Instructions for reporting a vulnerability can be found on the crossplane repository.
Security: crossplane/crossplane-runtime
Security
SECURITY.md
-
TOCTOU between cosign verification and image fetch in xpkg.CachedClient allows tag-based package install to bypass signature checkGHSA-mf7q-r4rv-jv94 published
Jun 15, 2026 by adamwgHigh -
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizesGHSA-vfvj-3m3g-m532 published
Mar 9, 2023 by turkenhLow
Learn more about advisories related to crossplane/crossplane-runtime in the GitHub Advisory Database