{"id":3587648,"name":"github.com/openshift/console","ecosystem":"go","description":"","homepage":"https://github.com/openshift/console","licenses":"Apache-2.0","normalized_licenses":["Apache-2.0"],"repository_url":"https://github.com/openshift/console","keywords_array":[],"namespace":"github.com/openshift","versions_count":138,"first_release_published_at":"2016-01-06T22:27:26.000Z","latest_release_published_at":"2018-04-25T22:44:23.000Z","latest_release_number":"v6.0.6+incompatible","last_synced_at":"2026-04-08T09:29:50.224Z","created_at":"2022-04-11T04:50:52.474Z","updated_at":"2026-04-08T09:29:50.224Z","registry_url":"https://pkg.go.dev/github.com/openshift/console","install_command":"go get github.com/openshift/console","documentation_url":"https://pkg.go.dev/github.com/openshift/console#section-documentation","metadata":{},"repo_metadata":{"id":37247202,"uuid":"129436456","full_name":"openshift/console","owner":"openshift","description":"OpenShift Cluster Console UI","archived":false,"fork":false,"pushed_at":"2025-10-31T00:31:00.000Z","size":246438,"stargazers_count":445,"open_issues_count":93,"forks_count":660,"subscribers_count":105,"default_branch":"main","last_synced_at":"2025-10-31T02:21:48.702Z","etag":null,"topics":["openshift","openshift-origin"],"latest_commit_sha":null,"homepage":"https://www.openshift.org","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/openshift.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-04-13T17:54:59.000Z","updated_at":"2025-10-31T00:03:24.000Z","dependencies_parsed_at":"2023-10-16T08:44:18.950Z","dependency_job_id":"f4482e73-6e6d-4370-be01-4b6c873afdb1","html_url":"https://github.com/openshift/console","commit_stats":{"total_commits":14670,"total_committers":339,"mean_commits":43.27433628318584,"dds":0.9374914792092706,"last_synced_commit":"237973c70e0452cc6f66f9e123aa493802ae6fd5"},"previous_names":[],"tags_count":142,"template":false,"template_full_name":null,"purl":"pkg:github/openshift/console","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fconsole","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fconsole/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fconsole/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fconsole/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/openshift","download_url":"https://codeload.github.com/openshift/console/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fconsole/sbom","scorecard":{"id":435125,"data":{"date":"2025-08-11","repo":{"name":"github.com/openshift/console","commit":"8d104b5089d132f3ce6351593a925afb7151dce5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.5,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/openshift/.github/SECURITY.md:1","Info: Found linked content: github.com/openshift/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/openshift/.github/SECURITY.md:1","Info: Found text in security policy: github.com/openshift/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:4","Warn: containerImage not pinned by hash: Dockerfile:14","Warn: containerImage not pinned by hash: Dockerfile:54","Warn: containerImage not pinned by hash: Dockerfile.builder:11: pin your Docker image by updating golang:1.22-bullseye to golang:1.22-bullseye@sha256:c89d51959c480f13e7830a33fa0174480227c8a027d0e18066e79a03cde174c4","Warn: containerImage not pinned by hash: Dockerfile.dev:2","Warn: containerImage not pinned by hash: Dockerfile.dev:8","Warn: containerImage not pinned by hash: Dockerfile.downloads:1","Warn: containerImage not pinned by hash: Dockerfile.downloads:3","Warn: containerImage not pinned by hash: Dockerfile.downloads:17","Warn: containerImage not pinned by hash: Dockerfile.plugins.demo:6","Warn: containerImage not pinned by hash: Dockerfile.plugins.demo:19: pin your Docker image by updating node:22 to node:22@sha256:3266bc9e8bee1acc8a77386eefaf574987d2729b8c5ec35b0dbd6ddbc40b0ce2","Warn: containerImage not pinned by hash: Dockerfile.plugins.demo2:14: pin your Docker image by updating node:22 to node:22@sha256:3266bc9e8bee1acc8a77386eefaf574987d2729b8c5ec35b0dbd6ddbc40b0ce2","Warn: containerImage not pinned by hash: Dockerfile.product.nodejs:1","Warn: containerImage not pinned by hash: frontend/packages/dev-console/integration-tests/testData/yamls/BuildConfig/buildconfig-with-strategy-docker-source-dockerfile.yaml:27: pin your Docker image by updating centos:7 to centos:7@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4","Warn: npmCommand not pinned by hash: Dockerfile:23-28","Warn: npmCommand not pinned by hash: Dockerfile:23-28","Warn: goCommand not pinned by hash: vendor/github.com/go-git/go-git/v5/oss-fuzz.sh:20","Warn: goCommand not pinned by hash: vendor/github.com/json-iterator/go/build.sh:10","Info:   0 out of  14 containerImage dependencies pinned","Info:   0 out of   2 npmCommand dependencies pinned","Info:   0 out of   2 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Vulnerabilities","score":0,"reason":"132 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-257v-vj4p-3w2h","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-jc84-3g44-wf2q","Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q","Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-7r28-3m3f-r2pr","Warn: Project is vulnerable to: