24514

ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx
HIGH 8.8
Go

CVE-2025-24514

ingress-nginx controller - configuration injection via unsanitized auth-url annotation
UNKNOWN
Go

CVE-2025-1098

ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx
HIGH 8.8
Go

CVE-2025-1098

ingress-nginx controller - configuration injection via unsanitized mirror annotations
HIGH 8.1
Go

CVE-2021-25745

Improper Input Validation in k8s.io/ingress-nginx
UNKNOWN
Go

CVE-2025-1097

ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx
HIGH 8.8
Go

CVE-2025-1097

ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
HIGH 8.8
Go

CVE-2022-4886

Ingress-nginx path sanitization can be bypassed
MEDIUM 5.3
Go

CVE-2018-1002104

Kubernetes ingress exposes sensitive information

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes