depscope
Packages
IntegrateAPI DocsCuratorBenchmarkCoverage
Sign inGet API access
depscope/go/k8s.io/ingress-nginx

k8s.io/ingress-nginx

govv0.0.0-20260319212031-dbb11b92ddb7

License Apache-2.0permissive1 versions0 deps
29
/ 100
Health
do not use

k8s.io/ingress-nginx has critical vulnerabilities — do not use

Update to >= 0.0.0-20260319175635-5183b7d86137 to fix known vulnerabilities

  • Moderate health score (29/100) — verify manually
  • 10 high severity vulnerabilities
  • 1 critical vulnerabilities
Health breakdown0 – 100
20/25
maintenance
0/20
popularity
0/25
security
9/15
maturity
0/15
community
Vulnerabilities
28
1 critical10 high5 medium12 low
Advisories (28)
SeverityIDSummaryFixed in
mediumBIT-nginx-ingress-controller-2025-24513ingress-nginx controller - auth secret file path traversal vulnerability1.12.1
mediumBIT-nginx-ingress-controller-2026-24514ingress-nginx vulnerable to Allocation of Resources Without Limits or Throttling 1.14.3
lowBIT-nginx-ingress-controller-2026-24513ingress-nginx has Improper Check for Unusual or Exceptional Conditions1.14.3
highBIT-nginx-ingress-controller-2023-5043Ingress nginx annotation injection causes arbitrary command execution1.9.0
highBIT-nginx-ingress-controller-2025-1097ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation1.12.1
mediumBIT-nginx-ingress-controller-2021-25748Ingress-nginx `path` sanitization can be bypassed with newline character1.2.1
highBIT-nginx-ingress-controller-2026-1580ingress-nginx's `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx1.14.3
highBIT-nginx-ingress-controller-2026-4342ingress-nginx comment-based nginx configuration injection0.0.0-20260319175635-5183b7d86137
highBIT-nginx-ingress-controller-2023-5044Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation1.9.0
highBIT-nginx-ingress-controller-2025-24514ingress-nginx controller - configuration injection via unsanitized auth-url annotation1.12.1
highBIT-nginx-ingress-controller-2022-4886Ingress-nginx path sanitization can be bypassed1.8.0
mediumBIT-nginx-ingress-controller-2020-8553ingress-nginx component for Kubernetes allows file overwrite0.28.0
highBIT-nginx-ingress-controller-2026-24512ingress-nginx's `rules.http.paths.path` Ingress field can be used to inject configuration into nginx1.14.3
criticalBIT-nginx-ingress-controller-2025-1974ingress-nginx admission controller RCE escalation1.12.1
mediumCVE-2018-1002104Kubernetes ingress exposes sensitive information1.5
highBIT-nginx-ingress-controller-2021-25745Improper Input Validation in k8s.io/ingress-nginx1.2.0
highBIT-nginx-ingress-controller-2025-1098ingress-nginx controller - configuration injection via unsanitized mirror annotations1.12.1
unknownBIT-nginx-ingress-controller-2023-5044Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx—
unknownBIT-nginx-ingress-controller-2025-24513ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx—
unknownBIT-nginx-ingress-controller-2025-1097ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx—
... and 8 more

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/go/k8s.io/ingress-nginx

Last updated · 2026-03-19T21:20:31Z

DepScope

Package intelligence for AI agents. 19 ecosystems.

Resources
API DocumentationHallucination BenchmarkFor EnterpriseSwagger / OpenAPIPopular PackagesCoverageAI Plugin SetupWatch the pitch (60s)
Legal
Legal hubPrivacy PolicyTerms of ServiceCookie PolicyAcceptable UseAttributionDPASub-processorsSecurityImprintContact中文
© 2026 Cuttalo srl — Italy · VAT IT03242390734Built for AI agents