GHSA-r8j5-h5cx-65gg","Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546","Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq","Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488","Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-566m-qj78-rww5","Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-rm97-x556-q36h","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-h6mq-3cj6-h738","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx","Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j","Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-vhhw-xjvf-wprr","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx","Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4","Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw","Warn: Project is vulnerable to: GHSA-wg6g-ppvx-927h","Warn: Project is vulnerable to: GHSA-7gc6-qh9x-w6h8","Warn: Project is vulnerable to: GHSA-p28h-cc7q-c4fg","Warn: Project is vulnerable to: GHSA-36jr-mh4h-2g58","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-phwq-j96m-2c2q","Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6","Warn: Project is vulnerable to: GHSA-434g-2637-qmqr","Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m","Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw","Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p","Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747","Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5","Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6","Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9","Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f","Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p","Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv","Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8","Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65","Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27","Warn: Project is vulnerable to: GHSA-4www-5p9h-95mh","Warn: Project is vulnerable to: GHSA-9gqv-wp59-fq42","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-282f-qqgm-c34q","Warn: Project is vulnerable to: GHSA-8cf7-32gw-wr33","Warn: Project is vulnerable to: GHSA-hjrf-2m68-5959","Warn: Project is vulnerable to: GHSA-qwph-4952-7xr6","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-7wpw-2hjm-89gp","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g","Warn: Project is vulnerable to: GHSA-w7rc-rwvf-8q5r","Warn: Project is vulnerable to: GHSA-g974-hxvm-x689","Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p","Warn: Project is vulnerable to: GHSA-cwx2-736x-mf6w","Warn: Project is vulnerable to: GHSA-v39p-96qg-c8rf","Warn: Project is vulnerable to: GHSA-8v63-cqqc-6r2c","Warn: Project is vulnerable to: GHSA-76c9-3jph-rj3q","Warn: Project is vulnerable to: GHSA-3j8f-xvm3-ffx4","Warn: Project is vulnerable to: GHSA-4p35-cfcx-8653","Warn: Project is vulnerable to: GHSA-7f3x-x4pr-wqhj","Warn: Project is vulnerable to: GHSA-jpp7-7chh-cf67","Warn: Project is vulnerable to: GHSA-q6wq-5p59-983w","Warn: Project is vulnerable to: GHSA-j9fq-vwqv-2fm2","Warn: Project is vulnerable to: GHSA-pqw5-jmp5-px4v","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg","Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6","Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59","Warn: Project is vulnerable to: GHSA-6fw4-hr69-g3rv","Warn: Project is vulnerable to: GHSA-6g33-f262-xjp4","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-cgfm-xwp7-2cvr","Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7","Warn: Project is vulnerable to: GHSA-8cj5-5rvv-wf4v","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-c76h-2ccp-4975","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3","Warn: Project is vulnerable to: GHSA-qgmg-gppg-76g5","Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v","Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h","Warn: Project is vulnerable to: GHSA-g78m-2chm-r7qv","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7","Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GO-2025-3754 / GHSA-2x5j-vhc8-9cwm","Warn: Project is vulnerable to: GO-2024-2576","Warn: Project is vulnerable to: GO-2025-3829 / GHSA-4vq8-7jfc-9cvp","Warn: Project is vulnerable to: GO-2025-3787 / GHSA-fv92-fjc5-jj9h","Warn: Project is vulnerable to: GHSA-9h84-qmv7-982p","Warn: Project is vulnerable to: GHSA-f9f8-9pmf-xv68"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T04:26:05.956Z","repository_id":37247202,"created_at":"2025-08-19T04:26:05.956Z","updated_at":"2025-08-19T04:26:05.956Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281918008,"owners_count":26583739,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-31T02:00:07.401Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"tags":[]},"repo_metadata_updated_at":"2025-10-31T02:39:17.249Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":9.345852080216646,"dependent_packages_count":6.999148183520997,"stargazers_count":null,"forks_count":null,"average":8.172500131868823},"purl":"pkg:golang/github.com/openshift/console","advisories":[{"uuid":"GSA_kwCzR0hTQS02OXg1LWhqZzQtbTI2N84ABFp-","url":"https://github.com/advisories/GHSA-69x5-hjg4-m267","title":"OpenShift Console Has a Path Traversal Vulnerability","description":"A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.go#L112 Because of this unsafe filepath construction, an authenticated user can manipulate the path to retrieve any JSON files on the console's pod by using sequences of ../ and valid directory paths.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2025-03-19T21:30:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":4.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-7631","https://access.redhat.com/security/cve/CVE-2024-7631","https://bugzilla.redhat.com/show_bug.cgi?id=2296053","https://pkg.go.dev/vuln/GO-2025-3539","https://github.com/advisories/GHSA-69x5-hjg4-m267"],"source_kind":"github","identifiers":["GHSA-69x5-hjg4-m267","CVE-2024-7631"],"repository_url":null,"blast_radius":1.0,"created_at":"2025-03-20T19:08:14.518Z","updated_at":"2026-04-05T20:03:17.818Z","epss_percentage":0.00182,"epss_percentile":0.39679,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02OXg1LWhqZzQtbTI2N84ABFp-","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS02OXg1LWhqZzQtbTI2N84ABFp-","packages":[{"ecosystem":"go","package_name":"github.com/openshift/console","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 6.0.6"}],"purl":"pkg:go/github.com%2Fopenshift%2Fconsole"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02OXg1LWhqZzQtbTI2N84ABFp-/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS12M3c3LWc2cDItbXB4N84ABBu1","url":"https://github.com/advisories/GHSA-v3w7-g6p2-mpx7","title":"OpenShift Console Server Side Request Forgery vulnerability","description":"A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to clients due to network filtering. Leveraging such an attack vector, the attacker can have an impact on other services and potentially disclose information or have other nefarious effects on the system.\nThe /api/dev-console/proxy/internet endpoint on the OpenShit Console allows authenticated users to have the console's pod perform arbitrary and fully controlled HTTP(s) requests. The full response to these requests is returned by the endpoint.\nWhile the name of this endpoint suggests the requests are only bound to the internet, no such checks are in place. An authenticated user can therefore ask the console to perform arbitrary HTTP requests from outside the cluster to a service inside the cluster.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-11-25T09:30:58.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.9,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-6538","https://access.redhat.com/security/cve/CVE-2024-6538","https://bugzilla.redhat.com/show_bug.cgi?id=2296057","https://access.redhat.com/errata/RHSA-2025:7863","https://access.redhat.com/errata/RHSA-2025:8280","https://access.redhat.com/errata/RHSA-2025:8556","https://access.redhat.com/errata/RHSA-2025:14397","https://access.redhat.com/errata/RHSA-2025:19058","https://github.com/advisories/GHSA-v3w7-g6p2-mpx7"],"source_kind":"github","identifiers":["GHSA-v3w7-g6p2-mpx7","CVE-2024-6538"],"repository_url":null,"blast_radius":1.0,"created_at":"2024-11-25T18:07:05.135Z","updated_at":"2026-04-05T20:03:48.541Z","epss_percentage":0.00128,"epss_percentile":0.32483,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12M3c3LWc2cDItbXB4N84ABBu1","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS12M3c3LWc2cDItbXB4N84ABBu1","packages":[{"ecosystem":"go","package_name":"github.com/openshift/console","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 6.0.6"}],"purl":"pkg:go/github.com%2Fopenshift%2Fconsole"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12M3c3LWc2cDItbXB4N84ABBu1/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS00Y3JmLTI4YzctdjRncs4AA-0n","url":"https://github.com/advisories/GHSA-4crf-28c7-v4gr","title":"Openshift Console insufficient entropy vulnerability","description":"An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-08-21T06:32:18.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":5.5,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2024-6508","https://access.redhat.com/security/cve/CVE-2024-6508","https://bugzilla.redhat.com/show_bug.cgi?id=2295777","https://access.redhat.com/errata/RHSA-2024:7922","https://access.redhat.com/errata/RHSA-2024:8415","https://access.redhat.com/errata/RHSA-2024:8991","https://access.redhat.com/errata/RHSA-2024:9620","https://access.redhat.com/errata/RHSA-2024:10813","https://access.redhat.com/errata/RHSA-2025:0014","https://github.com/advisories/GHSA-4crf-28c7-v4gr"],"source_kind":"github","identifiers":["GHSA-4crf-28c7-v4gr","CVE-2024-6508"],"repository_url":null,"blast_radius":1.0,"created_at":"2024-08-21T21:05:46.885Z","updated_at":"2026-04-05T20:04:36.306Z","epss_percentage":0.00756,"epss_percentile":0.72929,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00Y3JmLTI4YzctdjRncs4AA-0n","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS00Y3JmLTI4YzctdjRncs4AA-0n","packages":[{"ecosystem":"go","package_name":"github.com/openshift/console","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 6.0.6"}],"purl":"pkg:go/github.com%2Fopenshift%2Fconsole"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00Y3JmLTI4YzctdjRncs4AA-0n/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/go/github.com/openshift/console","docker_dependents_count":3,"docker_downloads_count":258,"usage_url":"https://repos.ecosyste.ms/usage/go/github.com/openshift/console","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/go/github.com/openshift/console/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-10-30T18:01:59.157Z","issues_count":102,"pull_requests_count":4100,"avg_time_to_close_issue":21097583.375,"avg_time_to_close_pull_request":2240283.576342788,"issues_closed_count":72,"pull_requests_closed_count":3314,"pull_request_authors_count":123,"issue_authors_count":81,"avg_comments_per_issue":5.735294117647059,"avg_comments_per_pull_request":12.686341463414633,"merged_pull_requests_count":2941,"bot_issues_count":0,"bot_pull_requests_count":4,"past_year_issues_count":28,"past_year_pull_requests_count":1684,"past_year_avg_time_to_close_issue":4130804.375,"past_year_avg_time_to_close_pull_request":1066602.4642857143,"past_year_issues_closed_count":16,"past_year_pull_requests_closed_count":1260,"past_year_pull_request_authors_count":60,"past_year_issue_authors_count":22,"past_year_avg_comments_per_issue":4.678571428571429,"past_year_avg_comments_per_pull_request":11.235154394299288,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":1130,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/openshift%2Fconsole/issues","maintainers":[{"login":"rhamilto","count":398,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/rhamilto"},{"login":"logonoff","count":361,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/logonoff"},{"login":"TheRealJon","count":215,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/TheRealJon"},{"login":"vikram-raj","count":189,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/vikram-raj"},{"login":"sg00dwin","count":100,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/sg00dwin"},{"login":"jerolimov","count":97,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jerolimov"},{"login":"jhadvig","count":95,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jhadvig"},{"login":"The-Anton","count":65,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/The-Anton"},{"login":"stlaz","count":29,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/stlaz"},{"login":"spadgett","count":18,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/spadgett"},{"login":"kyoto","count":17,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kyoto"},{"login":"krishagarwal278","count":14,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/krishagarwal278"},{"login":"jcaianirh","count":12,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jcaianirh"},{"login":"nicolethoen","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/nicolethoen"},{"login":"christoph-jerolimov","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/christoph-jerolimov"},{"login":"mansikulkarni96","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/mansikulkarni96"},{"login":"maysunfaisal","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/maysunfaisal"},{"login":"stbenjam","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/stbenjam"},{"login":"smg247","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/smg247"},{"login":"honza","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/honza"},{"login":"bysnupy","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/bysnupy"},{"login":"atiratree","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/atiratree"},{"login":"wking","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/wking"},{"login":"wling-art","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/wling-art"},{"login":"jeff-phillips-18","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jeff-phillips-18"},{"login":"eformat","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/eformat"},{"login":"zherman0","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/zherman0"},{"login":"frzifus","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/frzifus"}],"active_maintainers":[{"login":"logonoff","count":248,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/logonoff"},{"login":"rhamilto","count":174,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/rhamilto"},{"login":"TheRealJon","count":97,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/TheRealJon"},{"login":"vikram-raj","count":77,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/vikram-raj"},{"login":"jhadvig","count":23,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jhadvig"},{"login":"spadgett","count":15,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/spadgett"},{"login":"krishagarwal278","count":14,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/krishagarwal278"},{"login":"sg00dwin","count":11,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/sg00dwin"},{"login":"kyoto","count":9,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/kyoto"},{"login":"The-Anton","count":4,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/The-Anton"},{"login":"nicolethoen","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/nicolethoen"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fconsole/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fconsole/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fconsole/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fconsole/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com%2Fopenshift%2Fconsole/codemeta","maintainers":[]}