Official CVE Feed

FEATURE STATE: Kubernetes v1.27 [beta]

This is a community maintained list of official CVEs announced by the Kubernetes Security Response Committee. See Kubernetes Security and Disclosure Information for more details.

The Kubernetes project publishes a programmatically accessible feed of published security issues in JSON feed and RSS feed formats. You can access it by executing the following commands:

JSON feed
RSS feed

Link to JSON format

curl -Lv https://k8s.io/docs/reference/issues-security/official-cve-feed/index.json

Link to RSS format

curl -Lv https://k8s.io/docs/reference/issues-security/official-cve-feed/feed.xml

This feed is auto-refreshing with a noticeable but small lag (minutes to hours) from the time a CVE is announced to the time it is accessible in this feed.

The source of truth of this feed is a set of GitHub Issues, filtered by a controlled and restricted label official-cve-feed. The raw data is stored in a Google Cloud Bucket which is writable only by a small number of trusted members of the Community.

Last modified April 11, 2023 at 7:18 PM PST: Make the switch from alpha -> beta (ec9d29c0df)

Official CVE Feed

Feedback