Explore top 10 tips to secure your open-source projects now. Read More
×
## This update fixes the following issues: golang-github-lusitaniae-apache_exporter: * Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: * Security issues fixed: * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893) * Bumped rollup to version 4.59.0 * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841) * Bumped brace-expansion to version 5.0.2 * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442) * CVE-2025-13465: Bumped lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329) * CVE-2026-33186: Fixed authorization bypass due to improper validation of the
* bsc#1245302
* bsc#1250367
* bsc#1252548
* bsc#1252964
* bsc#1254154
* bsc#1254619
* bsc#1257329
* bsc#1257337
* bsc#1257349
* bsc#1257442
* bsc#1257447
* bsc#1257660
* bsc#1257841
* bsc#1257897
* bsc#1257941
* bsc#1258015
* bsc#1258136
* bsc#1258418
* bsc#1258595
* bsc#1258873
* bsc#1258893
* bsc#1258927
* bsc#1259208
* bsc#1260263
* bsc#1260267
* bsc#1260878
* bsc#1261025
* bsc#1261026
* bsc#1261027
* bsc#1261029
* jsc#MSQA-1048
* jsc#PED-15474
Cross-
* CVE-2025-13465
* CVE-2025-3415
* CVE-2025-61140
* CVE-2026-1615
* CVE-2026-21720
* CVE-2026-21721
* CVE-2026-21722
* CVE-2026-21724
* CVE-2026-21725
* CVE-2026-25547
* CVE-2026-26958
* CVE-2026-27606
* CVE-2026-27876
* CVE-2026-27877
* CVE-2026-27879
* CVE-2026-28375
* CVE-2026-33186
CVSS scores:
* CVE-2025-13465 ( SUSE ): 8.8
Get the latest Linux and open source security news straight to your inbox.