2.1 KiB
| title | linkTitle | weight | outputs | layout | |||
|---|---|---|---|---|---|---|---|
| Official CVE Feed | CVE feed | 25 |
|
cve-feed |
{{< feature-state for_k8s_version="v1.27" state="beta" >}}
This is a community maintained list of official CVEs announced by the Kubernetes Security Response Committee. See Kubernetes Security and Disclosure Information for more details.
The Kubernetes project publishes a programmatically accessible feed of published security issues in JSON feed and RSS feed formats. You can access it by executing the following commands:
{{< tabs name="CVE feeds" >}} {{% tab name="JSON feed" %}} Link to JSON format
curl -Lv https://k8s.io/docs/reference/issues-security/official-cve-feed/index.json
{{% /tab %}} {{% tab name="RSS feed" %}} Link to RSS format
curl -Lv https://k8s.io/docs/reference/issues-security/official-cve-feed/feed.xml
{{% /tab %}} {{< /tabs >}}
{{< cve-feed >}}
This feed is auto-refreshing with a noticeable but small lag (minutes to hours) from the time a CVE is announced to the time it is accessible in this feed.
The source of truth of this feed is a set of GitHub Issues, filtered by a controlled and
restricted label official-cve-feed. The raw data is stored in a Google Cloud
Bucket which is writable only by a small number of trusted members of the
Community.