io.spinnaker.orca:orca-core
Maven2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting io.spinnaker.orca:orca-corepage 1 of 1
- CVE-2026-25534CRITICALCVSS 9.1EG 9.1✓ Fixed in 2025.4.12026-03-17
vulnerable: 2025.4-0 ... 2025.4.0 (9 versions)
### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass …
- CVE-2026-44795HIGHCVSS 8.8EG 8.8✓ Fixed in 2026.0.32026-06-22
vulnerable: 2026.0-0 ... 2026.0.2 (22 versions)
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. …
Check whether io.spinnaker.orca:orca-core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.spinnaker.orca:orca-core CVEs against the assets you own.
Start Free Scan →